WO2018131885A1 - Method for providing payment gateway service using utxo-based protocol and server using same - Google Patents

Abstract

The present invention relates to a method for providing a payment agency service and a server using same, and specifically, to a method for registering an authentication certificate, a method for providing a payment agency service, a card company server, and a payment agency server. A method according to the present invention comprises the steps of: a card company server supporting a user terminal to generate and save a public key and a personal key of a user, when identity authentication information and a first push token ID is delivered from the user terminal; managing the first push token ID or a second push token ID as an integrated push token ID when the first push token ID and the second push token ID match, and saving registration information including the integrated push token ID and the public key; and supporting the payment agency server to manage user identification information including (i) a terminal identification information hash value and (ii) the user identification information including the integrated push token ID.

Description

Method for providing payment gateway service using UTXO based protocol and server using same

The present invention relates to a method for providing a payment gateway service using an unspent transaction output (UTXO) based protocol and a server using the same. More specifically, the present invention relates to a certificate for providing a payment gateway service. It relates to a registration method, a payment agent service providing method using the same, and a card company server and a payment agent server using the same.

With the increase of credit card users in online shopping malls and offline stores, credit cards are becoming an important payment method along with cash.

The general flow of payment using a credit card is as follows.

First, a user makes a purchase request to a service provider such as a shopping mall in order to purchase a specific product or service, and inputs a card number to an online certification company. Then, the online certification company requests the card company to authenticate the card number, and receives an authentication result of the card number from the card company. If the authentication result is successful, the online certification company passes the authentication number to the service provider, the shopping mall passes the encrypted card number and the authentication number to the payment gateway (PG company) and the payment agency passes it to the VAN company. And, the VAN is a serial delivery is made to pass it back to the card company. Then, the approval result from the card company is delivered to the VAN company, the VAN company to the payment agency, the payment agency from the payment provider to the service provider, and the user receives the final approval result.

Conventionally, such a general payment method is a method of inputting a general payment password registered with a user's credit card after performing separate user authentication and card authentication to make an online payment. It can be said to be a payment method by entering a card number of a credit card which is weak in verification. In addition, since the payment agency and VAN company stores and uses the user's card number, there is a disadvantage in that the risk of leaking card information is greatly exposed.

Accordingly, in order to maintain the conventional payment method, excessive cost and effort for obtaining information protection certification, qualified PG company, and PCI-DSS certification qualification are required, and abnormal transaction tracking system such as FDS (Abnormal State Awareness System) and While manpower management is necessary, there is a lack of specialized manpower for this.

The payment flow of the simple payment, which is a step further than the general payment method, is as follows.

First, when a user makes a purchase request to a service provider, the service provider requests a payment from a payment agency. Then, the payment agency sends an authentication request signal to the simple payment app provided to be installed on the user's mobile terminal by the payment agency, and the user takes an authentication confirmation action such as inputting a predetermined password as a response to the authentication request signal. . Then, the card number of the credit card is sent to the payment agency from the simple payment app, the payment agency authenticates itself, passes the encrypted card number to the VAN company, and the VAN company transfers it to the card company again. . Then, the approval result from the card company is delivered to the VAN company, the VAN company to the payment agency, the payment agency from the payment provider to the service provider, and the user receives the final approval result.

Such a simple payment is a service that allows a simple and complicated payment of the general payment method in the online payment simply by inputting the app password.

However, such a simple payment is a method of storing and using a user's card number through an app of a qualified payment agent, which is a qualified PG company, and thus still stores and uses the user's credit card information in a payment agency and a VAN company. There is a risk of exposure. As with the shortcomings of the above-mentioned general payment method, the simple payment method requires excessive cost and effort to obtain information protection certification, qualified PG company, and PCI-DSS certification, and abnormal transactions such as FDS (Abnormal State Awareness System) While tracking systems and manpower operations are required, there is a shortage of specialist personnel.

In addition, in the situation where there is no absolute operator of the simple payment method, the user must register and use the card number of the credit card he uses a lot in various simple payment apps. As of December 2016, there are more than 15 different kinds of simple payment apps, such as Naver Pay, Cacao Pay, Syrup Pay, K Pay, and Payau, and do not have simple payment apps that users mainly use depending on the service provider. In this case, it is necessary to repeatedly register credit card information.

The present invention aims to solve all the above-mentioned problems.

In addition, an object of the present invention is to minimize the risk of exposing credit card information in the flow of payment.

Particularly, the present invention prevents credit card information from being transmitted and received between entities participating in the card payment, thereby preventing the credit card information from being exposed, thereby enabling payment with high reliability of personal authentication. For the purpose of

Another object of the present invention is to facilitate the management of information on card payment and to attain integrity for error prevention by allowing a transaction to be recorded in a database.

To this end, the present invention allows all entities participating in the card settlement to use cryptographic techniques such as cryptographically valid public key-private key pairs (eg, RSA, ECC), hash functions, etc. Makes this impossible.

 Another object of the present invention is to provide a method for preventing forgery of transaction information by using a blockchain of virtual currency as a database in registering a transaction regarding certificate registration and proof of payment in a database.

Representative configuration of the present invention for achieving the above object is as follows.

According to one aspect of the present invention, a method for registering a certificate for providing a payment gateway service using a database is provided, which method includes: (a) identity authentication information or a value obtained by processing the same from a user terminal; , And when a first push token ID (PushTokenID), which is a unique identifier generated by the user terminal, is passed for pushing to the user terminal, the card company server causes the user terminal to send the user's public key and Supporting generating and storing a key pair comprising a private key; (b) if a second push token ID and the public key of the user are obtained, and the first push token ID and the second push token ID match, the card company server, the first push token ID or the second push token ID; Managing a push token ID as an integrated push token ID and storing registration information including the integrated push token ID and the public key; And (c) when the registration information is stored, the card company server, (i) a terminal identification information hash value which is a result of hashing terminal identification information which is information for identifying the user terminal, and (ii) the integration. And supporting the payment agent server to manage the user identification information by transferring the user identification information including the push token ID to the payment agent server.

According to another aspect of the present invention, a method for registering a certificate for providing a payment gateway service using a database is provided, which method includes: (a) (i) identity authentication information or the same from a user terminal; The card company server, which has received the processed value and the first push token ID (PushTokenID) which is a unique identifier generated by the user terminal for pushing to the user terminal, causes the user terminal to send the user's public key. And generate and store a key pair comprising a private key, (ii) a second push token ID and the user's public key are obtained, and the first push token ID and the second push token ID match The card company server manages the first push token ID or the second push token ID as an integrated push token ID, and includes the integrated push token ID and the public key. A terminal identification information hash value which is a result of hash calculation of terminal identification information which is information for identifying the user terminal from the card company server, and the integration, when the lock information is stored and the registration information is stored. Obtaining user identification information including a push token ID; And (b) when the user identification information is obtained, the payment agent server managing the user identification information.

According to another aspect of the present invention, there is provided a method for providing a payment gateway service using a database, the method comprising: (a) a first push corresponding to a user terminal in response to a user's payment request; When payment reception request information including a token ID (PushTokenID) and payment target information is obtained from a payment agent server, the card company server (i) is a result of hashing terminal identification information which is information for identifying the user terminal. A process of delivering payment receipt result information including a terminal identification information hash value to the payment agency server; and (ii) authentication which is information for requesting authentication for the payment target information and the payment target information in response to the payment reception request information. Performing a process of delivering request information to the user terminal; (b) if payment approval request information including a second push token ID is obtained under the user's approval as a response to the authentication request information, and the first push token ID and the second push token ID match, the Managing, by the card company server, the first push token ID or the second push token ID as an integrated push token ID, and validating the payment approval request information; And (c) if the payment approval request information is valid, processing the card approval according to the payment approval request information by the card company server.

According to another aspect of the present invention, there is provided a method for providing a payment gateway service using a database, the method comprising: (a) a service provider server that is a server of a service provider in response to a user's payment request; When the terminal identification information hash value, the payment target information, and the service provider authentication information, which are the result of hashing the terminal identification information which is information for identifying the user terminal from the terminal, are obtained, the payment agent server may be configured to perform a first operation corresponding to the user terminal. Transmitting payment acceptance request information including a push token ID (PushTokenID) and payment target information to a card company server; (b) when the payment reception result information including the terminal identification information hash value and the order number included in the payment target information is obtained from the card company server, the payment agency server sends the payment reception result information to the service provider server. Delivering to; And (c) receiving the user's approval in response to the authentication request information, which is information for requesting authentication of the payment object information and the payment object information transmitted from the card company server to the user terminal in response to the payment reception request information. The payment approval result obtained by referring to payment approval request information transmitted from the user terminal to the card company server is successful is transmitted from the card company server, and the second push token ID included in the payment approval request information is the first push. If the token IDs match, the payment agent server manages the first push token ID or the second push token ID as an integrated push token ID, the terminal identification information hash value, the integrated push token ID, and the payment. Transaction information including at least a part of the target information or a processed value of the proof of payment content Sean as a step that supports recording on the database, or to allow the recording to another device linked to the settlement server.

