WO2001084460A1 - Authentication and payment card for automatically updating user numbers, and authentication payment system and method using the card - Google Patents

Authentication and payment card for automatically updating user numbers, and authentication payment system and method using the card Download PDF

Info

Publication number
WO2001084460A1
WO2001084460A1 PCT/KR2000/001570 KR0001570W WO0184460A1 WO 2001084460 A1 WO2001084460 A1 WO 2001084460A1 KR 0001570 W KR0001570 W KR 0001570W WO 0184460 A1 WO0184460 A1 WO 0184460A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
payment
user number
user
card user
Prior art date
Application number
PCT/KR2000/001570
Other languages
French (fr)
Inventor
Deok-Woo Kim
Sang-Hyun Han
Cheol-Kyun Jung
Original Assignee
Woori Technology Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020000058001A external-priority patent/KR100581342B1/en
Priority claimed from KR1020000064415A external-priority patent/KR20010100750A/en
Application filed by Woori Technology Inc. filed Critical Woori Technology Inc.
Priority to JP2001581200A priority Critical patent/JP2004508612A/en
Priority to AU2001227116A priority patent/AU2001227116A1/en
Publication of WO2001084460A1 publication Critical patent/WO2001084460A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • the present invention relates to an authentication and payment card for
  • the present invention relates to an
  • Korea include the fact that the Korean buyer is more conservative than
  • buyer's credit card is transmitted via an open network such as the Internet, and
  • FIG. 1 shows a buying process via an on-line shopping
  • the encrypted and transmitted order sheet is
  • the credit card number is a credit card number
  • the credit card When receiving an approval request of a credit line, the credit card
  • the shopping mall displays a transaction allowance or denial message
  • FIG. 2 shows an exemplified drawing of a case when a transaction on
  • information to be transmitted may be exposed to other people 206 via
  • a network e.g., Internet
  • a network e.g., Internet
  • the device can only be
  • the conventional methods cannot protect illegal use of credit card numbers by a hacker when the hacker looks at a user from behind when
  • FIG. 3 shows a card user number system used by conventional credit
  • a reference numeral 302 represents a unique card
  • a reference numeral 304 indicates a card grade
  • a reference numeral 304 indicates a card grade
  • reference numeral 306 determines whether the card is for a person or a
  • Reference numerals 308 to 312 shows personal information, and in
  • the reference numeral 308 represents an identification (ID) number
  • reference numeral 310 indicates a subscriber classification for representing a
  • a reference number 314 represents an error
  • checking number for checking a number theft or a random number input trial is a checking number for checking a number theft or a random number input trial.
  • the credit card company approves the request.
  • one-time password (OTP) security token security token
  • security card security card
  • one-time ID security token
  • this method only performs user authentication
  • a payment system connected to a buyer's payment card and a seller's transaction system via a network, and including a database for storing card user numbers
  • a payment card comprises:
  • an input unit a memory for storing a plurality of encrypted card user numbers; a
  • a payment system comprises: a
  • FIG. 1 shows an on-line buying process at a shopping mall using the
  • FIG. 2 shows a case when a transaction on the Internet is hacked
  • FIG. 3 shows a card user numbering system by conventional card
  • FIG. 4 shows a service provided by using a payment and authentication
  • FIG. 5 shows a payment system using a payment and authentication
  • FIG. 6 shows a payment card being implemented as a receiving-only
  • FIG. 7 shows an external shape of a receiving-only payment card as
  • FIG. 8 shows a flowchart of a payment method using a payment card
  • FIG. 9 shows a flowchart of a driving process of a payment card
  • FIG. 10 shows screens on a display of a receiving-only payment card
  • FIG. 1 1 shows a concept diagram of providing a payment service using
  • FIGs. 12(a) and 12(b) show a flowchart of a payment method using a
  • FIGs. 13(a) and 13(b) show concept diagrams of a service provided by
  • FIG. 14 shows a payment system using a payment card according to the
  • FIG. 15 shows use of a payment card according to the third preferred
  • FIG. 16 shows a flowchart of a payment method using a payment card
  • FIG. 17 shows a flowchart of a driving process of a payment card
  • FIG. 18 shows screens on a display of a payment card according to the
  • FIG. 19 shows a payment card according to a fourth preferred
  • FIG. 20 shows a second example of a payment card according to the
  • FIG. 21 shows screens displayed on a display of a terminal according to
  • FIGs. 22(a) to 22(m) show user number systems to be used for a card
  • FIG. 23 shows an example in which a service provider bills the price as
  • FIG. 24 shows an example in which a payment card according to the
  • FIG. 4 shows a payment service provided by using a payment card
  • payment card represents all means for providing updated card user numbers
  • Card service providers e.g., credit card service providers, bank card
  • VAN service provider e.g., a credit card member
  • FIG. 4 A buyer is illustrated in FIG. 4.
  • the VAN service provider issues to the buyer an ID card or a card to
  • the user's own ID can be stored in a database of the VAN
  • the buyer uses the card user number in step 404.
  • the member store asks the VAN service provider payment approval
  • step 406 states in step 406, and the VAN service provider transmits a unique card number
  • the card service provider checks present
  • step 410 and the VAN service provider transmits corresponding results to the
  • the member store in step 412.
