KR20170029940A - Payment service providing apparatus and method for assisting in selection of plural limit amount based on web, system and computer readable medium having computer program recorded thereon - Google Patents

Abstract

The present invention relates to a web based payment service providing apparatus supporting a plurality of limit selections, a method thereof, a system having the same and a recording medium having a computer program performing the method recorded thereon. In a web based simple payment configured to be able to make a non-face-to-face payment in a web standard environment, the web based payment service providing apparatus supporting a plurality of limit selections sets a plurality of pins for a single payment means and sets limit for each of the plurality of pins differently to meet payment convenience and security.

Description

TECHNICAL FIELD [0001] The present invention relates to a web-based payment service providing apparatus and method for supporting selection of a plurality of limits, a recording medium on which a system and a computer program are recorded, computer program recorded thereon}

The present invention relates to a web-based payment service providing apparatus and method for supporting a plurality of limit selection, and a recording medium on which a system and a computer program are recorded. More particularly, the present invention relates to a Web- A web-based payment service provision apparatus that supports a plurality of limit selections for satisfying both settlement convenience and security by setting a plurality of PINs for a single payment method in settlement and setting limits corresponding to the respective PINs And a recording medium on which a system and a computer program are recorded.

With the development of mobile communication technology, the use of wireless devices such as cellular phones and personal digital assistants (PDAs) has increased rapidly, and the services that are performed in the wired Internet are gradually shifting to wireless Internet based services.

As the wireless network is activated, various services using a wired / wireless network are being provided in the commercial and service fields. For example, mobile e-commerce, mobile-commerce, is an example of a wireless network-based commerce service.

In order to conduct non-face-to-face transactions, it is necessary to pay a fee through the authentication process and the payment process. The online payment method through the existing authentication and payment procedure is a method of payment through individual authentication methods such as credit card number and von Bill. In the conventional payment method, the payment server can not store the payment information such as the credit card and the account transfer, so it is possible to use a secure click or an ISP credit card payment, or in the case of a simple payment, . The simple payment method is mainly provided by the app. There is no common standard for online commerce.

Meanwhile, in the existing payment method, a settlement limit is set to a single credit card, and in order to increase the settlement limit of the credit card, a complicated procedure of contacting the card company and changing the setting is required.

Korean Patent No. 10-0706894, entitled " Control Method of Use of Mobile Communication Terminal Smart Card Using Postpayment Limit, Mobile Communication Terminal and Postpayment Limit Management System Therefor "

It is an object of the present invention to provide a web-based authentication payment method for non-face payment settlement in a web standard environment, to register a plurality of PINs for a single payment means and to set a limit for settlement for each PIN, , It is aimed to increase the convenience of input by reducing the risk of PIN leakage for high limits and making the configuration limit relatively low for PINs with low settlement limits.

It is another object of the present invention to provide security for various types of infringement occurring at the time of settlement in a user apparatus.

The apparatus for providing a web-based payment service supporting a plurality of limit selection according to an embodiment of the present invention encrypts and stores a credit card number, encrypts a credit card authentication value and divides the information into an information block 1 and an information block 2, A credit card authorization requesting device which is used for decryption of the information block 2 and which is configured to transmit the information block 1 to the user authentication device and delete the information block 1 and a plurality of different payment identification personal identification number Receives the setting information in which the settlement limit corresponding to the settlement PIN information is set, encrypts the information block 1 based on each settlement PIN information, sets a settlement limit corresponding to the settlement PIN information used for encryption based on the setting information Stores a plurality of encrypted information blocks 1 in which different generated payment limits are set, Upon receipt of the payment information for the temporary virtual card number and payment history from the web-based commerce apparatus in which a transaction has occurred, the payment PIN information for generating the information block 1 is requested to the user device and decrypted based on the payment PIN information received from the user device The information block 1 decrypted based on the settlement PIN information received from the user device when the settlement is possible is referred to as a credit card approval To the requesting device.

As an example related to the present invention, the credit card approval request apparatus decrypts the information block 2 based on the information block 1, decrypts the encrypted credit card authentication value based on the information block 1 and the information block 2, And generates an approval text to be transmitted to the credit card company based on the credit card authentication value and the credit card number, and transmits the approval text to the credit card company.

As an example related to the present invention, the encryption for the credit card number is performed based on HSM (hardware security module) and hash, the encryption for the credit card authentication value is performed based on HSM, And the device is encrypted using an advanced encryption standard (AES) based on the payment PIN information.

As an example related to the present invention, the credit card approval request device may receive a credit card number and a credit card authentication value from a user device through a membership registration procedure.

According to an embodiment of the present invention, the user authentication apparatus may request another PIN information to the user apparatus when payment is not possible according to the payment.

As a related example of the present invention, the user authentication apparatus may set a code of some place selected according to the selection of the user device among a plurality of places that constitute the settlement PIN information corresponding to the highest settlement limit on the basis of the setting information, And is used as another payment PIN information to be set.

A method of providing a web-based payment service supporting a plurality of limit selection according to an embodiment of the present invention includes encrypting and storing a credit card number by a credit card approval requesting device, encrypting the credit card authentication value, The information block 1 is used for decrypting the information block 2, and the user authentication device receives a plurality of different payment PINs (personal IDs) from the user device, identification number information and the settlement limit corresponding to each settlement PIN information, and encrypts the information block 1 based on the settlement PIN information and corresponds to the settlement PIN information used for encryption based on the setting information A plurality of encrypted information blocks 1 in which different settlement limits are set are generated and stored The user authentication apparatus requests the payment PIN information for generating the information block 1 to the user device upon receiving the payment information for the temporary virtual card number and payment history from the web-based commerce apparatus in which commerce has occurred by the user, Determining whether payment is possible by comparing the settlement limit set in the encrypted information block 1 decrypted based on the settlement PIN information received from the user terminal 100 and the settlement amount according to the settlement information, And transmitting the information block 1 decrypted based on the payment PIN information to the credit card approval requesting device.

As a related example of the present invention, a method of providing a web-based payment service supporting a plurality of limit selection is characterized in that the credit card approval requesting apparatus decrypts the information block 2 based on the information block 1 and encrypts the information block 2 based on the information block 1 and the information block 2 Decrypting the encrypted credit card authentication value, decrypting the encrypted credit card number, and generating an approval text to be transmitted to the credit card company based on the decrypted credit card authentication value and the credit card number, To the credit card company.

The recording medium according to the embodiment of the present invention may store a computer program for performing the above-described method of providing a web-based payment service supporting a plurality of limit selection.

A system for providing a web-based payment service supporting a plurality of limit selection according to an embodiment of the present invention includes a user device for transmitting a credit card number and a credit card authentication value through a membership registration procedure, A web-based commerce apparatus for generating and transmitting information on a virtual card number and settlement history, and a credit card number received from a user apparatus, encrypting the received credit card number, encrypting the credit card authentication value, and dividing the encrypted information into an information block 1 and an information block 2, The information block 1 is used for decoding the information block 2, and the information block 1 is divided into different information blocks encrypted based on the respective payment PIN information using a plurality of different payment PIN information received from the user device 1, and for each encrypted information block 1, The settlement PIN information for generating the information block 1 to the user device is requested from the web based commercial transaction apparatus upon receiving the payment information for the temporary virtual card number and payment history from the web based commercial transaction apparatus, And determines whether the payment can be made by comparing the settlement limit set in the encrypted information block 1 decrypted with the received settlement PIN information with the settlement amount according to the settlement information and decrypts the settlement based on the settlement PIN information received from the user device And a payment service providing device for decrypting the encrypted credit card authentication value based on the information block 2 decrypted based on the information block 1 and the information block 1, decrypting the encrypted credit card number, and performing settlement processing.