According to another aspect of the present invention, there is provided a card company server that performs a registration method of a certificate to provide a payment gateway service using a database, the server, the user authentication information or from the user terminal A communicator configured to receive a processed value and a first push token ID (PushTokenID), which is a unique identifier generated by the user terminal for pushing to the user terminal, or to allow another device to receive the processed value; And (i) when the user authentication information or the processed value and the first push token ID are delivered, allowing the user terminal to generate and store a key pair including the public key and the private key of the user. Process, (ii) if a second push token ID and a public key of the user are obtained, and the first push token ID and the second push token ID match, the first push token ID or the second push token ID Is managed as an integrated push token ID, and stores registration information including the integrated push token ID and the public key, and (iii) when the registration information is stored, (i) information for identifying the user terminal. The terminal identification information hash value, which is a result of hashing the terminal identification information, and (ii) the user's identification information including the integrated push token ID to the payment agent server by transmitting the payment agent. Burrow to cause a processor to perform a process that helps manage the user identification information.

According to another aspect of the present invention, there is provided a payment agent server that performs a method of registering a certificate to provide a payment gateway service using a database, the server comprising: (i) the user from the user terminal; The card company server, which has received the authentication information or the processed value and the first push token ID (PushTokenID) which is a unique identifier generated by the user terminal for pushing to the user terminal, causes the user terminal to receive the information. Support for generating and storing a key pair comprising a user's public key and a private key, (ii) a second push token ID and the user's public key are obtained, and the first push token ID and the second push token As the IDs match, the card company server manages the first push token ID or the second push token ID as an integrated push token ID, and the integrated push token I A terminal identification information hash value which is a result of hashing terminal identification information which is information for identifying the user terminal from the card company server while storing registration information including D and the public key and storing the registration information; And a communicator configured to acquire user identification information including the integrated push token ID or to allow another device to obtain the identification information. And a processor managing the user identification information when the user identification information is obtained.

According to another aspect of the present invention, there is provided a card company server that performs a method for providing a payment gateway service using a database, the server corresponding to the user terminal in response to a user's payment request A communication unit configured to obtain payment reception request information including a push token ID and a payment target information from a payment agent server or to allow another device to obtain information; And when the payment acceptance request information is obtained, (i) transmitting the payment acceptance result information including the terminal identification information hash value, which is a result of hashing the terminal identification information which is information for identifying the user terminal, to the payment agency server. (Ii) a process of delivering to the user terminal or requesting another device to transmit authentication request information, which is information for requesting authentication of the payment target information and the payment target information, in response to the payment reception request information; And a processor configured to perform the processing, wherein the processor is further configured to obtain payment approval request information including a second push token ID under the user's approval as a response to the authentication request information, wherein the first push token ID and the first push token ID are obtained. 2 If the push token ID matches, the first push token ID or the second push token ID is unified; Manage as a token ID, and verify the validity of the payment authorization request information or to allow other devices to verify, and if the payment authorization request information is valid, processing the card authorization according to the payment authorization request information. .

According to yet another aspect of the present invention, there is provided a payment agent server that performs a method for providing a payment gateway service using a database, the server being a server of a service provider in response to a user's payment request. A communication unit for acquiring the terminal identification information hash value, the payment object information, and the service provider authentication information, which are the result of hashing the terminal identification information, which is information for identifying the user terminal, from the service provider server; And (i) payment receipt request information including a first push token ID (PushTokenID) and payment target information corresponding to the user terminal when the terminal identification information hash value, the payment target information, and the service provider authentication information are obtained. (Ii) when the payment acceptance result information including the terminal identification information hash value and the order number included in the payment target information is obtained from the card company server, the payment reception result information is transmitted to the service provider. A process for delivering to a provider server, and (iii) a response to authentication request information which is information for requesting authentication for the payment target information and the payment target information transmitted from the card company server to the user terminal in response to the payment reception request information. Transfer from the user terminal to the card company server with the user's approval as If the payment approval result obtained with reference to the payment approval request information has been successfully transmitted from the card company server, and the second push token ID included in the payment approval request information matches the first push token ID, Manage one push token ID or the second push token ID as an integrated push token ID, and include transaction information or at least some of the terminal identification information hash value, the integrated push token ID, and the payment target information; And a processor configured to record a value on the database as a proof of payment transaction or to allow another device linked to the payment agent server to record a value.

According to the present invention, there is an effect of minimizing the risk of exposing credit card information in the flow of payment. Specifically, according to the present invention, a payment agency operating a payment agent server does not need to store a credit card number for payment.

In addition, the present invention registers a transaction related to the registration of the certificate and proof of payment in the database to facilitate the management of the information on the card payment, and at the same time to improve the integrity for error prevention reliability and security of the credit card payment system Can be improved.

To this end, the present invention allows all entities participating in the card settlement to use cryptographic techniques such as cryptographically valid public key-private key pairs (eg, RSA, ECC), hash functions, etc. This becomes impossible.

According to the present invention, since a complicated process of passing through the conventional payment agency and the VAN company is not necessary, a service provider such as a shopping mall does not need to introduce a complicated system such as simple payment, general payment, and secure payment.

In addition, the present invention has the effect of improving the reliability and security of the entire credit card payment system by making it impossible to forgery the transaction information by recording the transaction in the blockchain of the virtual currency.

1 is a conceptual diagram schematically illustrating a server device for providing a payment agency service according to an embodiment of the present invention.

FIG. 2 is a sequence diagram schematically illustrating a method for registering a certificate for providing a payment agent service according to the first and second embodiments of the present invention.

3 is a sequence diagram schematically illustrating a method for providing a payment agency service according to the first and second embodiments of the present invention.

FIG. 4 is a sequence diagram showing further subdivisions of specific steps of the method shown in FIG. 3.

5 is a sequence diagram schematically illustrating a method of registering a certificate for providing a payment agency service according to the third and fourth embodiments of the present invention.

6 is a sequence diagram schematically illustrating a method for providing a payment agency service according to the third and fourth embodiments of the present invention.

FIG. 7 is a sequence diagram showing further subdivisions of specific steps of the method shown in FIG. 6.

8 and 9 are conceptual views schematically illustrating a process in which related transactions are recorded in a predetermined database according to the second and fourth embodiments of the present invention.

DETAILED DESCRIPTION The following detailed description of the invention refers to the accompanying drawings that show, by way of illustration, specific embodiments in which the invention may be practiced to clarify the objects, technical solutions and advantages of the invention. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention.

As used herein, the term “database” refers to a system of data, that is, a set of integrated managed information and a system for managing the same, including, but not limited to, a general relational database, a MongoDB database, and a blockchain database. It doesn't work. In the present specification, for convenience of description, a blockchain database of virtual currency is described as an example, but a person skilled in the art will understand that the present invention is not limited thereto.

As used herein, the term "public blockchain database" refers to utilizing all computing devices on a virtual currency system that manages the blockchain public blockchain, which is widely used in the public as a blockchain of virtual currency, as a database. The servers according to the invention are accessible to this.

The virtual currency refers to a digital currency circulated by a transaction based on an electronic wallet with blockchain technology, and in the virtual currency, bitcoin, light coin, dark coin, name coin, ceramic coin, ripple, etc. There is this.

In addition, the term “private blockchain database” in the present specification refers to a so-called, privately configured private blockchain that is directly managed by servers according to the present invention, which uses a blockchain of virtual currency but is not a public blockchain used in the air. Refers to a database using.

In addition, the term “payment agency server” in the present specification refers to a server device operated by a payment agency to provide a payment agency service of the present invention, and “card company server” refers to a payment agent service of a card company of the present invention. In response to the card refers to the operating server device for providing a card payment service.

Moreover, throughout the description and claims of the present invention, the word "comprises" and variations thereof are not intended to exclude other technical features, additives, components or steps. Other objects, advantages and features of the present invention will become apparent to those skilled in the art, in part from this description and in part from the practice of the invention. The following examples and drawings are provided by way of illustration and are not intended to limit the invention.

Moreover, the present invention encompasses all possible combinations of the embodiments indicated herein. It should be understood that the various embodiments of the present invention are different but need not be mutually exclusive. For example, certain shapes, structures, and characteristics described herein may be embodied in other embodiments without departing from the spirit and scope of the invention with respect to one embodiment. In addition, it is to be understood that the location or arrangement of individual components within each disclosed embodiment may be changed without departing from the spirit and scope of the invention. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present invention, if properly described, is defined only by the appended claims, along with the full range of equivalents to which such claims are entitled. Like reference numerals in the drawings refer to the same or similar functions throughout the several aspects.