  • the member store completes or refuses the transaction according to the
  • the VAN service provider updates the card user number corresponding to
  • the existing ID number (e.g., a unique ID of the card)
  • the VAN service provider can function as a
  • claims can include communication service providers, card service providers
  • the present invention can be implemented as a receiving-only terminal type
  • wireless terminal such as a portable phone or a PDA.
  • FIG. 5 shows a payment system according to the first preferred
  • the payment system 1 is connected to a buyer terminal 2 and
  • a transaction system 3 via a network (including wire and wireless networks) M1 ,
  • a payment card 4 implemented as a receiving-only
  • the payment system 1 to be managed by the VAN service provider
  • a database unit D1 for storing various categories of information for
  • the database unit D1 comprises a member information
  • the member information database D1 1 stores various kinds of
  • database D11 stores buyer information on names, passwords, unique card
  • the payment system 1 assigns a receiver ID number (a unique ID of a
  • the issue information database D12 comes to store card
  • card user numbers for representing use are assigned after a payment. For example, card user numbers for representing use
  • the payment information database D13 stores the payment cards for
  • the member manager D21 manages interfaces with other systems (e.g.,
  • the number issuer D22 assigns card user numbers that represent use
  • the payment processor D23 when receiving a card user number from
  • the transaction system determines whether the received card user number is
  • the payment processor D23 uses an
  • additional card information database (not illustrated) that stores information on
  • the information transmitter and receiver D24 transmits and receives
  • the payment card can be implemented as a type
  • FIG. 6 shows a payment card
  • the payment card 4 As shown, the payment card 4 according to the first preferred
  • embodiment of the present invention comprises a radio frequency (RF) receiver
  • the RF receiver 41 comprises an RF receiving unit 41 1 , an intermediate
  • the frequency adjuster 42 comprises a voltage control oscillator 421 and a
  • the signal processor 43 comprises a
  • ROM read only memory
  • RAM random access memory
  • the I/O units comprise a speaker 45, a driver 46 for
  • frequency adjuster 42 are known to persons skilled in the art, no further
  • FIG. 7 shows an external shape of a receiving-only payment card
  • the payment card comprises a number key k1 for inputting a password, direction keys k2 and k3 for selecting screen buttons displayed on the
  • the payment card may have a configuration greatly different from that of
  • a conventional magnetic type card or it may include an additional conventional
  • Communication devices such as telephones, mobile communication
  • the payment system 1 via the wire or wireless network M2 are used for the buyer
  • the transaction system 3 can be an Internet shopping mall site, a card
  • FIG. 8 shows a flowchart of a payment method using a payment card
  • the payment system 1 receives membership entrance requests from a
  • the networks M1 and M2 by using a computer or a mobile communication terminal, via a telephone network or via mail.
  • the member manager D21 provides receiver ID numbers to the
  • the payment card 4 implemented in a receiving-only terminal type can be any suitable payment card 4 implemented in a receiving-only terminal type.
  • each member or a conventional device can be provided to each member, or a conventional device can be used as the
  • the number issuer D22 provides a card user number at
  • issuer D22 then matches the issued card user numbers with the buyers' receiver
  • single card user number can be provided to all the different cards.
  • the buyer operates the payment card 4 and selects a category of a
  • the password for the decryption is stored in the
  • the payment card 4 can
  • the payment card can be configured so that a password is stored in the payment card at the initial card issue and only when the passwords
  • generation reference codes and generation rules are provided to a host (a)
  • the generation rules (the generation rules are generated after the generation
  • reference codes are used and the used user number functions as the reference
  • the buyer transmits the card user number to the transaction
  • PC computer
  • the transaction system 3 After receiving the card user number from the buyer, the transaction system 3 transmits the transaction history and items on the card user number to
  • the transaction history includes time, price and member store
  • Data transmitted to the payment system 1 include information for
  • a corresponding user such as a personal ID (e.g., a personal ID
  • the payment processor D23 of the payment system 1 receives the items
  • the payment processor D23 searches the issue information
  • the payment processor D23 transmits the card number of
  • present invention issues the card, transaction limits and information on present
  • the company can independently determine payment states
  • step S15 can be omitted.
  • approving the transaction is provided to the user so that the user may input the
  • the number issuer D22 of the payment system 1 assigns a
  • the payment card 4 stores the new card user number
  • step S20 in a memory so as to use the same for a next transaction in step S20.
  • FIG. 9 shows a procedure performed in the payment card according to
  • step S30 When a signal is input in a standby mode in step S30, the controller 432
  • the controller determines which card to use
  • the preferred embodiment can be used as a bank card, a department store card
  • the controller In the case of a credit card as a preferred embodiment, the controller
  • steps for including determination variables such as
  • predetermined number of times and predetermined time frames can be
  • the payment card can be configured to omit the
  • the third person uses a number that cannot be approved and tries an electronic
  • payment card 4 uses the password, decrypts the pseudo user number received
  • password is not.
  • at least two passwords can be established.