The present invention provides a web-based authentication payment method for non-face payment settlement in a web standard environment, and simultaneously sets different PINs according to different settlement limits for a single payment means, and applies different limits to the PIN input information And it is possible to increase the settlement convenience for a small amount by simply setting the PIN of the micro settlement limit and to reduce the total exposure of the PIN to the general limit higher than the micro settlement limit, thereby enhancing the security.

In addition, the present invention provides settlement using convenience and safe settlement to the customer and provides a settlement service adapted to the global web standard, so that settlement can be performed in other countries based on the settlement service according to the embodiment of the present invention, It is possible to prevent various types of infringement occurring at the time of settlement, thereby providing high security.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a configuration diagram of a web-based payment service providing system supporting multiple limit selection according to an embodiment of the present invention; FIG.
2 is a conceptual diagram illustrating an operation of a payment service providing apparatus constituting a web-based payment service providing system supporting a plurality of limit selection.
3 is a conceptual diagram illustrating a user registration procedure according to an embodiment of the present invention;
4 is a flowchart illustrating a user subscription procedure according to an embodiment of the present invention.
5 is a conceptual diagram illustrating a method of encrypting a credit card number and a credit card authentication value in a credit card authorization requesting apparatus and a user authentication apparatus according to an embodiment of the present invention.
6 is a flowchart illustrating a payment procedure according to an input of a payment PIN of a payment service providing apparatus according to an embodiment of the present invention when a web based commercial transaction is generated by a user.
7 is a conceptual diagram illustrating a payment procedure according to an inputting of a payment PIN according to an embodiment of the present invention.
8 is a diagram illustrating an example of a different payment PIN configuration according to setting information of a payment service providing apparatus according to an embodiment of the present invention.

It is noted that the technical terms used in the present invention are used only to describe specific embodiments and are not intended to limit the present invention. In addition, the technical terms used in the present invention should be construed in a sense generally understood by a person having ordinary skill in the art to which the present invention belongs, unless otherwise defined in the present invention, Should not be construed to mean, or be interpreted in an excessively reduced sense. In addition, when a technical term used in the present invention is an erroneous technical term that does not accurately express the concept of the present invention, it should be understood that technical terms can be understood by those skilled in the art. In addition, the general terms used in the present invention should be interpreted according to a predefined or prior context, and should not be construed as being excessively reduced.

Furthermore, the singular expressions used in the present invention include plural expressions unless the context clearly dictates otherwise. In the present invention, terms such as "comprising" or "comprising" and the like should not be construed as encompassing various elements or stages of the invention, Or may further include additional components or steps.

Furthermore, terms including ordinals such as first, second, etc. used in the present invention can be used to describe elements, but the elements should not be limited by terms. Terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals refer to like or similar elements throughout the several views, and redundant description thereof will be omitted.

In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. It is to be noted that the accompanying drawings are only for the purpose of facilitating understanding of the present invention, and should not be construed as limiting the scope of the present invention with reference to the accompanying drawings.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals refer to like or similar elements throughout the several views, and redundant description thereof will be omitted.

In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. It is to be noted that the accompanying drawings are only for the purpose of facilitating understanding of the present invention, and should not be construed as limiting the scope of the present invention with reference to the accompanying drawings.

In the conventional network-based payment method, there is an inconvenience that the payment information must be input every time the payment server fails to store the payment information. In case of the existing simple settlement, if the settlement company makes a settlement based on the virtual card number, it is inconvenient that the settlement standard should be defined and connected through a separate card company and a leased line connection, and the issuer, And it was difficult to spread the service.

In an embodiment of the present invention, an apparatus, system, and method for providing a payment service adapted to a global web standard, which enhances ease of use and security of a customer, is proposed, And a billing service providing apparatus, system, and method capable of improving settlement convenience and improving settlement ability by enabling settlement limits to be set.

Web standard refers to the international web standard technology established for interoperability between various operating environments without installing Plug-in without being persistent in specific terminal operating environment (for example, ActiveX, Java, Adobe Air).

For example, the Web standard may be the next generation open technology, such as HTML5, as enacted by the World Wide Web Consortium (W3C).

Hereinafter, the meaning of the web standard disclosed in the embodiment of the present invention is not limited to the HTML5 standard technology, and may include various web driving technologies such as DOM and JavaScript for ensuring compatibility between various various operating environments.

Hereinafter, an apparatus, system and method for providing a web-based payment service supporting a plurality of limit selection according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings. It is possible to improve the inconvenience and risk of inputting and communicating sensitive personal information and payment information every time the authentication is made.

Also, the apparatus, system and method for providing a web-based payment service supporting a plurality of limit selection according to an embodiment of the present invention can be applied to a general authentication transaction (2D authentication payment ) To increase the stability of the transaction by adding the user's authentication to the authentication transaction (3D authentication settlement).

Also, an apparatus, a system, and a method for providing a web-based payment service supporting a plurality of limit selection according to an embodiment of the present invention may be extended to provide a transaction authentication and approval service regardless of a platform of an individual terminal or an operating system (OS) It is possible to provide a common process considering performance and interoperability.

In addition, a web-based payment service providing apparatus, system and method for supporting a plurality of limit selection according to an embodiment of the present invention may be configured such that a plurality of PINs are registered for a single payment means, According to the settlement contents, PINs having different degrees of security can be used to lower the risk of the PIN leakage to a high limit and to make the configuration of the PIN having a low settlement limit relatively simple, thereby improving the input convenience.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An apparatus, system, and method for providing a web-based payment service supporting a plurality of limit selection according to an exemplary embodiment of the present invention will be described below.

FIG. 1 is a configuration view of a web-based payment service providing system supporting a plurality of limit selection according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating a configuration of a billing service providing apparatus Fig.

 1, a web-based payment service providing system supporting a plurality of limit selection according to an embodiment of the present invention includes a user device 10 connected via a communication network, a web-based commerce device 200, Device 100 as shown in FIG.

Referring to FIG. 2, an operation process for a web-based payment service supporting a plurality of limit selection will be described. The payment service providing apparatus 100 may be implemented with a structure including a separate subdevice physically separated .

That is, the payment service providing apparatus 100 may include a credit card approval requesting apparatus 140 and a user authentication apparatus 120.

The credit card authorization requesting device 140 may be a server for performing an authentication transaction with a credit card company.

The user authentication apparatus 120 may be a server responsible for the authentication of the user. The user authentication apparatus 120 can authenticate the user through the mobile phone identity verification service (SMS-OTP) when the user has subscribed from the merchant.

The user authentication apparatus 120 receives the credit card information from the user through the web browser, and receives and stores the personal identification number (PIN) number.

Specifically, the user authentication apparatus 120 can perform the following operations.