The first embodiment of the present invention is an embodiment in which the card company server operated by the card company plays a main role in the payment method according to the present invention, and is configured to record individual transactions in the first database as necessary. .

The second embodiment of the present invention is configured in such a way that the card company server operated by the card company plays a main role in the payment method according to the present invention, and after recording individual transactions in the first database, the first transaction is recorded in the first database. The embodiment is configured in an anchoring manner in which the integrity of the recording is doubled by recording the representative hash value generated from the transactions in the second database.

The third embodiment of the present invention is implemented in such a way that the payment agent server operated by the payment agency in the payment method according to the present invention plays a main role, and is configured to record individual transactions in the first database as necessary. Yes.

In the fourth embodiment of the present invention, the payment agent server operated by the payment agency in the payment method according to the present invention is configured in such a manner that the main role is recorded, after recording the individual transactions in the first database, and in the first database. It is an embodiment configured in an anchoring manner to double the record integrity by writing a representative hash value generated from recorded transactions to a second database.

For reference, in the present invention, if the first database is a database in which data of a transaction is directly recorded, the second database may be referred to as a database that is indirectly recorded through the first database for data integrity.

Unless otherwise indicated herein or clearly contradicted by context, an item referred to in the singular encompasses the plural unless the context otherwise requires. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement the present invention.

1 is a conceptual diagram schematically illustrating a server device for providing a payment agency service according to an embodiment of the present invention.

Referring to FIG. 1, the payment agent server and the card company server, which are server devices according to the present invention, may be a computing device 100 including a communication unit 110 and a processor 120, and may be indirectly or directly with other computing devices. Can communicate. The payment agent server may be configured with a plurality of computing devices including a payment agent management server as described below, and the card company server may be configured with a plurality of computing devices including a card company management server as well.

Also, entities including a user terminal and a service provider server may typically be the computer device 100.

Specifically, server devices and user terminals typically comprise computing devices (eg, devices that may include components of computer processors, memory, storage, input and output devices, other conventional computing devices; electronics such as routers, switches, and the like). A desired system using a combination of a communication device; an electronic information storage system such as network attached storage (NAS) and a storage area network (SAN) and computer software (ie, instructions that cause a computing device to function in a particular way). May be to achieve performance.

The communication unit 110 of the computing device may transmit and receive a request and a response with another computing device to which the computing device is linked. For example, the request and response may be made by the same TCP session, but are not limited thereto. For example, it may be transmitted and received as a UDP datagram.

In addition, the processor 120 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, a data bus, and the like. In addition, the operating system may further include a software configuration of an application performing a specific purpose.

First embodiment

Now, a method of providing a payment agent service according to the present invention will be described from the first embodiment.

2 is a sequence diagram schematically illustrating a method for registering a certificate for providing a payment agent service according to the present invention.

Referring to FIG. 2, firstly, the present invention accesses an app store and downloads an app to obtain an app for providing a billing service according to the present invention through the user terminal. It is assumed that the procedure S201 for receiving and the procedure S202 for installing the app on the user terminal are completed.

In FIG. 2, the card company server is divided into a card company management server and a card company authentication server for convenience of description, but a single card company server may perform the functions of the card company management server and the card company authentication server shown in FIG. 2. to be.

Referring to FIG. 2, a method of registering a certificate for providing a payment gateway service according to a first embodiment of the present invention includes a user authentication information or a processed value thereof from a user terminal, and the user terminal to the user terminal. When a first push token ID (PushTokenID), which is a unique identifier generated by the user terminal (S215) for delivery, is passed (S220), a card company server causes the user terminal to transmit the user's public key and personal. Supporting (S210 to S250) to generate and store (S250) a key pair including the key.

Here, the authentication information may include at least one of a name of the user, a telephone number of the user, a card number, and a Card Verification Value (CVC), but is not limited thereto. will be.

In the first embodiment, the steps (S210 to S250), if the identity authentication information or a value processed therein, and the first push token ID is passed (S220), the card company server, the identity authentication information or this A process of transmitting authentication request information including the processed value to a card company ledger server (S225), and a process of storing the terminal identification information and the first push token ID (S230) which are information for identifying the user terminal; Performing; And an authentication result corresponding to the authentication request information is obtained from the card company member ledger server (S235), and if the authentication result is successful, the card company server delivers the authentication result to the user terminal (S240). It may include the step of supporting the terminal to generate and store the key pair (S250) to correspond to the PIN code (S245) input to the user terminal.

Herein, the push token ID (PushTokenID) functions as an identifier for transmitting, ie, pushing, data for notification to the user terminal from the outside, and is uniquely generated for each user terminal without duplication. do.

In addition, the terminal identification information, which is similar to the above push token ID but is easy to remember and commonly used, may be, for example, a telephone number of the user corresponding to the user terminal. However, the terminal identification information is not limited thereto and may be any identification information corresponding to the user terminal. For example, the terminal identification information may be a predetermined email address corresponding to the user terminal.

The PIN code is predetermined information input to the user terminal to prove that the user is the user. For example, the PIN code may be a password which may include alphanumeric characters and special characters, but is not limited thereto. It will be appreciated that the PIN code may be information used in biometric technology such as FIDO.

Referring back to FIG. 2, in the certificate registration method according to the first embodiment of the present invention, a second push token ID and a public key of the user are obtained (S255), and the first push token ID and the second push key are obtained. If the push token ID matches, the card company server manages the first push token ID or the second push token ID as an integrated push token ID, and stores registration information including the integrated push token ID and the public key. (S260, S265) further comprises the steps (S255 to S265).

The card company server may be configured to include a card company management server and a card company authentication server. In this case, the steps S255 to S265 may include obtaining the second push token ID and the user's public key, If the push token ID and the second push token ID coincide, the card company management server passes the integrated push token ID and the public key to the card company authentication server, thereby causing the card company authentication server to execute the integrated push token ID and the public key. It may be characterized by supporting to hold a public key.

2, in the method of registering a certificate according to the first embodiment of the present invention, when the registration information is stored (S265), the card company server is (i) a terminal which is information for identifying the user terminal. The terminal identification information hash value, which is a result of hashing the identification information, and (ii) the user identification information including the integrated push token ID, is transferred to a payment agent server (S270), thereby causing the payment agent server to provide the user identification information. Supporting to manage the step (S265 to S275) further includes.

In this step (S265 to S275), the card company server may deliver a certificate registration completion message indicating registration of the certificate to the user terminal (S275).

On the other hand, referring to Figure 2, the certificate registration method according to the first embodiment of the present invention, the card company server, the registration information including the integrated push token ID and the public key or the value of the registration information processed; Recording the data on the database as the registration transaction (S280) of the certificate or supporting other devices linked to the card company server (S280 and S285).

In Figure 2, this step (S280, S285) is shown to be performed after the steps (S265 to S275), but this is only one example, the step (S280, S285) is the card company server holds only the registration information If so, it may be performed at any time after steps S255 to S265.

Here, the database may be a blockchain database of virtual currency, and the blockchain database may be a public blockchain database or a private blockchain database.

Next, a method of providing a payment agent service according to the first embodiment will be described based on the above-described certificate.

3 is a sequence diagram schematically illustrating a method for providing a payment agency service according to the present invention. In FIG. 3, for convenience of explanation, the card company server is divided into a card company management server and a card company authentication server, but one card company server may perform the functions of the card company management server and the card company authentication server shown in FIG. 3. to be.

Referring to FIG. 3, in the method of providing a payment agent service according to the first embodiment of the present invention, a first push token ID (PushTokenID) and payment target information corresponding to a user terminal according to a user's payment request (S305). When the payment request information including the information is obtained from the payment agent server (S310, S315), the card company server, (i) the terminal identification information hash that is a result of hashing the terminal identification information that is information for identifying the user terminal A process of transmitting payment reception result information including a value to the payment agency server (S320) and (ii) an authentication request which is information for requesting authentication for the payment target information and the payment target information in response to the payment reception request information; And performing the process of transmitting information to the user terminal (S330) (S305 to S330).

Here, the payment request (S305) of the user may be first transmitted from the user terminal to the service provider server, and then the related information may be transmitted by the service provider server to the payment agency server. The means of delivery may be a web page. It will be appreciated by those skilled in the art that the present invention may be, but is not limited to, an application (app) and a point of sales (POS) device. In the case of a web page or an application, it corresponds to an example of online payment, and in the case of a POS device, it may correspond to an example of payment in an offline store.

Herein, the payment target information may include an order number, identification information of a card company, identification information of a service provider, predetermined additional information provided by the service provider, a name of a payment target, a price of the payment target, whether a partial payment, It may include at least one of identification information of the currency that is the means of payment, the name of the user, the address of the user, the date and time of payment approval and the status information of the payment.