  • step S43 uses the card user number and inputs a confirmation button in step S43, the
  • controller 432 switches the payment card 4 into a standby state for receiving a
  • the controller 432 removes the
  • a warning sound can be output via the
  • FIG. 10 shows screenshots to be displayed on the display of the
  • FIG. 10(a) shows an initial screen of the card
  • FIG. 10(b) shows a
  • FIG. 10(c) shows a screen for asking which card to
  • FIG. 10(d) shows a screen for asking which credit card to use when the
  • FIG. 10(e) shows a standby state
  • FIG. 10(f) shows a screen on
  • FIG. 10(g) shows a screen on which the display
  • FIG. 10(h) shows a screen having
  • it can be a portable terminal type) of a transmitting and receiving terminal
  • FIG. 1 1 shows a card number providing service with a card user
  • a receiving configuration can be added to the payment card as shown
  • a portable phone can be used
  • the VAN service provider checks
  • the VAN service provider transmits a pseudo card user
  • the VAN service provider requests a
  • the card user decrypts the encrypted card user number using the
  • the VAN service provider can transmit the real card user number
  • VAN service provider so as to refer to states of a card approval in step 908,
  • VAN service provider searches the VAN service provider's database
  • display screens of the respective steps can be similar to the
  • a payment system in connection with the transmitting and receiving
  • FIGs. 12(a) and 12(b) show a flowchart of a payment method according
  • receiving the payment service of the payment system 1 activates the payment card (or a portable phone) 4 and selects a card category via the switch 48 in
  • step S60 the controller 432 of the payment card 4 transmits category
  • the payment system 1 that can be a VAN service
  • step S61 the controller can concurrently
  • the number issuer D22 of the payment system 1 encrypts a card user
  • the number issuer D22 can optionally transmit available
  • the payment card 4 receives a pseudo card user number (an encrypted
  • the controller 432 of the payment card 4 reads the
  • decrypted card user number and displays it on the display 47 in step S63.
  • the buyer provides the card user number to
  • the transaction system 3 (that can be a card reader of a member store) so as to
  • the transaction system 3 such as a shopping mall site or a card reader
  • card user information that can include member IDs
  • the payment processor D23 of the payment system 1 searches the
  • the payment processor D23 when the transmitted card user number is matched with the available number stored in the issue information database D12, the payment processor D23
  • the authentication system 5 and requests an approval in step S69.
  • the authentication system 5 requests an approval in step S69.
  • payment system 1 can request the approval from the authentication system 5
  • the payment system 1 does not
  • payment system 1 transmits transaction results for showing that the transaction
  • payment system 1 transmits the transaction denial and transaction results to the
  • the transmitted data can also be transmitted to the payment card 4.
  • card user number is transmitted to the payment card 4 each time a card user
  • the information can
  • the user can receive the
  • the first method is to previously
  • method may optionally require a protector for disabling the use when the wrong
  • the payment system must memorize all the card user numbers to be used for the
  • the second method is to encrypt, when a password is input using a card
  • unique information e.g., encrypted personal ID numbers, step information for
  • pseudo card user numbers stored in a memory according to a generation
  • the payment system inversely operates an algorithm
  • the payment system can generate a card user number each time
  • the user inputs a password or for each predetermined period. Also in this case, a
  • predetermined number of times can be optionally required.
  • FIG. 13(a) and (b) show rough concepts of a service provided by using
  • the VAN service provider or the PG service provider issues a
  • present invention to the buyer, and builds a database for storing a plurality of
  • the buyer inputs a password to decrypt a pseudo user number
  • VAN service provider transmits corresponding results to the member store.
  • the buyer's card stores a plurality of pseudo user numbers, and when a
  • a decrypted number is generated according to a rule set to the card and the payment system, and the card user number updated each time can be
  • FIG. 14 shows a configuration of the payment system using the payment
  • FIG. 15 shows a configuration of the payment card according to the third
  • the third preferred embodiment does not include
  • the payment card 41 As shown, the payment card 41
  • a keypad 41 1 comprises a keypad 41 1 , a CPU 412, a display 413, an electrically erasable and
  • EEPROM programmable ROM
  • the keypad 41 1 comprises a plurality of keys for inputting data such as
  • the EEPROM 414 stores a plurality of pseudo card user numbers and CPU procedure seed values.
  • the pseudo card user numbers are a plurality of pseudo card user numbers and CPU procedure seed values.
  • the CPU 412 decrypts the pseudo card user numbers stored in the
  • the keypad according to clock signals provided by the clock signal unit 415, and
  • the CPU 412 sequentially reads the pseudo card user numbers in
  • EEPROM 414 and the card user numbers are generated according to a
  • database D12 according to the third preferred embodiment stores a plurality of
  • generating card numbers via a predetermined rule can be implemented to store at least one card user number in the database D12.
  • FIG. 16 shows a flowchart of a payment method using the payment card
  • the payment card 41 and inputs a password via the keypad 41 1 , the CPU 412 of
  • the payment card 41 displays a use checking message via the display 413 (in
  • the CPU 412 reads the pseudo card user
  • the display 413 displays the generated card user number S62.
  • transaction system 3 transmits a transaction history and items on the card user
  • transmitted to the payment system 1 can include an ID number assigned to the
  • the payment processor D23 of the payment system 1 receives the items
  • the payment processor D23 searches the issue information
  • the payment processor D23 notifies the payment
  • the payment processor D23 transmits the credit card number of a card
  • the payment system 1 transmits the
  • the payment system 1 transmits the card user number
  • the number issuer D22 of the payment system 1 records that a
  • FIG. 17 shows a flowchart of a procedure performed in the payment card
  • the payment card 41 Differing from the first preferred embodiment, the payment card 41
  • step S71 the keypad 41 1 in step S71 , after a standby mode in step S70 and a password is
  • step S72 a use checking message is displayed on the display 413 and it
  • pseudo card user number is decrypted via a wrong decryption key
  • the pseudo card user number can be sequentially decrypted and
  • the password can be established twice to enhance security.