The user authentication apparatus 120 authenticates the mobile communication company or authenticates the user of the iPin based on the user's personal information (name, date of birth, gender, nationality, mobile phone number, mobile communication company, e-mail) Authentication can be performed. All of the CI (connecting information) / DI (duplication information) personal information received as the result of the authentication can be encrypted and stored and managed in the database of the user authentication apparatus 120.

When the user logs in to the user authentication apparatus 120, the user authentication apparatus 120 extracts the credit card information (card IDs) already registered by the user, encrypts the information with the encryption key temporarily generated, and generates the temporary virtual card number .

In addition, the user authentication apparatus 120 can encrypt and store transaction progress environment information (connection IP (internet protocol), location information, User Agent), transaction details (transaction details), member information, have.

Also, the user authentication apparatus 120 obfuscates the authentication value required for approval of the credit card registered in the information block 1 (the credit card approval request apparatus 140 by the user, which is received from the credit card approval request apparatus 140 One information block out of two pieces of information) can be encrypted and stored based on the payment PIN entered by the member.

In addition, the user authentication apparatus 120 may transmit the information block 1 decrypted with the payment PIN inputted by the member to the credit card approval requesting apparatus 140 when requesting transaction approval.

Specifically, the credit card authorization requesting device 140 can perform the following operations.

(Credit card number, expiration date, first two digits of the card password, date of birth) to confirm the credit card company's approval to evaluate the validity of the credit card when the user registers the credit card in the service, To the credit card authorization requesting device 140 by using the device 10.

When the credit card approval requesting device 140 confirms the validity of the credit card as a result of the approval, the information (for example, the credit card number) necessary for the credit card authentication, such as a general VAN information processing procedure, The corresponding card ID may be generated and stored in the credit card authorization requesting apparatus 140. [

The credit card authentication value including the expiration date of the credit card, the two digits before the card password, and the date of birth is obfuscated into two blocks of information, and each of the two blocks of information is separately HSM equipment Lt; / RTI >

The value generated by the HSM encryption result of the information block 1 in the encryption procedure for each of the two information blocks can be used as the encryption key of the information block 2. Thus, if there is no information block 1, concatenated encryption can be performed such that information block 2 can not be accessed.

Of the two generated information blocks, the information block 1 is transmitted to the user authentication apparatus 120, and the information block 1 after the transmission can be deleted from the credit card approval requesting apparatus 140.

The user device for performing the authentication settlement method can perform an authentication and settlement procedure through a web browser. The web browser driven by the user device 10 is a browser supporting the web standard and receives input values (for example, PIN, telephone number, etc.) necessary for payment and authentication of the user, To the user authentication apparatus 120 through a secure socket layer (SSL).

The user device 10 may be provided with an authentication payment application for performing the authentication payment method. For example, the authentication billing application may be a JavaScript-based Web App (Application) that provides security of non-face-to-face payments in a web browser.

In the authentication settlement application, an authentication settlement procedure based on a new member subscription, a login, an authentication screen, and a settlement screen can be performed, and the input information is processed by the user, and the authentication procedure and the settlement procedure .

The authentication billing application can provide E2E security (interval protection between user and server), virtual keyboard (user input value protection), page obfuscation (data encryption of web page).

In the above-described configuration, the user authentication apparatus 120 requests the settlement PIN to be used for settlement with the user apparatus 10, and uses the settlement PIN received from the user apparatus as an encryption key for the separated information block 1 Encryption can be based on AES (Advanced Encryption Standard).

At this time, the user authentication apparatus 120 can receive a plurality of settlement PINs corresponding to different settlement limit amounts (hereinafter, referred to as settlement limits) from the user device 10, and the settlement limits corresponding to the settlement PINs The setting information can be received from the user device 10. [

For example, the user authentication apparatus 120 may receive a settlement PIN 1 corresponding to a general settlement limit (total limit, one-time settlement limit, daily settlement limit, etc.) and a small settlement limit Limit) corresponding to the settlement PIN 2 and the settlement PINs 1 and 2, respectively, and encrypts the information block 1 based on the AES using the settlement PIN 1 to obtain the first encryption information block 1 And generates the second encryption information block 1 by encrypting the information block 1 based on the AES using the payment PIN 2.

Also, the user authentication apparatus 120 sets a general settlement limit for the first encryption information block 1 generated through the settlement PIN 1 based on the setting information, and sets the general settlement limit to the second encryption information block 1 generated through the settlement PIN 2 A small settlement limit can be set and stored.

At this time, the user authentication apparatus 120 may assign a separate limit identifier to each encryption information block 1, and may store the matching information generated by matching the settlement limit corresponding to each limit identifier with the limit identifier in the database. Here, the limit identifier assigned in the encryption of the information block 1 may also be encrypted with the information block 1.

In addition, the user authentication apparatus 120 may encrypt the information block 1 with the settlement PIN to encrypt the settlement limit together with the information block 1 to generate the encrypted information block 1 with the settlement limit set.

Accordingly, the user authentication apparatus 120 can generate and store different encrypted information blocks 1 by encrypting the information block 1 using each of the settlement PINs, and encrypts and decrypts each encrypted information block 1 based on the setting information, The settlement limit corresponding to the settlement PIN used in FIG.

The user authentication apparatus 120 receives the payment information for the temporary virtual card number and payment history from the web-based commercial transaction apparatus 200 when the user apparatus 10 has commerce through the web-based commercial transaction apparatus 200 And may request a payment PIN for generating information block 1 to the user device upon receiving payment information.

Accordingly, the user authentication apparatus 120 can receive the payment PIN from the user device 10, and identify the information block 1 decoded by the payment PIN received from among the plurality of encrypted information blocks 1. [

For example, when the user authentication apparatus 120 receives the payment PIN 2 from the user apparatus 10, the user authentication apparatus 120 identifies the second encryption information block 1 to be decrypted with the payment PIN 2, You can check the limit.

Then, the user authentication apparatus 120 may compare the confirmed payment limit with the payment details according to the payment information to determine whether or not the payment can be made according to whether the payment limit is exceeded. If the payment information is decryptable, It can be transmitted to the approval request device.

At this time, the user authentication apparatus 120 decrypts the temporary virtual card number included in the payment information, inquires and extracts the card ID corresponding to the decrypted temporary virtual card number, and extracts the extracted card ID from the decrypted information Together with block 1, to the credit card authorization requesting device 140.

On the other hand, the user authentication apparatus 120 may determine that payment is not possible if the payment details exceed the confirmed payment limit, and request the user apparatus 10 for another payment PIN.

Also, the user authentication apparatus 120 transmits the settlement availability information on the settlement availability to the user device 10 and the web-based commerce apparatus 200 to provide a determination as to whether or not the settlement is proceeding.

On the other hand, the credit card approval requesting apparatus 140 decrypts the information block 2 based on the information block 1 received from the user authentication apparatus 120, and encrypts the information block 2 based on the decrypted information block 1 and the information block 2 And may decrypt the encrypted credit card number corresponding to the card ID received from the user authentication apparatus 120. [ At this time, the credit card authorization request device can decrypt the encrypted credit card number based on the HSM used for encrypting the credit card number.

Accordingly, the credit card approval requesting device 140 can generate an approval text to be transmitted to the credit card company server based on the decrypted credit card authentication value and the credit card number, transmit the approval text to the credit card company server, And transmits the approval result to the web-based commercial transaction apparatus 200 to complete the settlement processing.