Next, in the payment agent service providing method according to the first embodiment of the present invention, the payment approval request information including the second push token ID is obtained under the user's approval (S335) as a response to the authentication request information. S340), if the first push token ID and the second push token ID match, the card company server manages the first push token ID or the second push token ID as an integrated push token ID, and the payment Validating the approval request information (S345, S350) further includes a step (S335 to S350). For example, the user's approval may be performed by determining the validity of the PIN code input to the user terminal. The PIN code is as described above.

Specifically, the payment approval based on the payment approval request information may include, for example, a method using random nonce and a method using a timestamp.

In the method using a random nonce, the process (S330) is characterized in that the card company server delivers the authentication request information and the payment target information including a random nonce to the user terminal, and the payment The authorization request information includes the second push token ID, a random nonce signature value that is a result of signing the random nonce with the user's private key, and the user's public key, and in steps S345 and S350, the The card company server may verify the validity of the payment approval request information by using the user's public key and the random nonce signature value.

In this case, a predetermined hash value can be obtained from the random nonce signature value using the user's public key as the random nonce signature value, and a result value obtained by applying a predetermined hash function to the hash value and the random nonce. By comparing the, we can validate the signature. In such a comparison, the signature is invalid if the hash value and the result obtained by applying the predetermined hash function are different, and if the signature is the same, it is well known to a person skilled in the art. You will see how to validate digital signatures.

On the other hand, in the method using a time stamp, the payment approval request information, the second stamp token ID, a time stamp signature value that is a result of signing a predetermined time stamp with the user's private key, and the user's public key And in step S345 and S350, the card company server verifies the validity of the payment approval request information using the user's public key and the timestamp signature value, and corresponds to the timestamp signature value. If the time interval between the first time and the second time which is the time at which the validity of the payment approval request information is verified is equal to or greater than a set value, the payment approval request information may be determined to be invalid.

Next, referring to FIG. 4, which further illustrates specific steps of the method illustrated in FIG. 3 and FIG. 3, the payment proxy service providing method according to the first embodiment of the present invention may include: If valid, the card company server (in FIG. 4, the card company server is configured to include a card company management server, a card company authentication server, and a card company approval server) processes the card approval according to the payment approval request information (S351, S352). It includes more.

Referring to FIG. 4, when the card company server is configured to include a card company management server, a card company authentication server, and a card company approval server, and the random request is included in the authentication request information, the process (S330) may be performed by the card company management server. The first push token ID, the payment target information, and the authentication request information may be transmitted to the user terminal in response to the payment reception request information. The steps S335 to S350 may include the authentication request information. A random nonce signature value, the second push token ID, and the public key of the user, the result of signing the random nonce with the private key of the user (S336, S337) under the user's approval (S335) as a response to the response. When payment approval request information is obtained from the user terminal (S340), the card company management server, the random nonce signature value and the It is possible to support the card company authentication server to verify the validity of the payment approval request information (S345, S350) by transmitting a key to the card company authentication server, and the steps (S351, S352), the payment approval If the request information is valid, the card company management server delivers the card information for processing the card approval according to the payment approval request information to the card company approval server (S351), thereby allowing the card company approval server to use the card information. It may be characterized in that for supporting the card authorization processing (S352).

Referring back to FIG. 3, in the method for providing a billing service according to the first embodiment of the present invention, when the card approval is completed (S352), the card company server receives a payment approval result indicating that the card approval is completed. The method may further include transmitting to at least one of the user terminal and the payment agent server (S355, S360).

As an example, the card company server transmits the payment approval result to the payment agency server (S360), thereby causing the payment agency server to transmit the terminal identification information hash value, the integrated push token ID, and the payment target information. Transaction information including at least a portion or a processed value thereof may be supported to be recorded on the database as a proof of payment transaction (S375, S380).

As described above, the method for providing the payment agent service according to the first embodiment of the present invention will be described again with reference to the payment agent server. When the terminal identification information hash value, the payment target information, and the service provider authentication information, which are the result of hashing the terminal identification information that is information for identifying the user terminal from the in-service provider server, are obtained, the payment agent server sends the request to the user terminal. Transmitting payment reception request information including a corresponding first push token ID (PushTokenID) and payment target information to a card company server; When payment acceptance result information including the terminal identification information hash value and the order number included in the payment target information is obtained from the card company server, the payment agent server transmits the payment acceptance result information to the service provider server. step; And the user terminal under the user's approval in response to the authentication request information which is information for requesting authentication of the payment object information and the payment object information transmitted from the card company server to the user terminal in response to the payment reception request information. When the payment approval result obtained by referring to the payment approval request information transmitted to the card company server is successful, the card company server is transmitted, and the second push token ID included in the payment approval request information is the first push token ID. If there is a match, the payment agent server manages the first push token ID or the second push token ID as an integrated push token ID, and among the terminal identification information hash value, the integrated push token ID, and the payment target information. Transaction information containing at least a portion or a processed value of the proof of payment transaction As a step of supporting recording on the database, or to cause the recording to another device linked to the settlement server.

In the payment agent service providing method according to the first embodiment, the payment agent server, the service provider server and the user with the payment approval result obtained from the card company server for the payment approval request information delivered in accordance with the user's approval It may be delivered to at least one of the terminals.

Second embodiment

Next, a second embodiment of a method of providing a payment agent service according to the present invention will be described. In the following description, the same technical features as those of the first embodiment will not be repeated, and only the differences will be described in detail. In the second embodiment, the database mentioned in the first embodiment corresponds to the first database. In the second embodiment, an interworking process with the second database is added.

Referring back to Figure 2, according to a second embodiment of the present invention, the method for registering a certificate for providing a payment agent service, if the anchoring condition is satisfied after the above-described step (S285) with respect to the first embodiment, At least one neighbor hash value of which the card company server matches a specific hash value that is a hash value of the registration transaction, wherein the neighbor hash value is (i) specific registration information including a specific push token ID and a specific user's public key; A hash value of a specific registration transaction, which is a value of processing the specific registration information, or (ii) a transaction information including at least some of a specific terminal identification information hash value, the specific push token ID, and specific payment target information, or a specific payment, which is a value thereof. Is a hash value of a content proof transaction-the second data is a representative hash value generated by hashing together or a value obtained by processing the representative hash value. Writing to the database or allowing the other device to record, and acquiring a transaction ID (not shown) in which the representative hash value or a value obtained by processing the representative hash value is position information recorded in the second database. Include.

In this case, the aforementioned anchoring condition is (i) a condition in which a predetermined number of specific hash values and neighboring hash values are obtained or generated, (ii) a condition that a predetermined time elapses, and (iii) a block in the first database. This may include at least one of the generated conditions, (iv) conditions for service characteristics.

The operation of a particular hash value and at least one neighbor hash value may be performed by various functions. A particular hash value is denoted by input, and at least one neighboring hash value is represented by x1, x2,... , represented by xn, can be represented by the following equation.

In this case, the card company server may store and manage the specific hash value and the at least one neighbor hash value in a predetermined data structure. The data structure may vary, for example, may be a merkle tree structure. In this case, the calculation of the specific hash value and at least one neighbor hash value may be performed through the Merkle tree.

That is, the card company server may generate or support a merkle tree in which the specific hash value is assigned to a leaf node, or may be generated by another device. When the anchoring condition is satisfied, the card company server may match the specific hash value. Obtain the representative hash value or the processed value of the representative hash value generated by hashing together the hash values assigned to at least one other leaf node, and writing the obtained value to the second database or to another device. Can help you record.

The card company server may record the hash value finally assigned to the root node of the Merkle tree as the representative hash value in the second database or support another device to record it. At this time, a value obtained by processing the representative hash value may be recorded. For example, the result of performing the hex operation may be registered in the representative hash value.

Meanwhile, when the card company server stores the specific hash value and the at least one neighbor hash value in a predetermined first data structure, and then stores and manages a second data structure having the same form as the first data structure, The first data structure and the second data structure may be connected in a chain form.

In particular, when the first data structure and the second data structure are Merkle trees as in the above-described example, the root value of the first data structure or the hash value of the root value is the first leaf of the second data structure. Can be assigned to a node.

In addition, when the second data structure is generated, verification of the first data structure is performed to more surely ensure the integrity of the data.

In addition, when the Merkle tree is the first Merkle tree among at least one Merkle tree connected in a chain form, the first leaf node of the Merkle tree has a hash value of a predetermined message data consisting of text, numbers, or symbols or the same. One value can be assigned. For example, a hash value of an input message initially assigned by a card company server may be assigned when generating a merkle tree.

8 and 9 illustrate examples of merkle trees created in accordance with the present invention.