  • the CPU 412 of the payment card 41 displays a decrypted
  • the CPU 412 stops displaying the card user
  • steps S73 to S75 can be appropriately omitted according to modified
  • FIG. 18 shows an exemplified screen that can be displayed on the
  • the stage 'a' shows a standby mode before a password for decrypting a
  • the stage 'b' shows a screen while the password is being
  • FIG. 19 shows a configuration of a payment card according to a fourth
  • the payment card 200 As shown, the payment card 200 according to the fourth preferred
  • embodiment of the present invention comprises a CPU 212; an EEPROM 214; a
  • the payment card 200 can be
  • MCU memory control unit
  • the payment card 200 is connected to a wireless communication
  • the wireless communication terminal 100 comprises a data port
  • a keypad 102 including a plurality of keys for inputting data such as passwords,
  • a display 103 for displaying input and output data or another data provided
  • the wireless communication terminal 100 can further be accessed by the payment card 200.
  • the wireless communication terminal 100 can further be accessed by the payment card 200.
  • the interface 218 of the payment card 200 is connected to the data port
  • the CPU 212 of the payment card 200 serially communicates with the
  • the CPU 212 of the payment card 200 uses a protocol
  • the EEPROM 214 of the payment card 200 stores pseudo card user
  • the CPU 212 decrypts the pseudo card user numbers stored in the
  • the keypad 102 according to clock signals provided by the clock signal unit 216,
  • the CPU 212 sequentially reads the pseudo card user numbers
  • the CPU 212 decrypts them and generates available card user numbers.
  • the CPU 212 decrypts them and generates available card user numbers.
  • EEPROM 214 and the card user numbers are generated according to a
  • an instruction e.g., a request to send an instruction to the data port 101 of the wireless communication terminal 100.
  • the password is input to the CPU 212 of the payment card
  • the CPU 212 of the payment card 200 enables a use check message to be
  • the message may be displayed on the display 103 of the terminal 100 (if needed, the message may
  • the CPU 212 After checking, the CPU 212 reads a pseudo card user number
  • the EEPROM 214 decrypts the input password, generates a card user number
  • the user provides the card user number to the transaction
  • transaction system 3 transmits a transaction history and items on the card user
  • the payment system 1 can include an ID number assigned to the payment card
  • the payment processor D23 of the payment system 1 receives items on
  • the number issuer D22 of the payment system 1 records that a
  • the password can be
  • FIG. 20 shows another example of the payment card according to the
  • the payment card 300 as shown in FIG. 20 is a fourth preferred embodiment.
  • the payment card 300 as shown in FIG. 20 is a fourth preferred embodiment.
  • the payment card 300 comprises an application-specific integrated circuit
  • ASIC application circuit
  • the ASIC chip 310 comprises the above-noted CPU, the EEPROM,
  • the payment card 300 of the above-mentioned configuration performs
  • the payment card 300 provides the interface
  • payment card 300 can have a general specification such as the ISO 7816.

Abstract

Disclosed is an authentication and payment card for automatically updating a card user number, and a payment system and method using the card. A buyer receives a card user number via a payment card, and only when the presently provided password is identical with the previously stored password does the card provide the card user number, and when the card user number is encrypted, it is decoded using the input password. When the seller's transaction system requests the authentication number or a payment on the card user number, the authentication and payment system receives an authentication and payment approval of the card user number and transmits the same to the transaction system. The authentication and payment system modifies the card user number into a new one and transmits the new number to the buyer's payment card, and therefore, subsequent transactions are performed with the new card user number.

Description

Authentication and Payment Card for Automatically Updating User Numbers, and Authentication Payment System and Method using the Card
BACKGROUND OF THE INVENTION
(a) Field of the Invention
The present invention relates to an authentication and payment card for
automatically updating a card user number, and a payment system and method
using the card. More specifically, the present invention relates to an
authentication and payment card generated for using an updated user number
for each access or transaction, and a system and method for providing payment
services using the card.
(b) Description of the Related Art
As information communication techniques have recently developed and
global communication infrastructures such as the Internet have greatly spread,
electronic commerce that has overcome time and spatial limits has been brought
to the fore. Accordingly, nations all over the world promote activations of
electronic commerce as a core for strengthening national competitiveness, and
the Internet has become a borderless business on a hard-fought field as well as
an information storehouse.
Since electronic commerce has no time and spatial limits, buyers do not
need to directly visit local shops; circulation costs, building rental and expenses
of goods in stock are rarely generated; and Internet users all over the world are
potential customers. Also, since electronic commerce reduces circulation steps
to greatly retrench transaction costs and records, and it manages all transaction histories, electronic commerce greatly raises effectiveness and transparency of
the whole economic situation.
However, differing from present states of electronic commerce wherein
the Internet has gradually become a major portion of networks, adequate
processing degrees of electronic commerce in Korea has not yet been realized. .