At this time, the credit card approval requesting apparatus 140 receives the payment information provided by the web-based commercial transaction apparatus 200 from the user authentication apparatus 120, and transmits the payment information, the credit card authentication value and the credit card number To create an approval specialization. Here, the payment information provided from the user authentication apparatus 120 to the credit card approval requesting apparatus 140 may include only information on the payment history.

As described above, the present invention allows the user to easily select a settlement limit based on only the settlement PIN when requesting payment approval, thereby minimizing the repeated use of the settlement PIN having the highest settlement limit, thereby preventing security threats can do.

According to the present invention, credit card related information is exchanged between a settlement service providing apparatus and a card issuer server, thereby minimizing transmission / reception of settlement information at the time of online authentication settlement, separating information related to a credit card into a plurality of information blocks Thereby greatly improving security.

In addition, unlike the existing payment processing system, the present invention permits a plurality of settlement limits for a single settlement unit, allows a plurality of settlement limits to be easily set only by a settlement PIN, It is possible to increase convenience for the user to set the settlement limit.

At this time, it is possible to increase the complexity of the PIN for the highest settlement limit and to set a low-complexity PIN for the small settlement limit, thereby greatly improving the settlement convenience.

In the above-described configuration, the user device 10 may be a smart phone, a portable terminal, a mobile terminal, a personal digital assistant (PDA), a personal digital assistant A portable computer, a portable multimedia player terminal, a telematics terminal, a navigation terminal, a personal computer, a notebook computer, a slate PC, a tablet PC, an ultrabook, A wobble terminal, an IPTV (Internet Protocol Television) terminal, a smart TV, a smart phone, a smart phone, a mobile phone, , A digital broadcasting terminal, an AVN (Audio Video Navigation) terminal, an A / V (Audio / Video) system, and a flexible terminal.

Examples of the communication network include a wireless LAN (WLAN), a DLNA (Digital Living Network Alliance), a WiBro (Wireless BroaDB 400 and Wibro), a World Interoperability for Microwave Access (WIMAX) Global System for Mobile communication), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), Enhanced Voice-Data Optimized or Enhanced Voice-Data Only (EV-DO), Wideband CDMA (WCDMA) Speed Downlink Packet Access (HSUPA), IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE-A), Wireless Mobile BroaDB 400 and Service: WMBS, Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), ZigBee, Near Field Communication ), Ultra Sound Communication (USC), Visible Light Communicati (VLC), Wi-Fi, Wi-Fi Direct, and the like, and can be used for various applications such as power line communication (PLC), USB communication, Ethernet, A wired communication network such as serial communication, optical / coaxial cable, etc. may be included.

In addition, the payment service providing apparatus 100 and the web-based commerce apparatus 200 may be implemented in various servers such as a web server, a database server, and a proxy server.

In addition, the payment service providing apparatus 100 and the web-based commercial transaction apparatus 200 may be provided with at least one of a network load balancing mechanism and various software for allowing the service apparatus to operate on the Internet or another network, Can be implemented as a computerized system.

The network may also be an http network, a private line, an intranet or any other network. Furthermore, the connection between each settlement service providing device and the web-based commerce device 100, 200 and the user device 10 can be connected to the secure network so that the data is not attacked by any hacker or other third party. In addition, the payment service providing apparatus and the web-based commerce apparatuses 100 and 200 may include a plurality of database servers, and these database servers may be connected to each service providing apparatus 100 through any type of network connection including a distributed database server architecture. And may be implemented in a separately connected manner.

On the other hand, the user device 10 may include various components such as an input unit, a display unit, a communication unit, a storage unit, an audio output unit, and a control unit.

The input unit receives a command or a control signal generated by an operation such as button operation by the user or a function selection, arbitrary function selection, touch / scroll operation of the displayed screen, or the like, A touch panel, a touch screen, a touch screen, a jog wheel, a jog switch, a jog shuttle, a mouse (not shown) a mouse, a stylus pen, a touch pen, and the like can be used.

In addition, the display unit can display various contents such as various menu screens using the user interface and / or the graphic user interface stored in the storage unit under the control of the control unit. Here, the content displayed on the display unit includes various text or image data (including various information data) and a menu screen including data such as an icon, a list menu, and a combo box. Further, the display unit may be a touch screen.

At this time, a touch sensor for sensing the touch gesture of the user may be included. The touch sensor may be one of various types such as an electrostatic type, a pressure sensitive type, a piezoelectric type, and the like. In the case of the electrostatic type, the touch coordinates are calculated by sensing the minute electricity that is excited by the user's body when a part of the user's body is touched on the touch screen surface by using the dielectric coated on the surface of the touch screen. In the case of the pressure sensitive type, two electrode plates are built in the touch screen. When the user touches the screen, the upper and lower electrode plates of the touched position contact each other and current flows.

In addition, the user device 10 may support the pen input function, in which case the user's gesture utilizing an input means such as a pen, which is not part of the user's body, may also be detected. For example, if the input means is a stylus pen containing a coil therein, the user device 10 may include a magnetic field sensing sensor for sensing a magnetic field that is varied by the coil inside the stylus pen. In this case, not only the user's touch gesture but also the proximity gesture of the user such as hovering can be detected.

The display unit may be a liquid crystal display (LCD), a thin film transistor liquid crystal display (TFT LCD), an organic light-emitting diode (OLED), a flexible display, , A three-dimensional display (3D display), an electronic ink display (e-ink display), and an LED (Light Emitting Diode), and may include a driving circuit and a backlight unit .

Further, the display unit may be configured as a stereoscopic display unit for displaying a stereoscopic image.

In the stereoscopic display unit, a three-dimensional display system such as a stereoscopic system (glasses system), an autostereoscopic system (no-glasses system), a projection system (holographic system) can be applied.

Further, the display unit displays information such as a temporary virtual card number issued by the payment service providing apparatus 100, a voucher or a coupon under the control of the control unit.

The voice output unit outputs voice information included in the signal subjected to the predetermined signal processing by the control unit. Here, the audio output unit may include a receiver, a speaker, a buzzer, and the like.

The voice output unit outputs the guidance voice generated by the control unit.

The voice output unit outputs voice information corresponding to the temporary virtual card number issued by the payment service providing apparatus 100 or the information on the coupon or coupon by the control unit.

The communication unit communicates with any internal component or any external at least one terminal via the above-described wired / wireless communication network. At this time, an external arbitrary terminal may include a network service system, a server, and the like.

The control unit executes the overall control function of the user device 10 using the program and data stored in the storage unit. The control unit may include a RAM, a ROM, a CPU, a GPU, and a bus, and the RAM, the ROM, the CPU, and the GPU may be connected to each other via a bus. The CPU accesses the storage unit, performs booting using an O / S (Operating System) stored in the storage unit, and can perform various operations using various programs, contents, data stored in the storage unit .

In addition, the storage unit stores data and programs necessary for the user apparatus 10 to operate.