8 shows a Merkle tree with a number of leaf nodes 4 (2 ² ). Since the illustrated Merkle tree is the first Merkle tree (tree_id = 0), it can be seen that the hash value SHA256 (PrivBC_unique_message) of the predetermined message data PrivBC_unique_message is assigned to the h1 node which is the first leaf node. If there is a registration of transactions, the card company server creates a next leaf node of the last leaf node of the current Merkle tree, and assigns a specific hash value or a processed value of a hash value, or allows another device to assign it. do. For example, in the merkle tree of FIG. 8, when the value assignment is completed from the previous step to the second leaf node h1 node, the next leaf node h2 is created to process a specific hash value or a specific hash value (SHA256 ( input2)) can be assigned. In addition, the card company server may support to calculate or calculate (i) a specific hash value and (ii) a hash value assigned to the h3 node which is a sibling node of the h2 node which is the third leaf node to which the specific hash value is assigned. have. The hash value for the operation value that is the result of the operation is assigned to the parent node (h23 node) of the h2 node and the h3 node. Since the parent node (h23 node) is not the root node of the Merkle tree, the card company server may repeat the process by using the hash value assigned to the h23 node as the specific hash value. That is, the hash value assigned to the h23 node is designated as a specific hash value, and the hash value assigned to the h23 node and the hash value assigned to the h01 node are calculated and assigned to the parent node (h0123) node of the h23 node and the h01 node. have. At this time, since the h0123 node is the root node of the Merkle tree, the card company server records the hash value assigned to the h0123 node or the processed value hex (h {node_index}) in the second database or causes another device to record it. Can be supported.

To describe this recursively, when the anchoring condition is satisfied, (x1) the card company server is connected to (i) the sibling node of a specific node to which the specific hash value and (ii) the specific hash value are assigned. Hashing the assigned hash values together or allowing other devices to hash, assigning a hash value for the computed value that is the result of the operation to the parent node of the particular node, or allowing another device to assign it ( x2) if the parent node is the root node of the Merkle tree, support to record the hash value assigned to the parent node to the second database as the representative hash value or to allow other devices to record (x3) the parent node; If is not the root node of the Merkle tree, repeating the (x1) to (x3) by using the hash value assigned to the parent node as the specific hash value All.

In a second embodiment, hash values-(i) specific registration information including a specific push token ID and a specific user's public key or a hash value of a specific registration transaction which is a value obtained by processing the specific registration information, or (ii) a specific terminal. A hash value of a transaction information including at least a portion of an identification information hash value, the specific push token ID, and the specific payment target information, or a specific payment content proof transaction that is a processed value thereof-when the number of leaf nodes is obtained, each hash value is obtained. It may be an input value (value assigned to the leaf node) of the aforementioned merkle tree.

Also, the card company server may generate the root value of the aforementioned Merkle tree on a predetermined time unit (the (ii) anchoring condition). In this case, when a predetermined time elapses, the card company server may generate a Merkle tree using the input values up to that time, record the root value of the Merkle tree in a second database, or support another device to record.

In this case, however, a value may not be assigned to a sibling node of a node to which a specific hash value of the Merkle tree is assigned even after a predetermined time has elapsed. In this case, when a predetermined anchoring condition is satisfied and a hash value is not assigned to a sibling node of a node to which the specific hash value is assigned, the card company server allocates a predetermined hash value to the sibling node or causes another device to execute the hash value. The allocation may be supported so that the root value of the Merkle tree is calculated in the above-described manner. For example, the card company server may duplicate the specific hash value and allocate the specific hash value to the sibling node or support another device to allocate it.

In addition, the service characteristic is a company type that is a management entity of the server involved in the recording, cost information paid by the entities using the payment agent service, time zone information on which the transaction is recorded, local information on the record, and the server involved in the recording. It can be at least part of the information. However, it is not limited to what was described here.

On the other hand, if the creation of a new Merkle tree is started and the anchoring condition is satisfied in the absence of receiving a transaction, the card company server determines that the Merkle tree is assigned to the first leaf node and the second leaf node. It is possible to generate or support other devices to generate, and to record the root value or the processed value of the Merkle tree in a second database or allow other devices to record. In this case, for example, a leaf tree of two leaf nodes may be generated.

Meanwhile, as described above, the card company server stores the specific hash value and the at least one neighboring hash value in a predetermined first data structure, and then stores and manages a second data structure having the same form as the first data structure. In this case, the first data structure and the second data structure may be connected in a chain form. In particular, when the first data structure and the second data structure are Merkle trees, a root value of the first data structure or a hash value of the root value may be allocated to the first leaf node of the second data structure. .

9 illustrates a Merkle tree generated as the second data structure according to the present invention.

Referring to FIG. 9, it can be seen that the root value hex (h0123) of the merkle tree (tree_id = 0) of FIG. 8 is assigned to the first leaf node (h4 node) of the new merkle tree. The present invention has an advantage of easily tracking even when data modulation occurs in the middle by connecting a plurality of data structures generated when a transaction occurs, thereby improving the integrity of the data.

In addition, the registration method of the certificate according to the second embodiment of the present invention, additionally, at least one that the card company server is matched with the hash value of the at least one registration transaction recorded in the first database periodically (periodically) A second representative hash value or a second representative hash recorded in the second database corresponding to a first representative hash value or a value obtained by processing the first representative hash value generated by hashing the neighboring hash values of The method may further include verifying an integrity of the first database by verifying whether a value matches a processed value (not shown).

As an example, the first and second databases may be blockchain databases. In this case, the first database may be a private blockchain database, and the second database may be a public blockchain database.

However, the present disclosure is not limited thereto, and a person skilled in the art may understand that the first database may be a private blockchain database or a public blockchain database, and likewise, the second database may be a private blockchain database or a public blockchain database. I can understand.

Next, a method of providing a payment agent service according to the second embodiment will be described. The same technical features as the above-described first embodiment will not be repeatedly described, and only differences will be described in detail.

Referring to FIG. 3, in the method of providing a payment agent service according to the second embodiment of the present invention, after the above-described step (not shown), when the anchoring condition is satisfied, the card company server is connected to the payment agent server. At least one neighbor hash value that matches a specific hash value that is a hash value of the proof of payment transaction, wherein the neighbor hash value comprises: (i) specific registration information including a specific push token ID and a specific user's public key; A hash value of a specific registration transaction, which is a value of processing specific registration information, or (ii) a transaction information including at least a part of a hash value of a specific terminal identification information, the specific push token ID, and specific payment target information, or a specific payment content that is a processing value thereof Is a hash value of the attestation transaction-the second data is a representative hash value generated by hashing together or a value obtained by processing the representative hash value. And recording (e.g., noting) a transaction ID, wherein the representative hash value or the value processed by the representative hash value is location information recorded in the second database (not shown). Same as described in the registration method. That is, since the process of generating the representative hash value from the specific hash value and recording it in the second database is the same as described above, redundant description will be omitted.

In addition, the payment agent service providing method according to the second embodiment of the present invention, in addition, the card company server, periodically matching the hash value of the at least one payment content proof transaction recorded in the first database (periodically) A second representative hash value or a second representative hash value recorded in the second database corresponding to the first representative hash value generated by hashing together at least one neighboring hash value, or a value obtained by processing the first representative hash value. The method may further include verifying an integrity of the first database by verifying whether the representative hash value matches the processed value.

Third embodiment

Next, a third embodiment of a method of providing a payment agent service according to the present invention will be described. In the following description, the same technical features as those of the first and second embodiments will not be described repeatedly, and only differences will be described in detail. Like the first embodiment, the third embodiment does not include a technical feature for calculating a representative hash value through calculation with a neighbor hash value, for example, a technical feature using a Merkle tree. It is different.

5 is a sequence diagram schematically illustrating a method of registering a certificate for providing a payment agent service according to the present invention.

Referring to FIG. 5, firstly, in the present invention, a user accesses an app store to download an app for providing a billing service according to the present invention through the user terminal and downloads the app. It is assumed that the procedure of receiving (S501) and the procedure of installing the app on the user terminal (S502) are completed.

In FIG. 5, a payment agent server is divided into a payment agent management server and a payment agent authentication server for convenience of description, but a single payment agent server functions as a payment agent management server and a payment agent authentication server shown in FIG. 5. Of course it can be done.

Referring to FIG. 5, a method of registering a certificate for providing a payment gateway service according to a third embodiment of the present invention includes a user authentication information or a processed value thereof from a user terminal, and the user terminal to the user terminal. When a first push token ID (PushTokenID), which is a unique identifier generated by the user terminal (S515), is transferred for pushing, in step S520, the payment agent server may include the identity authentication information or a processed value thereof, and And transmitting (S525) the first push token ID to a card company server (S520 and S525).

Next, in the certificate registration method according to the third embodiment, if the authentication result is obtained from the card company server, and the authentication result is successful (S545), the payment agent server delivers the authentication result to the user terminal. In operation S 550, the user terminal further includes the operations S 555 and S 560 for generating and storing the key pair including the public key and the private key of the user, in step S 555 and S 560.