Some reasons that electronic commerce is not particularly popular in
Korea include the fact that the Korean buyer is more conservative than
Westerners in using an electronic payment system wherein information on the
buyer's credit card is transmitted via an open network such as the Internet, and
those who usually use cash to buy desired products are worried about exposing
their personal credit information.
One of the biggest problems regarding electronic commerce is to
effectively protect credit information. For this, various types of payment methods
such as prepaid cards, credit cards, deposit transfers and electronic money are
used, but these methods cannot completely protect the users.
Standardization and reinforcement of electronic payment security
techniques have been introduced in an attempt to solve security problems of
user information relating to the activation of electronic commerce, but these
methods cannot be a complete solution when the user's credit card number is
exposed while making a purchase via electronic commerce.
Relating to this, FIG. 1 shows a buying process via an on-line shopping
mall using the secure electronic transaction (SET) method relating to a
standardization of an electronic payment security technique. As to conventional electronic commerce, when a buyer accesses a
shopping mall and inputs a product name and a credit card number to an order
sheet on a browser to request a buying process, the credit card number and the
order sheet are encrypted using a predetermined key and transmitted to the
shopping mall in step 104, the encrypted and transmitted order sheet is
decrypted at the shopping mall site using a corresponding decryption key in step
106, and the encrypted credit card number is transmitted to a credit card
company (or a VAN service provider, and in this case, the credit card number is
transmitted to the credit card company via a VAN or a payment gateway (PG)
service provider) so as to request approval in step 108.
When receiving an approval request of a credit line, the credit card
company decrypts the credit card number using a decryption key corresponding
to a decryption key used to obtain the original credit card number in step 1 10,
searches information on the credit line of the credit card number and transmits
results of the approval request to the shopping mall service provider in step 1 12.
The shopping mall displays a transaction allowance or denial message
to the buyer according to the results of the approval request in step 1 16, and
thereby a transaction is executed.
As known by FIG. 1 , data necessary for receiving and transmitting the
order sheet or the credit card number on the Internet are decrypted, but since it
may violate the buyer's privacy to reveal more of the buyer's personal
information than needed, a method whereby only the shopping mall uses the
encrypted order sheets and only the credit card company decrypts the encrypted credit card number is adopted.
However, additional plans against illegal hacking or stealing of the credit
card numbers must be provided as well as a scheme for strengthening the
personal information security.
FIG. 2 shows an exemplified drawing of a case when a transaction on
the Internet is hacked. When a buyer is assumed to desire to make a purchase
or perform PC banking using a PC 202 via electronic commerce at home or at
the office, information to be transmitted may be exposed to other people 206 via
a network (e.g., Internet) in the case the corresponding information is transmitted
to a server 204 of an electronic commerce service provider or a bank via the
network, and not via an exclusive line.
A Korean utility model No. 1999-23246, entitled "A device for
authenticating a credit card user", has been granted. The device can only be
used when a password is input. As to the Korean utility model, a user uses an
authentication function of a user authenticator installed in a credit card before
using the credit card so as to be authenticated without using an external device,
and hence, other people cannot use the corresponding user's credit card.
However, according to the above-described utility model, since a credit
card number is exclusively assigned to one card and this credit card number
must be input for each transaction, the user's credit card number can be
exposed to other people and can be illegally used by stealth, in electronic
commerce.
That is, the conventional methods cannot protect illegal use of credit card numbers by a hacker when the hacker looks at a user from behind when
they are using a terminal in a public place, or when the hacker installs a hacking
program in an electronic commerce computer and steals the card number.
FIG. 3 shows a card user number system used by conventional credit
card companies.
As shown, a reference numeral 302 represents a unique card
identification number, a reference numeral 304 indicates a card grade, and a
reference numeral 306 determines whether the card is for a person or a
corporation. Reference numerals 308 to 312 shows personal information, and in
detail, the reference numeral 308 represents an identification (ID) number, the
reference numeral 310 indicates a subscriber classification for representing a
person or a family, and the reference numeral 312 shows an issuing sequence
for indicating theft or loss states. A reference number 314 represents an error
checking number for checking a number theft or a random number input trial.
As described above, in the conventional card system, even when a
malicious person who uses a stolen credit card knows all the numbers except
the last one, it is very probable that the person can illegally make a purchase
with several additional trials in the name of the original card holder.
To make up for the above-described problems, when a user registers
with an electronic commerce service provider as a member, the user registers
information such as the user's residence registration number, and this
information and other information is encrypted when requesting payment
approval. When a credit card company receives the approval request it determines whether the transmitted information matches the client information of
the credit card company, and if so, it approves the request.
However, most Internet users tend to avoid providing detailed
information such as the residence registration numbers because the user's own
information can be used for Internet marketing without the user's consent, and
even when the user registers the information, a malicious person can get the
above-noted information and use the same.
On the other hand, relating to network security, an RSA security ID, a
one-time password (OTP) security token, a security card, and a one-time ID are
all used for authenticating users.
However, this method is a two-factor method and uses an additional
terminal, but since the number displayed on the terminal for authenticating the
user corresponds to a password, this method only performs user authentication
function and cannot execute a payment process.
SUMMARY OF THE INVENTION
It is an object of the present invention to provide a system and a method
for automatically updating a user number after a transaction, and using a
different number at a next transaction so as to protect the card user from
prohibited uses by malicious persons, and to perform a user authentication
function.