That is, the storage unit may store a plurality of application programs (application programs or applications) driven by the user apparatus 10, data for operation of the user apparatus 10, and commands. At least some of these applications may be downloaded from an external server via wireless communication. At least some of these applications may also reside on the user device 10 from the time of shipment for the basic functions of the user device 10 (e.g., phone call incoming, outgoing, message receiving, origination). On the other hand, the application program is stored in the user device storage unit, installed in the user device 10, and can be operated by the user device control unit to perform the operation (or function) of the user device 10. [

In addition, the storage unit may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (e.g., SD or XD memory), magnetic memory, magnetic disk, optical disk, RAM, SRAM, ROM), an EEPROM, and a PROM. The user device 10 may also operate web storage or operate in conjunction with web storage to perform storage functions of the user device storage on the Internet.

In addition, the storage unit stores the temporary virtual card number issued from the payment service providing apparatus 100 under control of the control unit, information on the coupon or the voucher, and the like.

The user device 10 may further include an interface unit (not shown) that serves as an interface with all the external devices connected to the corresponding user device 10.

For example, the interface unit may include a wired / wireless headset port, an external charger port, a wired / wireless data port, a memory card port, a port for connecting a device having an identification module, an audio I / Input / output (I / O) port, video I / O (input / output) port and earphone port. Here, the identification module is a chip storing various information for authenticating the usage right of the user device 10, and includes a user identity module (UIM), a subscriber identity module (SIM) A Universal Subscriber Identity Module (USIM), and the like. In addition, a device provided with the identification module can be manufactured in a smart card format. Thus, the identification module can be connected to the user device 10 via the port. The interface unit receives data from an external device or receives power and transmits the data to each component in the user device 10 or allows data in the user device 10 to be transmitted to an external device.

The interface unit may be a path through which the power from the cradle is supplied to the user apparatus 10 when the user apparatus 10 is connected to an external cradle or various command signals input from the cradle by the user, (10). ≪ / RTI > The various command signals input from the cradle or the corresponding power source may be operated as a signal for recognizing that the user apparatus 10 is correctly mounted on the cradle.

The user device 10 further includes an input unit (not shown) for receiving a command or a control signal generated by an operation such as a button operation by a user or a function selection, or a touch / Not shown).

Hereinafter, a detailed embodiment of a web-based payment service providing system supporting a plurality of limit selection according to an embodiment of the present invention will be described with reference to the drawings.

3 is a conceptual diagram illustrating a user subscription procedure according to an embodiment of the present invention.

Referring to FIG. 3, if the user is an existing member and the web-based commerce device (or web-based commerce server) is an ID-non-affiliated affiliate device. The user can authenticate the web application based on the registered member ID, and can be redirected to the authentication DLP (data loss prevention) procedure. When the ID linkage between the web-based commerce device and another web-based commerce device is performed, the authentication DLP procedure may be performed based on the interworking ID through the member information inquiry procedure.

In the authentication DLP procedure, an additional authentication (ARS, short message service (SMS), one-time password (OPS) and App authentication) is performed by providing a payment method list, inputting a payment PIN, and a fraud detection system .

If the user is not an existing member, the user can proceed with the new registration process by agreeing the agreement, authenticating the user, registering the payment information, registering the payment PIN, and registering the setting information.

If the authentication is completed through the authentication DLP procedure, the approval procedure may proceed.

4 is a flowchart illustrating a user subscription procedure according to an embodiment of the present invention.

The user authentication apparatus can receive authentication request service subscription request and member information from a user and perform authentication of the user through the mobile communication company. Further, after authentication, the user can register a credit card (card number and card authentication value (CAV)) through the user authentication device and the credit card authorization requesting device. The validity of the credit card is confirmed and information for payment is encrypted and stored in each of the user authentication device and the credit card authorization requesting device.

According to an embodiment of the present invention, a member account can be registered through various authentication methods according to a credit card attribute of a member. All member accounts can perform identity verification by performing both the identification method by the non-financial institution and the identification method by the financial institution.

Referring to FIG. 4, the user can make a payment request to a web-based commerce device (for example, a server that operates a web site of a representative merchant) (step S300).

The user can select the simple settlement according to the web based settlement service method supporting the plurality of limit selection according to the embodiment of the present invention as a settlement method through the web based commercial transaction apparatus and request the simple settlement.

The Web-based commercial transaction apparatus can inquire the subscription history of the user and confirm whether the user is a new member (step S305). The web-based commerce apparatus can determine whether the user who has requested the simple settlement based on the member database is a member who can advance the simple settlement procedure. If the subscription history of the user exists in the member database, it can be determined that the user can proceed the simple settlement procedure. On the contrary, if the subscription details of the user do not exist in the member database, the user can determine that the simple settlement procedure is not possible and the subscription for the user's simple settlement procedure is necessary. Hereinafter, it will be assumed that a new subscription is required for the user's simple settlement procedure.

The web-based commercial transaction apparatus may request the user authentication apparatus to proceed with the new member registration procedure for the simple settlement procedure (step S310). The user authentication apparatus can authenticate the validity of the web-based commerce apparatus requesting the proceeding of the new member registration procedure, and can display the agreement agreement screen and the member information input screen on a separate web page and transmit it to the user apparatus.

The user device can input agreement agreement, member information, settlement PIN, setting information, and the like in the simple settlement service page to the user authentication apparatus (step S315). The user device may enter the member information (step S320). The member information may include an e-mail, a service use ID / password, and subscription information of a user device (e.g., a portable terminal). The subscription information of the user apparatus may include the number, name, date of birth, sex, nationality, etc. of the user apparatus required for authentication.

The user authentication apparatus can transmit the authentication information of the user apparatus, which is input from the user, to the mobile communication company through the mobile phone identity verification service agency (credit evaluation company) (step S325).

The mobile communication company may transmit the SMS authentication number to the user device based on the authentication information of the user device received from the identity verification service agent (step S330).

The user device can transmit the received SMS authentication number to the user authentication device (step S335).

The user authentication device may request the authentication of the user by transmitting the received SMS authentication number to the mobile communication company through the identity verification service agency (step S340).

The mobile communication company may transmit a result (for example, CI / DI) of the user confirmation based on the SMS authentication number received from the user authentication device to the user authentication device through the identity verification service agency (step S345).

The user authentication apparatus can request the user to input information about the payment means through the user apparatus (step S350). The user authentication device may notify the user of the notice of the user about the important information together with the user environment information such as the screen keyboard, the antivirus program notice, and the like.

The user device may enter information about the payment means. The user device can transmit credit card information to the user authentication device (step S355). The credit card information transmitted to the user authentication apparatus through the user apparatus may be encrypted and transmitted with the encryption key provided from the credit card approval request apparatus.

The user authentication apparatus can transmit the encrypted credit card information of the user to the credit card approval request apparatus (step S360).

The credit card approval requesting device decrypts the encrypted credit card information of the user and transmits the approval request message to the credit card company server (step S365).

The credit card company server can confirm the validity of the user's credit card information through the approval system and transmit the approval result to the credit card approval request apparatus (step S370).

The credit card authorization device can encrypt the credit card number and the credit card authorization value based on the credit card authorization result. For example, the credit card number may be encrypted based on the HSM and stored in the credit card authorization request device. The credit card authorization request device may generate and store a card ID for identification of the credit card number.

In addition, the credit card approval requesting device can be divided into information blocks 1 and 2 by dividing the credit card authentication value (valid period, two characters before the card password, and the date of birth) into two. Information block 1 may be sent to a physically isolated user authentication device (step S375). Information block 1 may be deleted from the credit card authorization requesting device after it has been transmitted to the user authentication device. As described above, access to the information block 2 based on the information block 1 transmitted from the user authentication apparatus can be performed in the credit card authorization requesting apparatus.