The key pair may be generated and stored to correspond to the PIN code input to the user terminal.

Referring back to FIG. 5, in the method for registering a certificate according to the third embodiment, a second push token ID and a public key of the user are obtained from the user terminal (S565), and the first push token ID and the first push key are obtained. If the two push token IDs match, the payment agent server manages the first push token ID or the second push token ID as an integrated push token ID, and includes registration information including the integrated push token ID and the public key. It further includes the steps (S565 to S580) for storing (S570, S575).

In steps S565 to S580, the payment agent server may transmit a certificate registration completion message indicating registration of the certificate to the user terminal.

When the payment agent server is configured to include a payment agent management server and a payment agent authentication server, the steps (S565 to S580), the second push token ID and the public key of the user is obtained from the user terminal, If the first push token ID and the second push token ID coincide, the payment agency management server transfers the integrated push token ID and the public key to the payment agency authentication server (S570), so that the payment agent authentication server It may be characterized in that for supporting to hold the integrated push token ID and the public key (S575).

Next, in the registration method of the certificate according to the third embodiment, the payment agent server records the registration information or the value obtained by processing the registration information on the database as a registration transaction of the certificate or to the payment agent server. The method may further include steps S585 and S590 for supporting the interworking device to record.

In FIG. 5, the steps S585 and S590 are shown to be performed after the steps S565 to S580. However, this is only one example. In steps S585 and S590, only the registration information is retained by the payment agent server. If so, it may be performed at any time after the steps S545 to S560.

Meanwhile, as described above, a method of registering a certificate in order to provide a payment agent service according to the third embodiment of the present invention will be described based on the card company server. Or a value obtained by processing the same, and a first push token ID (PushTokenID), which is a unique identifier generated by the user terminal for pushing to the user terminal, is transmitted through a payment agent server, the card company server, A process of delivering authentication request information including identity authentication information or a processed value to a card company member ledger server, and terminal identification information and the first push token as information for identifying the user terminal included in the identity authentication information; Performing a process of storing an ID; And obtaining an authentication result corresponding to the authentication request information from the card company member ledger server, and if the authentication result is successful, transmitting the authentication result to the payment agent server by the card company server.

Next, a method of providing a payment agent service according to the third embodiment will be described based on the above-described certificate.

6 is a sequence diagram schematically illustrating a method for providing a payment agency service according to the present invention. In FIG. 6, a payment agent server is divided into a payment agent management server and a payment agent authentication server for convenience of description, but a single payment agent server functions as a payment agent management server and a payment agent authentication server shown in FIG. 6. Of course it can be done.

Referring to FIG. 6, the method for providing a billing service according to the third embodiment of the present invention is information for identifying a user terminal from a service provider server which is a server of a service provider in response to a user's payment request (S605). When the terminal identification information hash value, the payment target information, and the service provider authentication information, which are the result of hashing the terminal identification information, are acquired as the payment reception request information (S610), the payment agency server may (i) add to the payment reception request information. A process of transmitting payment result information corresponding to the terminal identification information hash value and the order number included in the payment target information to the service provider server (S625) and (ii) the payment in response to the payment reception request information. A program for transmitting authentication request information, which is information for requesting authentication of the target information and the payment target information, to the user terminal. Performing a process (S630).

Next, in the payment agent service providing method according to the third embodiment of the present invention, the payment approval request information including the second push token ID is obtained under the user's approval (S635) as a response to the authentication request information. S640), and when the first push token ID included in the authentication request information and the second push token ID match, the payment agent server integrates the first push token ID or the second push token ID into an integrated push token. Managing as an ID, and the step (S635 to S650) to verify the validity of the payment approval request information (S645, S650).

As in the first and second embodiments described above, payment approval based on the payment approval request information may include a method using random nonce and a method using a timestamp.

In the method using a random nonce, the process (S630) is characterized in that the payment agent server delivers the authentication request information including the random nonce and the payment target information to the user terminal. The payment approval request information includes the second push token ID, a random nonce signature value that is a result of signing the random nonce with the private key of the user, and the public key of the user. In step S645, the payment is performed. The agent server may verify the validity of the payment approval request information by using the user's public key and the random nonce signature value. The method of verifying the validity of the random nonce signature value is as described above.

On the other hand, in the method using a time stamp, the payment approval request information, the second stamp token ID, a time stamp signature value that is a result of signing a predetermined time stamp with the user's private key, and the user's public key In operation S645, the payment agent server verifies the validity of the payment approval request information by using the public key of the user and the timestamp signature value, and corresponds to the first timestamp signature value. When a time interval between a time and a second time, which is a time at which the validity of the payment approval request information is verified, is equal to or greater than a set value, the payment approval request information may be determined to be invalid.

Next, referring to FIG. 7, which further illustrates specific steps of the method illustrated in FIG. 6 and FIG. 6, the payment proxy service providing method according to the third embodiment of the present invention may include: If valid, the payment agency server (the payment agency server of FIG. 7 is configured to include a payment agency management server and a payment agency authentication server), the card company server (in Figure 7 card company server includes a card company management server and card company authentication server And configured to process card authorization according to the payment authorization request information (S655 and S660).

Referring back to FIG. 6, the payment agent server transmits a payment approval result obtained from the card company server to at least one of the service provider server and the user terminal with respect to payment approval request information delivered according to the user's approval. (S665, S670).

6, in the payment agent service providing method according to the third embodiment of the present invention, the payment agent server may include at least one of the terminal identification information hash value, the integrated push token ID, and the payment target information. The method may further include recording the transaction information including the portion or the processed value thereof on the database as a payment contents verification transaction or by allowing another device linked to the payment agent server to record the data (S680 and S685). .

Referring to FIG. 7 again, when the payment agency server is configured to include a payment agency management server and a payment agency authentication server, and the random request is included in the authentication request information, the process (S630) may include the payment agency management server. The first push token ID, the payment target information, and the authentication request information may be transmitted to the user terminal in response to the payment reception request information. The steps S635 to S650 may include the authentication request. In response to the information, a random nonce signature value, the second push token ID, and the public key of the user, which are the result of signing the random nonce with the private key of the user (S636 and S637) under the user's approval (S635). When payment approval request information including information is obtained from the user terminal (S640), the payment agency management server, the random nonce signature value and the By passing a public key to the payment agency authentication server (S645), it is possible to support the payment agency authentication server to verify the validity of the payment approval request information, and the steps (S655 and S660), the payment If the authorization request information is valid, the payment agency management server transmits the payment authorization request information to the card company server (S655) to allow the card company server to process card information for processing the card authorization according to the payment authorization request information. It may be characterized in that for supporting the card authorization processing (S656, S657).

Referring back to FIG. 6, in the payment agent service providing method according to the third embodiment of the present disclosure, when the card approval is completed, the payment agent server displays a payment approval result indicating that the card approval is completed. And transmitting to at least one of the service provider server (S665, S670).

As described above, the method of providing the payment agency service according to the third embodiment of the present invention will be described again based on the card company server. The terminal identification information hash value, the payment target information, and the service provider authentication information, which are the result of hashing the terminal identification information, which is information for identifying the user terminal, from the service provider server which is a server, are acquired by the payment agent server as the payment reception request information. And the authentication request information, which is information for requesting authentication of the payment target information and the payment target information, by the payment agent server, is transmitted to the user terminal, and in response to the authentication request information, The payment authorization request information passed to the billing server is valid Acquiring, by the card company server, the payment approval request information from the payment agency server; And processing, by the card company server, the card approval using card information for processing card approval according to the obtained payment approval request information.

Fourth embodiment

Finally, a fourth embodiment of a method of providing a payment agent service according to the present invention will be described. In the following description, the same technical features as those of the above-described third embodiment will not be repeated, and only differences will be described in detail. The fourth embodiment further includes all the technical features of the third embodiment, and further includes a technical feature for calculating a representative hash value through calculation with neighboring hash values as in the second embodiment, for example, a technical feature using a Merkle tree. .

Specifically, referring back to FIG. 5, in the method of registering a certificate for providing a payment agency service according to the fourth embodiment of the present invention, if the anchoring condition is satisfied after the step (not shown) of the third embodiment, At least one neighbor hash value of which the payment agent server matches a specific hash value that is a hash value of the registration transaction, wherein the neighbor hash value includes: (i) specific registration information including a specific push token ID and a specific user's public key; Or a hash value of a specific registration transaction, which is a value of processing the specific registration information, or (ii) a transaction information including at least some of a specific terminal identification information hash value, the specific push token ID, and specific payment target information, or a value that is processing the same. It is a hash value of the transaction of proof of payment contents-a second hash value generated by hashing together or a value obtained by processing the representative hash value. Recording to a database or allowing the other device to record, and obtaining a transaction ID (not shown) in which the representative hash value or a value obtained by processing the representative hash value is position information recorded in the second database; It includes more.