In one aspect of the present invention, in a payment method of a
payment system connected to a buyer's payment card and a seller's transaction system via a network, and including a database for storing card user numbers
matched with respective card numbers available to the buyer, a payment method
comprises: searching the database and finding a corresponding card number
when a card user number is received from the transaction system; determining
whether to approve a transaction on the card number; notifying the transaction
system of the transaction approval when the transaction approval on the card
number is determined; and changing the card user number corresponding to the
card number with a new card user number, transmitting it to the buyer's payment
card so as to update the card user number of the payment card, and updating
the card user number of the database corresponding to the card number with the
changed card user number.
In another aspect of the present invention, a payment card comprises:
an input unit; a memory for storing a plurality of encrypted card user numbers; a
processor for sequentially reading the encrypted card user numbers from the
memory according to an established order each time a password is input by the
input unit, and decrypting a read card user number according to the input
password; and a display for displaying the decrypted card user number.
In still another aspect of the present invention, in a payment system
connected to a buyer's payment card and a seller's transaction system via a
network and performing a payment operation, a payment system comprises: a
database for storing card user numbers matched with a plurality of respective
card numbers available to each buyer; and a processor for searching the
database when the card user number is transmitted by the transaction system, finding a card number corresponding to the transmitted card user number,
executing a payment, changing the card user number corresponding to the
payment card number with a new card user number, updating the card user
number stored in the database with the new card user number, and transmitting
it to the payment card.
In further aspect of the present invention, in an authentication method of
a system for authenticating service users by using a database for storing user
numbers matched with respective service users, an authentication method
comprises: receiving a user number from an authentication card via a network;
comparing the received user number with a user number stored in the database;
determining, when the received user number is matched with the user number
stored in the database, the corresponding user as a correct service user and
providing the service; determining, when the received user number is not
matched with the user number stored in the database, the corresponding user as
an incorrect service user and notifying determination results via the network path
through which the user number is transmitted; and changing the user number
corresponding to the service user with a new user number after providing the
service or notifying the determination results, transmitting the new user number
to the authentication card so as to update the user number of the authentication
card, and updating the user number of the database corresponding to the
service user with the new user number. BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are incorporated in and constitute a
part of the specification, illustrate an embodiment of the invention, and, together
with the description, serve to explain the principles of the invention:
FIG. 1 shows an on-line buying process at a shopping mall using the
SET;
FIG. 2 shows a case when a transaction on the Internet is hacked;
FIG. 3 shows a card user numbering system by conventional card
companies;
FIG. 4 shows a service provided by using a payment and authentication
card according to a preferred embodiment of the present invention;
FIG. 5 shows a payment system using a payment and authentication
card according to a preferred embodiment of the present invention;
FIG. 6 shows a payment card being implemented as a receiving-only
terminal form according to a first preferred embodiment of the present invention;
FIG. 7 shows an external shape of a receiving-only payment card as
shown in FIG. 6;
FIG. 8 shows a flowchart of a payment method using a payment card
according to the first preferred embodiment of the present invention;
FIG. 9 shows a flowchart of a driving process of a payment card
according to the first preferred embodiment of the present invention;
FIG. 10 shows screens on a display of a receiving-only payment card
according to the first preferred embodiment of the present invention; FIG. 1 1 shows a concept diagram of providing a payment service using
a transmitting and receiving payment card according to a second preferred
embodiment of the present invention;
FIGs. 12(a) and 12(b) show a flowchart of a payment method using a
transmitting and receiving payment card according to the second preferred
embodiment of the present invention;
FIGs. 13(a) and 13(b) show concept diagrams of a service provided by
using a payment card according to a third preferred embodiment of the present
invention;
FIG. 14 shows a payment system using a payment card according to the
third preferred embodiment of the present invention;
FIG. 15 shows use of a payment card according to the third preferred
embodiment of the present invention;
FIG. 16 shows a flowchart of a payment method using a payment card
according to the third preferred embodiment of the present invention;
FIG. 17 shows a flowchart of a driving process of a payment card
according to the third preferred embodiment of the present invention;
FIG. 18 shows screens on a display of a payment card according to the
third preferred embodiment of the present invention;
FIG. 19 shows a payment card according to a fourth preferred
embodiment of the present invention;
FIG. 20 shows a second example of a payment card according to the
fourth preferred embodiment of the present invention; FIG. 21 shows screens displayed on a display of a terminal according to
the second example of the fourth preferred embodiment of the present invention;
FIGs. 22(a) to 22(m) show user number systems to be used for a card
that updates the user number according to the preferred embodiment of the
present invention;
FIG. 23 shows an example in which a service provider bills the price as
cell phone charges according to the preferred embodiment of the present
invention; and
FIG. 24 shows an example in which a payment card according to the
preferred embodiment of the present invention functions as an authentication
card.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
In the following detailed description, only the preferred embodiment of
the invention has been shown and described, simply by way of illustration of the
best mode contemplated by the inventor(s) of carrying out the invention. As will
be realized, the invention is capable of modification in various obvious respects,
all without departing from the invention. Accordingly, the drawings and
description are to be regarded as illustrative in nature, and not restrictive.