As described above, the information block 1 may be encrypted and stored based on the payment PIN input by the user in the user authentication apparatus.

The user authentication device may request the payment PIN from the user device (step S380).

The user device can encrypt the payment PIN and transmit it to the user authentication device (step S385).

At this time, the user device may generate a plurality of settlement PINs for setting a plurality of settlement limits different from each other according to a user input, generate setting information for the settlement limit corresponding to each settlement PIN, and transmit the generated setting information to the user authentication device.

Accordingly, the user authentication apparatus can generate a plurality of encrypted information blocks 1 different from each other by encrypting the information block 1 based on the respective payment PINs (step S390). Based on the setting information, The settlement limit corresponding to the settlement PIN used for encryption can be set (step S395).

At this time, the user authentication apparatus can delete the information block 1 before the encryption and the setting information after the completion of the encryption and the setting of the payment limit.

5 is a conceptual diagram illustrating a method of encrypting a credit card number and a credit card authentication value in a credit card authorization requesting apparatus and a user authentication apparatus according to an embodiment of the present invention.

Referring to FIG. 5, a primary account number (PAN) 400 of a credit card may be encrypted based on HSM and Hash. The encrypted PAN information may be matched with the card ID and stored in the credit card authorization request device.

The credit card approval requesting device transmits the card ID to the user authentication device, and the user authentication device can store the corresponding card ID.

At this time, the user authentication device may generate a temporary virtual card number by encrypting the card ID with the temporary encryption key, and may transmit the temporary virtual card number to the user device.

The card authentication value (CAV) 405 of the credit card may be split into part 1 410 and part 2 420. The CAV information corresponding to the part 1 410 may be encrypted based on the HSM and generated as the information block 1 430 and transmitted to the user authentication apparatus. Part 2 420 may be generated as information block 2 (440) in which information block 1 430 is encrypted based on the HSM using the initial encryption value.

On the other hand, the user authentication device requests the settlement PIN to be used for settlement to the user device upon receiving the information block 1 430 from the credit card approval requesting device, and receives from the user device (AES) 450 using the received payment PIN as an encryption key.

At this time, the user authentication apparatus can use a BEK (block encryption key) in encrypting the information block 1 430 based on the AES 450. The BEK may be a key generated based on the user PIN input from the user device.

Further, the user authentication apparatus can receive a plurality of settlement PINs corresponding to different settlement limit amounts (hereinafter, referred to as settlement limits) from the user apparatus, and transmits setting information on the settlement limit corresponding to each settlement PIN from the user apparatus .

For example, the user authentication device can receive payment PIN 1 corresponding to a general payment limit (total limit, one-time payment limit, daily payment limit, etc.) and payment corresponding to a small payment limit (a payment limit set lower than the general payment limit) Receives the setting information in which the different payment limits corresponding to the PIN 2 and the payment PINs 1 and 2 are set, encrypts the information block 1 based on the AES 450 using the payment PIN 1, and transmits the first encryption information block 1 461, And encrypts the information block 1 based on the AES 450 using the payment PIN 2 to generate the second encryption information block 1 462. [

Further, the user authentication apparatus sets a general settlement limit for the first encryption information block 1 (461) generated through the settlement PIN 1 based on the setting information, and sets the general settlement limit to the second encryption information block 1 462 can set a micropayment limit.

Accordingly, the user authentication apparatus can generate and store different encrypted information blocks 1 (461, 462) by encrypting the information block 1 using the respective settlement PINs, and store the encrypted information blocks 1 ( 461, and 462 can set a payment limit corresponding to the payment PIN used for encryption.

In the above-described configuration, when the user authentication apparatus has already changed the settlement PIN and the settlement limit set by the user apparatus that has already set the settlement PIN, the user authentication apparatus interlocks with the identity confirmation service agency and the mobile communication company through the communication network, To generate an encrypted information block 1 corresponding to each of the plurality of changed payment PINs, to set and store a settlement limit for each encrypted information block 1, and to delete the existing plurality of encrypted information blocks 1.

This allows the user to easily change the payment PIN and payment limit.

6 is a flowchart illustrating a payment procedure according to an inputting of a payment PIN of a payment service providing apparatus according to an embodiment of the present invention when a web based commercial transaction is generated by a user.

Referring to FIG. 6, if the user selects the simple settlement procedure according to the embodiment of the present invention (step S500), the web-based commerce apparatus can request settlement with the user authentication apparatus (step S505). The web-based commercial transaction apparatus can transmit the transaction authentication request by transmitting the payment information including the temporary virtual card number selected by the user and payment details (item, merchant name, amount, transaction date, etc.) to the user authentication apparatus.

The user authentication device can check whether the temporary virtual card number has arrived within the transaction validity time. In addition, the user authentication apparatus can obtain information on the card ID of the user by inquiring information on the card ID of the user based on the temporary virtual card number (step S510).

For example, the user authentication apparatus can decrypt the temporary virtual card number and retrieve information about the card ID corresponding to the decrypted temporary virtual card number.

The user authentication apparatus can request the user apparatus to input information on the payment PIN previously set (step S515). The user authentication device may provide a screen for requesting the user device to input a payment PIN. On the screen for requesting the input of the payment PIN, guidance information on application of the screen keyboard and use of the anti-virus vaccine program may be provided for securing the payment PIN to be inputted.

The user can input the payment PIN through the user device (step S520).

At this time, the user can input any one of the plurality of settlement PINs previously set and select a settlement limit.

The user authentication device can decrypt any one of the plurality of encrypted information blocks 1 stored in the payment history (item, merchant name, amount, transaction date and the like) and already encrypted by using the payment PIN received from the user device Step S525).

In addition, the user authentication apparatus can confirm the settlement limit set corresponding to the encrypted information block 1 decrypted with the settlement PIN (step S530).

At this time, the user authentication apparatus may identify the limit identifier assigned to the encrypted information block 1 to be decrypted and check the settlement limit matched to the limit identifier based on the above-described matching information.

Then, the user authentication apparatus can determine whether the payment can be made according to whether the confirmed payment limit exceeds the payment amount according to the payment information received from the web-based commercial transaction apparatus (step S535).

That is, if the payment amount exceeds the payment limit, the user authentication apparatus determines that payment is not possible and transmits information about the payment approval disapproval to the web-based commerce apparatus, and the web-based commerce apparatus can notify the user apparatus .

At this time, the user authentication apparatus may transmit information on the non-payment approval disconnection to the user apparatus prior to the web-based commercial transaction apparatus, and may request the user apparatus to re-input the payment PIN corresponding to the payment limit exceeding the payment amount.

In addition, if the user authentication apparatus determines that the payment amount is within the settlement limit and can be paid, the user authentication apparatus can transmit the decrypted information block 1 to the credit card approval requesting apparatus.

Prior to this, the user authentication device may generate a transaction-related one-time authentication value (transaction authentication value) in order to prevent transaction forgery by the merchant before transmitting the information block 1 to the credit card approval request device at the time of determining the payment S540).

The user authentication apparatus can transmit the transaction-associated one-time authentication value to the web-based commerce apparatus (step S545).