As described above, the method of recording the representative hash value or the processed value of the representative hash value in the second database is different only in that the subject performing the same is not the card company server but the payment agent server. As described above, it will be omitted.

In addition, referring back to FIG. 6, in the method of providing a payment agent service according to the fourth embodiment of the present invention, if the anchoring condition is satisfied after the step (not shown) of the third embodiment, the payment agent server, At least one neighbor hash value that matches a specific hash value that is a hash value of the proof of payment transaction-The neighbor hash value includes: (i) specific registration information or a specific user's public key including a specific push token ID and a specific user's public key; A hash value of a specific registration transaction, which is a value of processing registration information, or (ii) Transaction information including at least some of the specific terminal identification information hash value, the specific push token ID, and specific payment target information, or proof of a specific payment content that is processing value thereof. Represents a hash value generated by hashing together a transaction or a value obtained by processing the representative hash value. Or support to enable the recording to the other device, and further comprising the step (not shown) to the value processing of the representative hash value or the representative hash value obtained for the transaction ID, the position information recorded in the second database.

Through all the embodiments of the present invention described above, it is possible to provide a credit card settlement agent service at a low cost with security and usability, and to prevent unauthorized copying or forgery, thereby providing reliability and security of the credit card settlement system. There is an effect to improve.

Advantages of the technology described herein as the above embodiments, the forgery of payment-related information such as public key, hash value, etc. is virtually impossible to ensure the reliability of the payment system, risk of exposing credit card information in the flow of payment It is possible to minimize the number of transactions and to record transactions in the blockchain of virtual currency, thereby facilitating the management of information on card payments and at the same time improving the integrity for error prevention.

Based on the description of the above embodiment, a person skilled in the art can clearly understand that the present invention can be achieved through a combination of software and hardware or by hardware alone. The objects contributing to the object of the technical solution or the prior art of the present invention may be embodied in the form of program instructions that can be executed by various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the computer-readable recording medium may be those specially designed and configured for the present invention, or may be known and available to those skilled in the art. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs, DVDs, and magneto-optical media such as floptical disks. media), and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform the process according to the invention, and vice versa. The hardware device may include a processor, such as a CPU or a GPU, coupled with a memory such as a ROM / RAM for storing program instructions and configured to execute instructions stored in the memory, and may exchange signals with an external device. It may include a communication unit. In addition, the hardware device may include a keyboard, a mouse, and other external input devices for receiving instructions written by developers.

Although the present invention has been described by specific embodiments such as specific components and the like, but the embodiments and the drawings are provided to assist in a more general understanding of the present invention, the present invention is not limited to the above embodiments. For those skilled in the art, various modifications and variations can be made from these descriptions.

Accordingly, the spirit of the present invention should not be limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the appended claims, fall within the scope of the spirit of the present invention. I will say.

Claims (31)