FIG. 4 shows a payment service provided by using a payment card
according to a preferred embodiment of the present invention. Here, the
payment card represents all means for providing updated card user numbers
and is not limited to general types of cards. Card service providers (e.g., credit card service providers, bank card
service providers, department store card service providers, oil card service
providers), a VAN service provider, a bank, a seller (e.g., a credit card member
store, an electronic commerce service provider, or a bank that executes
electronic billing, and these will be referred to as a member store hereinafter),
and a buyer are illustrated in FIG. 4.
The VAN service provider issues to the buyer an ID card or a card to
which a password requested by the buyer is provided, and a user's own ID is
additionally provided. The user's own ID can be stored in a database of the VAN
service provider, or a card number issued by a conventional card service
company can be stored in the database of the VAN service provider.
When desiring to use the issued card at a member store, the buyer
inputs a password to decrypt a pseudo user number that is previously encrypted
and stored in a memory of the card, and when the card user number is displayed
on a card display, the buyer uses the card user number in step 404.
The member store asks the VAN service provider payment approval
states in step 406, and the VAN service provider transmits a unique card number
and a payment request history to the card service provider that has issued the
card connected with the card user number, and asks approval states in step 408.
When receiving the approval request, the card service provider checks present
states in connection with the unique card number and returns approval states in
step 410, and the VAN service provider transmits corresponding results to the
member store in step 412. The member store completes or refuses the transaction according to the
results in step 416, and when the transaction is fulfilled, the card service provider
requests a corresponding price from a payment bank and recovers the price in
steps 418 and 424, and the buyer pays the bank in steps 420 and 422.
When transmitting an approval to the member store in the previous step
412, the VAN service provider updates the card user number corresponding to
the existing ID number (e.g., a unique ID of the card), concurrently encrypts the
updated card user number, and transmits the encrypted card user number and a
payment history to the payment card in order for the buyer to instantly check
transaction results and know the updated card user number that can be used at
a next transaction.
When an occasion demands, the VAN service provider can function as a
communication service provider, a card service provider or a bank. Therefore,
the VAN service provider that will be used in subsequent detailed descriptions
and claims can include communication service providers, card service providers
or banks.
Based on the concept shown in FIG. 4, the payment card according to
the present invention can be implemented as a receiving-only terminal type
without a transmission function, as a card without even the receiving function, or
as a transmitting and receiving type, that is, an additional service type at a
wireless terminal such as a portable phone or a PDA. In the above respective
cases, it is obvious that minor modifications or additional steps can be included
in the preferred embodiment as shown in FIG. 4. Next, a payment system and its method using a payment card
implemented as a receiving-only terminal type according to the first preferred
embodiment of the present invention will now be described in detail.
FIG. 5 shows a payment system according to the first preferred
embodiment of the present invention.
As shown, the payment system 1 is connected to a buyer terminal 2 and
a transaction system 3 via a network (including wire and wireless networks) M1 ,
it is also connected to a payment card 4 implemented as a receiving-only
terminal type via a wireless network M2, and it is connected to an authentication
system 5 for authenticating payments.
The payment system 1 to be managed by the VAN service provider
comprises a database unit D1 for storing various categories of information for
providing a payment service that uses the payment card 4; and a processor D2
for providing the payment service to buyers registered as members based on
information stored in the database unit D1.
In detail, the database unit D1 comprises a member information
database D1 1 ; an issue information database D12; and a payment information
database D13.
The member information database D1 1 stores various kinds of
information on the buyers registered as members who receive the payment
service using the payment card 4. For example, the member information
database D11 stores buyer information on names, passwords, unique card
numbers of various cards (credit cards or department store cards) used by corresponding buyers, residence registration numbers, contact information (e.g.,
electronic mail addresses, addresses, mobile phone numbers, and telephone
numbers), and places of residence for respective ID codes assigned to the
buyers.
The payment system 1 assigns a receiver ID number (a unique ID of a
card) to the payment card 4 of a member who can receive the payment service,
executes a transaction according to the receiver ID number, and either assigns a
new user number or notifies of transaction results.
Accordingly, the issue information database D12 comes to store card
user numbers assigned for each receiver ID number and new card user numbers
assigned after a payment. For example, card user numbers for representing use
allowances corresponding to various card numbers and card user numbers
newly provided after a payment are matched with each other, and are stored in
the issue information database D12 for the respective ID numbers assigned to
the buyers.
The payment information database D13 stores the payment cards for
each buyer who requested a payment, and corresponding payment histories.
The processor D2 for providing the payment service based on
information stored in the databases D1 1 to D13 comprises a member manager
D21 ; a number issuer D22; a payment processor D23; and an information
transmitter and receiver D24.
The member manager D21 manages interfaces with other systems (e.g.,
the buyer terminal, the transaction system and the authentication system) that accesses via the network M1 , and in particular, processes membership
registration and member log-in for receiving the payment service according to
the present invention.
The number issuer D22 assigns card user numbers that represent use
allowances for the respective cards of the buyers registered as members, and
assigns a new user number so as to update the issue information database D12
each time a payment process is performed.
The payment processor D23, when receiving a card user number from
the transaction system 3, determines whether the received card user number is
matched with the card user number stored in the issue information database
D12, and requests a transaction approval from the authentication system 5
according to determination results. In the case the payment system 1 is a card
service company that issues the card, the payment processor D23 uses an
additional card information database (not illustrated) that stores information on
transaction limits and credit for the respective card members, and processes a
transaction approval without using the authentication system 5.