The Web-based commercial transaction apparatus may request the approval of payment by transmitting the payment details, the temporary virtual card number, and the transaction-related one-time authentication value to the credit card approval request device (step S550).

Here, instead of step S540 to step S550, the user authentication apparatus may request approval of payment with the credit card approval request apparatus directly after the authentication of the user succeeds in step S535 (step S555).

On the other hand, the credit card approval request device directly generates the one-time authentication value for the transaction through the payment history and the member information, and compares the one-time authentication value for the transaction generated with the transaction and the one-time authentication value for the transaction received from the web- (Step S560). Based on this comparison procedure, it can be verified whether the forgery or falsification of the payment history received from the Web-based commercial transaction apparatus has occurred.

The credit card approval requesting device may transmit the transaction-associated one-time authentication value to the user authentication device and request information block 1 (step S565).

The user authentication device verifies the transaction-related one-time authentication value (step S570), and if the transaction-related one-time authentication value is verified, the information block 1 can be transmitted to the credit card approval request device (step S575).

In addition, the user authentication apparatus can transmit the card ID extracted through the temporary virtual card number together with the information block 1 to the credit card approval requesting apparatus.

At this time, it goes without saying that the user authentication device and the credit card approval requesting device can transmit and receive the information block 1 and the card ID without generating and verifying the transaction-associated one-time authentication value.

The credit card authorization requesting device may decrypt the information block 2 based on the information block 1 received from the user authentication device and decrypt the encrypted credit card authentication value based on the decrypted information block 1 and information block 2. [

Further, the credit card approval requesting apparatus can decrypt the encrypted credit card number corresponding to the card ID received from the user authentication apparatus.

Accordingly, the credit card approval requesting device may generate the approval request information based on the decrypted credit card authentication value and the credit card number, and may transmit the approval request information to the credit card company (step S580). For example, the authorization request information may be authorization specialist generated via hardware encryption equipment (HSM) based on information block 1, information block 2 and credit card number.

At this time, the credit card approval requesting device can receive the payment information provided by the web-based commerce device from the user authentication device, and based on the payment information, the credit card authentication value and the credit card number, Can be generated.

The credit card approval requesting device can transmit the approval request information to the credit card company server (step S585), and the credit card company server can receive the approval request information and transmit the approval result to the credit card approval requesting device (step S590). The credit card approval requesting device can transmit the approval result to the web-based commerce device (step S595).

Based on the above-described configuration, the payment service providing apparatus according to the embodiment of the present invention can complete the settlement processing and can support settlement within a desired settlement limit.

7 is a conceptual diagram illustrating a payment procedure according to an input of a payment PIN according to an embodiment of the present invention.

Referring to FIG. 7, the web-based commercial transaction apparatus 600 transmits payment information including a temporary virtual card number selected by the user and payment details (item, merchant name, amount, transaction date, etc.) to the user authentication apparatus 620 And can proceed the transaction authentication request.

The user authentication apparatus 620 may inquire information on the card ID of the user based on the temporary virtual card number to obtain information on the card ID of the user. Information on the user's card ID may be transmitted to the credit card authorization requesting device 640. [ The credit card authorization requesting device 640 can inquire the encrypted credit card number based on the information on the card ID, decrypt the encrypted credit card number, and use it as the payment information of the customer.

The decryption of the encrypted credit card number in the credit card authorization requesting apparatus 640 is performed based on the information block 2 decrypted based on the information block 1 received from the user authentication apparatus 620 or is decrypted based on the HSM .

The user authentication apparatus 620 may request the user apparatus to input information on the payment PIN set at the time of membership registration. The user can input a payment PIN corresponding to the desired payment limit through the user device.

The user authentication apparatus 620 decrypts the information block 1 encrypted with the payment PIN corresponding to the desired payment limit among the plurality of encrypted information blocks 1 encrypted and stored at the time of membership registration through the payment PIN received from the user apparatus .

Also, the user authentication apparatus 620 compares the settlement amount corresponding to the decrypted information block 1 with the settlement amount according to the settlement information, and if the settlement amount is within the settlement limit, the user authentication apparatus 620 determines that settlement is possible, .

The credit card authorization request device 640 may send the transaction authorization value to the user authentication device 620 and request information block 1. The user authentication apparatus 620 verifies the transaction authentication value, and when the transaction authentication value is verified and it is determined that payment is possible by comparing the payment limit with the settlement amount, the user authentication apparatus 620 transmits the decrypted information block 1 to the credit card approval requesting apparatus 640 Lt; / RTI >

The credit card authorization request device 640 may decrypt the information block 2 based on the decrypted information block 1 received from the user authentication device 620. [ The credit card authorization request device 640 may generate a credit card authorization value based on the decrypted information block 1 and the information block 2.

Accordingly, the credit card approval requesting device 640 can generate the approval request information based on the credit card authentication value and the credit card number, and transmit the approval request information to the credit card company server.

At this time, the credit card approval requesting apparatus 640 can receive the payment information provided by the web-based commercial transaction apparatus 600 together with the information block 1 from the user authentication apparatus 620, Value and the credit card number of the user.

The credit card approval requesting device 640 can transmit the approval request information to the credit card company server and the credit card company server can receive the approval request information and transmit the approval result to the credit card approval requesting device 640. [ The credit card approval requesting device 640 can transmit the approval result to the web-based commercial transaction apparatus 600. [

In the above-described configuration, the settlement service providing apparatus assists the user to set the complexity of the settlement PIN corresponding to the different settlement limit differently, so that the settlement PIN having the highest complexity is set for the settlement PIN having the highest settlement limit And a settlement PIN having a low complexity is set for a small settlement with a low settlement limit, thereby enhancing the security of the settlement PIN having a high settlement limit and providing settlement convenience through a settlement PIN having a low settlement limit. .

As shown in the figure, the user authentication apparatus included in the payment service providing apparatus receives, based on the setting information received from the user apparatus, a plurality of digits constituting the settlement PIN information having the highest settlement limit, Can be used as other payment PIN information corresponding to the payment limit different from the payment PIN information.

For example, if PIN 2, which is another payment PIN information corresponding to a part (4 digits) of a plurality of digits (8 digits) constituting PIN 1 which is the payment PIN information, is input as shown in the figure, If you enter the full PIN 1 (8 digits), you can make a general limit settlement.

Accordingly, the plurality of settlement PINs that are set differently may be more complicated than the PIN information for the general limit, and the PIN information for the smaller limit may be simpler, and if necessary, the PIN for the general limit may include the PIN for the lower limit . Therefore, the micropayment can be configured to input a part of the PIN for the general limit in order to reduce the number of input.

The user device, the payment service provision device, the web-based commerce device, and various servers described above can be implemented by hardware components, software components, and / or a combination of hardware components and software components.

In addition, the components described in the embodiments may be implemented in various forms such as, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA) unit, a microprocessor, or any other device capable of executing and responding to instructions.

The user device, the payment service providing device, the web-based commerce device, and various servers may execute one or more software applications executed on an operating system (OS) and an operating system. Further, the user apparatus, the payment service providing apparatus, the web-based commerce apparatus, and various servers may access, store, manipulate, process, and generate data in response to the execution of the software.