As a registration method of a certificate for providing a payment gateway service using a database, (a) the card company if the first authentication token or the processed value from the user terminal and the first push token ID (PushTokenID), which is a unique identifier generated by the user terminal for pushing to the user terminal, are delivered, Supporting, by the server, the user terminal to generate and store a key pair including the public key and the private key of the user; (b) if a second push token ID and the public key of the user are obtained, and the first push token ID and the second push token ID match, the card company server, the first push token ID or the second push token ID; Managing a push token ID as an integrated push token ID and storing registration information including the integrated push token ID and the public key or allowing another device to store it; And (c) when the registration information is stored, the card company server, (i) a terminal identification information hash value that is a result of hashing terminal identification information which is information for identifying the user terminal, and (ii) the integrated push. Assisting the payment agency server to manage the user identification information by transferring user identification information including a token ID to a payment agent server or by allowing another device to deliver the user identification information. How to include. The method of claim 1, After step (b), (d) The card company server records registration information including the integrated push token ID and the public key or a value obtained by processing the registration information on the database as a registration transaction of the certificate or is linked to the card company server. Supporting the device to record Method further comprising a. The method of claim 1, In step (a), (a1) When the identity authentication information or a value processed therein and the first push token ID are transmitted, the card company server sends authentication request information including the identity authentication information or the processed value to the card company member ledger server. Performing a process of forwarding and storing the terminal identification information and the first push token ID; And (a2) An authentication result corresponding to the authentication request information is obtained from the card company member ledger server, and if the authentication result is successful, the card company server delivers the authentication result to the user terminal or causes another device to deliver it. Supporting the user terminal to generate and store the key pair so as to correspond to a PIN code inputted to the user terminal Method comprising a. The method of claim 1, The card company server includes a card company management server and a card company authentication server, In step (b), If the second push token ID and the public key of the user are obtained, and the first push token ID and the second push token ID coincide, the card company management server sends the integrated push token ID and the public key. Delivering to the card company authentication server to support the card company authentication server to hold the integrated push token ID and the public key or to be held by another device. The method of claim 1, In step (c), The card company server, characterized in that for transmitting the certificate registration complete message indicating the registration of the certificate to the user terminal or to allow other devices to deliver. The method of claim 1, The identity verification information, And at least one of a name of the user, a telephone number of the user, a card number, and a card verification value (CVC). The method of claim 1, The terminal identification information, And the telephone number of the user corresponding to the user terminal. The method of claim 2, The database is a blockchain database of virtual currency, The blockchain database is a public blockchain database or a private blockchain database. As a registration method of a certificate for providing a payment gateway service using a database, (a) (i) Passing identity authentication information or a processed value from the user terminal, and a first push token ID (PushTokenID) which is a unique identifier generated by the user terminal for pushing to the user terminal. The received card company server supports the user terminal to generate and store a key pair including the public key and the private key of the user, (ii) a second push token ID and the user's public key are obtained, and The first push token ID and the second push token ID match, so that the card company server manages the first push token ID or the second push token ID as an integrated push token ID, and the integrated push token ID and the public disclosure. A terminal formula that stores payment information including a key and is information for identifying a user terminal from the card company server by the payment agent server while the registration information is stored. The hash value calculated as a result of the terminal identification information, the hash value, and further comprising: support to obtain or acquire cause the other device to the user identification information including the integrated push token ID; And (b) if the user identification information is obtained, by the payment agent server, managing the user identification information or supporting another device to manage the identification information; How to include. As a method of providing a payment gateway service using a database, (a) when payment receipt request information including a first push token ID (PushTokenID) corresponding to the user terminal and payment target information is obtained from a payment agent server according to a user's payment request, the card company server, (i) the user; Transmitting, to the payment agency server, payment acceptance result information including the terminal identification information hash value which is a result of hashing the terminal identification information which is information for identifying the terminal; and (ii) in response to the payment reception request information. Performing a process of delivering to the user terminal authentication request information, which is payment object information and information for requesting authentication of the payment object information, or supporting another device to perform; (b) if payment approval request information including a second push token ID is obtained under the user's approval as a response to the authentication request information, and the first push token ID and the second push token ID match, the Managing, by the card company server, the first push token ID or the second push token ID as an integrated push token ID, and validating the payment approval request information or supporting another device to verify it; And (c) the card company server processing the card approval according to the payment approval request information if the payment approval request information is valid. How to include. The method of claim 10, The process (ii) of the step (a), The card company server, characterized in that for transmitting the authentication request information and the payment target information including a random nonce (random nonce) to the user terminal, In step (b), The payment approval request information includes the second push token ID, a random nonce signature value that is a result of signing the random nonce with the private key of the user, and the public key of the user, And the card company server verifies the validity of the payment approval request information using the public key of the user and the random nonce signature value. The method of claim 10, In step (b), The payment approval request information includes the second push token ID, a timestamp signature value that is a result of signing a predetermined timestamp with the user's private key, and the user's public key. The card company server verifies the validity of the payment approval request information using the public key of the user and the timestamp signature value, And when the time interval between the first time corresponding to the timestamp signature value and the second time, which is a time at which the validity of the payment approval request information is validated, is equal to or greater than a predetermined value, determining that the payment approval request information is invalid. How to. The method of claim 10, (d) when the card approval is completed, the card company server transferring the payment approval result indicating that the card approval is completed to at least one of the user terminal and the payment proxy server. Method further comprising a. The method of claim 13, In step (d), The card company server transmits the payment approval result to the payment agency server, causing the payment agency server to include at least a portion of the terminal identification information hash value, the integrated push token ID, and the payment target information. Or recording the processed value on the database as a proof of payment transaction. The method of claim 10, The card company server includes a card company management server, card company authentication server and card company approval server, The authentication request information further includes a random nonce, The process (ii) of the step (a), The card company management server, in response to the payment reception request information, the first push token ID, the payment object information and authentication request information to the user terminal or to support the other device to deliver, In step (b), In response to the authentication request information, a payment approval request including a random nonce signature value, the second push token ID, and the user's public key that are the result of signing the random nonce with the user's private key under the user's approval. When the information is obtained from the user terminal, the card company management server, by passing the random nonce signature value and the public key to the card company authentication server to support the card company authentication server to verify the validity of the payment approval request information Characterized in that, In step (c), If the payment approval request information is valid, the card company management server sends the card information for processing the card approval according to the payment approval request information to the card company approval server so that the card company approval server uses the card information. And support processing the card authorization. The method of claim 10, The payment target information, Order number, identification information of the card company, identification information of the service provider, predetermined additional information provided by the service provider, the name of the payment object, the price of the payment object, whether or not a partial payment, the identification of the currency as a means of payment And at least one of information, a name of the user, an address of the user, a date and time of payment approval, and status information of the payment. The method of claim 10, Authorization of the user, And determining the validity of the PIN code input to the user terminal. As a method of providing a payment gateway service using a database, (a) In response to a user's payment request, a terminal identification information hash value, payment target information, and service provider authentication information, which is a result of hashing terminal identification information, information for identifying a user terminal, from a service provider server which is a server of a service provider. If is obtained, the payment agent server, the payment request information including the first push token ID (PushTokenID) and payment object information corresponding to the user terminal to pass to the card company server or to support other devices to deliver; (b) when the payment reception result information including the terminal identification information hash value and the order number included in the payment target information is obtained from the card company server, the payment agency server sends the payment reception result information to the service provider server. Delivering to or supporting other devices to deliver; And (c) the user under the approval of the user in response to the authentication request information, which is information for requesting authentication of the payment object information and the payment object information transmitted from the card company server to the user terminal in response to the payment reception request information. The payment approval result obtained by referring to payment approval request information transmitted from the terminal to the card company server is successful is transmitted from the card company server, and the second push token ID included in the payment approval request information is the first push token. If the IDs match, the payment agent server manages the first push token ID or the second push token ID as an integrated push token ID, the terminal identification information hash value, the integrated push token ID, and the payment target. Transaction information including at least a part of the information, or a processed value of the proof of payment content transaction A step that supports recording on the record to the database or to allow other devices to be linked to the settlement server How to include. The method of claim 18, In step (c), The payment agent server, characterized in that for transmitting the payment approval result obtained from the card company server with respect to the payment approval request information delivered in accordance with the user's approval to the at least one of the service provider server and the user terminal. A card company server that performs a certificate registration method to provide a payment gateway service using a database. Receives the user authentication information or the processed value from the user terminal, and a first push token ID (PushTokenID) which is a unique identifier generated by the user terminal for pushing to the user terminal, or is transmitted to another device. Communication unit to support receiving; And (i) a process of assisting the user terminal to generate and store a key pair including the public key and the private key of the user if the identity information or the processed value thereof and the first push token ID are passed; (ii) when the second push token ID and the public key of the user are obtained, and the first push token ID and the second push token ID match, the first push token ID or the second push token ID. Managing as an integrated push token ID and storing registration information including the integrated push token ID and the public key; and (iii) if the registration information is stored, (i) information for identifying the user terminal. The payment agent by transmitting the terminal identification information hash value, which is a result of hashing the terminal identification information, and (ii) user identification information including the integrated push token ID to a payment agent server. Allow the credit card company server, a processor for performing a process that helps manage the user identification information. The method of claim 20, The processor, Support to record the registration information including the integrated push token ID and the public key or a value obtained by processing the registration information on the database as a registration transaction of the certificate or by another device linked to the card company server. Card company server characterized in that. The method of claim 20, The processor, A process of delivering, to the card company member ledger server, authentication request information including the identity authentication information or the processed value thereof and the first push token ID, the identity authentication information or the processed value thereof; and the terminal identification. Perform a process of storing information and the first push token ID, An authentication result corresponding to the authentication request information is obtained from the card company member ledger server, and if the authentication result is successful, the user terminal transmits the authentication result to the user terminal to the PIN code input to the user terminal. Card company server, characterized in that for supporting to generate and store the key pair. The method of claim 20, The processor, Card company server, characterized in that for transmitting the certificate registration complete message indicating the registration of the certificate to the user terminal. A payment agent server that performs a registration method of a certificate to provide a payment gateway service using a database. (i) the card company server which has received the personal authentication information or the processed value from the user terminal and a first push token ID (PushTokenID) which is a unique identifier generated by the user terminal for pushing to the user terminal; Allow the user terminal to generate and store a key pair comprising the user's public key and a private key, (ii) a second push token ID and the user's public key are obtained, and the first push token The ID and the second push token ID coincide with each other, so that the card company server manages the first push token ID or the second push token ID as an integrated push token ID and includes the integrated push token ID and the public key. Storing the registration information and hashing the terminal identification information which is information for identifying the user terminal from the card company server while the registration information is stored. A communication unit for obtaining user identification information including a terminal identification information hash value as a result value and the integrated push token ID or for allowing other devices to obtain the identification information; And And the processor for managing the user identification information when the user identification information is obtained. A card company server performing a method of providing a payment gateway service using a database. A communication unit for acquiring payment reception request information including a first push token ID (PushTokenID) corresponding to a user terminal and payment object information from a payment agent server or for allowing another device to obtain information according to a user's payment request; And When the payment acceptance request information is obtained, (i) transmitting the payment acceptance result information including the terminal identification information hash value which is a result of hashing the terminal identification information which is information for identifying the user terminal, to the payment agency server. And (ii) a process of transmitting to the user terminal or supporting other devices to transmit authentication request information, which is information for requesting authentication of the payment object information and the payment object information, in response to the payment reception request information. Include processors that perform If the processor receives payment approval request information including a second push token ID under the user's approval as a response to the authentication request information, and the first push token ID and the second push token ID match, Manage the first push token ID or the second push token ID as an integrated push token ID, validate the payment approval request information or support another device to verify; If the payment approval request information is valid, the card company server, characterized in that for processing the card authorization according to the payment approval request information. The method of claim 25, The processor, And transmitting the authentication request information and the payment target information including a random nonce to the user terminal. The payment approval request information includes the second push token ID, a random nonce signature value that is a result of signing the random nonce with the private key of the user, and the public key of the user, The processor, Card company server, characterized in that for validating the payment authorization request information using the user's public key and the random nonce signature value. The method of claim 25, The payment approval request information includes the second push token ID, a timestamp signature value that is a result of signing a predetermined timestamp with the user's private key, and the user's public key. The processor, Validating the payment approval request information by using the user's public key and the timestamp signature value, And when the time interval between the first time corresponding to the timestamp signature value and the second time, which is a time at which the validity of the payment approval request information is validated, is equal to or greater than a predetermined value, determining that the payment approval request information is invalid. Card company server. The method of claim 25, The processor, When the card approval is completed, the card company server, characterized in that for transmitting the payment approval result indicating that the card approval is completed to at least one of the user terminal and the payment agent server. The method of claim 28, The processor, By transmitting the payment approval result to the payment agency server, the payment agency server to the transaction information or the processed value including at least some of the terminal identification information hash value, the integrated push token ID, and the payment target information The card company server, characterized in that for supporting the recording on the database as a proof of payment transaction. A payment agent server performing a method of providing a payment gateway service using a database, In response to a user's request for payment, obtain a terminal identification information hash value, payment target information, and service provider authentication information, which are a result of hashing terminal identification information, information for identifying a user terminal, from a service provider server, which is a server of a service provider; A communication unit supporting other devices to acquire; And (i) When the terminal identification information hash value, the payment target information, and the service provider authentication information are obtained, payment reception request information including a first push token ID (PushTokenID) and payment target information corresponding to the user terminal is obtained. A process of delivering to the card company server; and (ii) when the payment acceptance result information including the terminal identification information hash value and the order number included in the payment target information is obtained from the card company server, the service acceptance result information is transmitted to the service provider. And (iii) a response to the authentication request information, which is information for requesting authentication of the payment object information and the payment object information transmitted from the card company server to the user terminal in response to the payment reception request information. Transferred from the user terminal to the card company server with the user's approval When the payment approval result obtained by referring to payment approval request information is successful, the card company server is transmitted, and when the second push token ID included in the payment approval request information matches the first push token ID, the first push token ID is determined. Transaction information or a processed value of the push token ID or the second push token ID is managed as an integrated push token ID and includes at least some of the terminal identification information hash value, the integrated push token ID, and the payment target information. And a processor for performing a process of supporting a recording by the other device interworking with the payment agent server or recording on the database as a proof of payment transaction. The method of claim 30, The processor, The payment agency server, characterized in that for transmitting the payment approval result obtained from the card company server with respect to the payment approval request information delivered in accordance with the user's approval to at least one of the service provider server and the user terminal.

Images