For ease of understanding, each component may be described as being used individually, but one of ordinary skill in the art will recognize that the processing device may be configured to include a plurality of processing elements and / Element can be included.

For example, a user device, a payment service provision device, a web-based commerce device, and various servers may include a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as a parallel processor.

The software may comprise a computer program, code, instructions, or a combination of one or more of the foregoing, and may be operable to operate a user device, a payment service provision device, a web-based commerce device, Or it can be ordered independently or collectively.

The software and / or data may be interpreted by a user device, a payment service provision device, a web-based commerce device, various servers, or to provide commands or data to a user device, a payment service provision device, May be permanently or temporarily embodied in any type of machine, component, physical device, virtual equipment, computer storage media or device, or in a signal wave being transmitted .

The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.

The method of providing a web-based payment service supporting a plurality of limit selection according to an embodiment of the present invention can be written as a computer program, and the codes and code segments constituting the computer program can be easily deduced by computer programmers in the field have. The computer program may be stored in a computer readable medium readable by a computer and read and executed by a computer, a payment service providing apparatus, a web-based commercial transaction apparatus, a user apparatus, or the like according to an embodiment of the present invention A web-based payment service providing method supporting a plurality of limit selection can be implemented.

The information storage medium includes a magnetic recording medium, an optical recording medium, and a carrier wave medium. The computer program implementing the method of providing a web-based payment service supporting a plurality of limit selection according to the embodiment of the present invention can be stored and installed in a built-in memory such as a payment service providing device, a web-based commerce device, and a user device. Alternatively, an external memory such as a smart card storing and installing a computer program implementing a web-based payment service providing method supporting a plurality of limit selection according to an embodiment of the present invention may be provided through a payment service providing device, a web- , A user device, or the like.

The various devices and components described herein may be implemented by hardware circuitry (e.g., CMOS-based logic circuitry), firmware, software, or a combination thereof. For example, it can be implemented utilizing transistors, logic gates, and electronic circuits in the form of various electrical structures.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or essential characteristics thereof. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

The present invention provides a web-based authentication payment method for non-face payment settlement in a web standard environment, and simultaneously sets different PINs according to different settlement limits for a single payment means, and applies different limits to the PIN input information And it is possible to increase the settlement convenience for a small amount by simply setting the PIN of the small payment limit and to improve the security by reducing the total exposure of the PIN to the general limit higher than the small payment limit, It can be widely applied to payment or non-face-to-face payment systems.

100: a payment service providing device 120: a user authentication device
140: credit card authorization request device

Claims (10)

Encrypts and stores the credit card number, encrypts the credit card authentication value, and divides the encrypted information into an information block 1 and an information block 2, wherein the information block 1 is used for decrypting the information block 2, A credit card authorization requesting device which is implemented to transmit the information block 1 and delete the information block 1; And
The method comprising: receiving from the user device a plurality of different payment PIN information and setting information in which a payment limit corresponding to each payment PIN information is set; encrypting the information block 1 based on the payment PIN information, A plurality of encrypted information blocks 1 in which different settlement limits are generated by setting a settlement limit corresponding to the settlement PIN information used in the encryption based on the setting information, Upon receipt of the payment information for the temporary virtual card number and the payment details, requests payment PIN information for generating the information block 1 to the user device, and transmits the encrypted information block 1 and the payment amount according to the payment information, And a user authentication device for transmitting the information block 1 decrypted based on the settlement PIN information received from the user device to the credit card approval requesting device, A web-based payment service providing apparatus. The method according to claim 1,
The credit card authorization request device decrypts the information block 2 based on the information block 1, decrypts the encrypted credit card authentication value based on the information block 1 and the information block 2, and transmits the encrypted credit card number And transmits the approval message to the credit card company based on the credit card authentication value and the credit card number, and transmits the approval message to the credit card company. Payment service providing apparatus. 3. The method of claim 2,
The encryption for the credit card number is performed based on a hardware security module (HSM) and a hash,
The encryption for the credit card authentication value is performed based on the HSM,
Wherein the information block 1 is encrypted using an advanced encryption standard (AES) based on the payment PIN information in the user authentication apparatus. The method of claim 3,
Wherein the credit card approval requesting device receives the credit card number and the credit card authentication value from a user device through a membership subscription procedure. The method according to claim 1,
Wherein the user authentication apparatus requests another payment PIN information to the user apparatus when payment is not possible according to the payment availability. The method according to claim 1,
The user authentication apparatus may transmit the code of some place selected according to the selection of the user device among the plurality of places constituting the settlement PIN information corresponding to the highest settlement limit based on the setting information to another settlement PIN information Wherein the plurality of limits are selected by a user. The credit card approval requesting device encrypts and stores the credit card number, encrypts the credit card authentication value, and divides the encrypted information into the information block 1 and the information block 2, transmits the information block 1 to the user authentication device, The information block 1 is used for decoding the information block 2;
The user authentication apparatus receives from the user apparatus a plurality of settlement personal identification number (PIN) information and setting information in which a settlement limit corresponding to each settlement PIN information is set, and transmits the settlement PIN information to the information block 1 And generating and storing a plurality of encrypted information blocks 1 in which different settlement limits are set by setting a settlement limit corresponding to the settlement PIN information used for encryption based on the setting information;
When the user authentication apparatus receives settlement information for a temporary virtual card number and settlement history from a web-based commerce apparatus in which commerce has occurred by a user, requests payment PIN information for generating the information block 1 to the user apparatus, Comparing the settlement limit set in the encrypted information block 1 decrypted based on the settlement PIN information received from the settlement unit with the settlement amount according to the settlement information to determine whether the settlement is possible; And
And transmitting the information block 1 decrypted based on the settlement PIN information received from the user apparatus when the user authentication apparatus is able to make payment, to the credit card approval requesting apparatus. Way. 8. The method of claim 7,
The credit card approval requesting device decrypts the information block 2 based on the information block 1 and decrypts the encrypted credit card authentication value based on the information block 1 and the information block 2, Decrypting the encrypted data; And
Further comprising the step of generating an approval telegram to be transmitted to the credit card company based on the decrypted credit card authentication value and the credit card number, and transmitting the approval telegram to the credit card company Based payment service. 9. A recording medium on which a computer program for performing the method according to any one of claims 7 to 8 is recorded. A user device for transmitting the credit card number and the credit card authentication value through a membership process;
A web-based commerce apparatus for generating and transmitting information on a temporary virtual card number and a payment history when a commercial transaction by the user apparatus occurs; And
Encrypts and stores the credit card number received from the user device, encrypts the credit card authentication value and divides the information into an information block 1 and an information block 2, wherein the information block 1 is used for decrypting the information block 2, 1 stored in the information storage unit 1, different information blocks 1 encrypted based on each payment PIN information using a plurality of different payment PIN information received from the user device, and for each encrypted information block 1, Setting a different settlement limit based on the setting information received from the user device, receiving settlement information for the temporary virtual card number and payment details from the web-based commerce device, Requesting the PIN information, and decrypting the encrypted PIN information The information block 1 is decoded based on the payment PIN information received from the user device when the payment can be made, and the information block 1 And a payment service providing device for decrypting the credit card authentication value encrypted based on the information block 2 decrypted based on the information block 2 and decrypting and encrypting the encrypted credit card number. Service delivery system.

Images