The information transmitter and receiver D24 transmits and receives
information to/from the transaction system 3, and in particular, transmits
transaction approval results to the transaction system 3 via the network M1 , or
transmits a card user number newly assigned by the number issuer D22 to the
payment card 4 via the wireless network M2.
In the case the system concurrently performs an authentication function,
a database for fitting the function can obviously be built to the system. Since the number of the payment card according to the first preferred
embodiment must be automatically updated after a single use, differing from
conventional credit cards, the payment card can be implemented as a type
having a wireless receiving function, and FIG. 6 shows a payment card
implemented as a receiving-only terminal form.
As shown, the payment card 4 according to the first preferred
embodiment of the present invention comprises a radio frequency (RF) receiver
41 ; a frequency adjuster 42; a signal processor 43; a memory 44 for storing
information on a pseudo card user numbers and central processing unit (CPU)
procedures; and input/output (I/O) units 45 to 48.
The RF receiver 41 comprises an RF receiving unit 41 1 , an intermediate
frequency (IF) mixer and amplifier 412, and an information extraction processor
413. The frequency adjuster 42 comprises a voltage control oscillator 421 and a
phase-locked loop (PLL) processor 422. The signal processor 43 comprises a
decoder 421 , a controller 432 and an antenna tuner 433. The memory 44
comprises a read only memory (ROM) 441 , a random access memory (RAM)
442 and a memory 443. The I/O units comprise a speaker 45, a driver 46 for
supplying power, a display 47 and a switch 48. Since the RF receiver 41 and the
frequency adjuster 42 are known to persons skilled in the art, no further
description regarding them will be provided.
FIG. 7 shows an external shape of a receiving-only payment card
according to the first preferred embodiment of the present invention.
As shown, the payment card comprises a number key k1 for inputting a password, direction keys k2 and k3 for selecting screen buttons displayed on the
LCD and a key k4 for functioning as an enter key in the first step and as a power
on/off key in the second step. However, since the above-described key
arrangement is only a preferred embodiment, it does not restrict the scope of the
present invention.
The payment card may have a configuration greatly different from that of
a conventional magnetic type card, or it may include an additional conventional
card system so as to use the prior card. In this case, it is obvious that a card
number and a magnetic portion can be provided on the prior card.
Communication devices such as telephones, mobile communication
terminals, computers and Internet TVs for accessing the transaction system 3 or
the payment system 1 via the wire or wireless network M2 are used for the buyer
terminal 2.
The transaction system 3 can be an Internet shopping mall site, a card
reader of a member store, or a terminal for accessing the network.
Next, a payment method based on a payment system using a payment
card according to the first preferred embodiment of the present invention will be
described.
FIG. 8 shows a flowchart of a payment method using a payment card
according to the first preferred embodiment of the present invention.
The payment system 1 receives membership entrance requests from a
plurality of buyers who desire the payment service using the payment card via
the networks M1 and M2 by using a computer or a mobile communication terminal, via a telephone network or via mail.
The member manager D21 provides receiver ID numbers to the
respective buyers who request the membership entrance, receives buyer
information such as passwords and addresses in the like manner of general card
service entrance procedures, and builds the member information database D1 1.
The payment card 4 implemented in a receiving-only terminal type can
be provided to each member, or a conventional device can be used as the
payment card by upgrading the communication device such as a beeper
possessed by the user. The number issuer D22 provides a card user number at
the time of membership entrance, stores the card user number created when
issuing the payment card in the payment card 4 and issues the same, or
transmits the user number to the payment card 4 via the wireless network M2
when the service is started according to the membership entrance. The number
issuer D22 then matches the issued card user numbers with the buyers' receiver
ID numbers, and stores the card user numbers in the issue information database
D12. In this instance, the card user numbers are encrypted before they are
stored in or transmitted to the payment card 4 so that they may not be stolen by
other persons, and the card user numbers can be respectively assigned to
various cards (credit cards, department store cards etc.) used by the buyer, or a
single card user number can be provided to all the different cards.
When the card user number is transmitted to the payment system 1 , the
buyer checks an initial message, that is, receipt states of the card user number
via the issued payment card 4. As described above, when the buyer is registered as a member for
receiving the payment service using the payment card and buys desired goods
on the Internet shopping mall site or at a general card member store, the buyer
checks the card user number provided via the payment card 4.
First, the buyer operates the payment card 4 and selects a category of a
desired credit card. Next, the buyer checks via the display 47 of the payment
card whether a new card user number has been received, and then inputs a
password in step S10.
Only when the input password is found to be matched with a previously
stored password does the payment card 4 decrypt the card user number
provided by the payment system 1 and display the decrypted card user number
via the display 47 in step S11.
As described above, the password for the decryption is stored in the
payment card at the initial operation, and a subsequently input number is
compared with a stored password, and when they are matched the decrypted
card user number is displayed. Differing from this, when the payment card
receives a random number without storing a password, the payment card 4 can
use the number as a decryption key to perform a decryption process (a user
number generation process) and display the generated user number. The latter
case has a merit in that nobody knows the password, and the former and the
latter cases have merits in that the decrypted card is difficult to use and the
decryption process is absolutely needed.
Therefore, the payment card can be configured so that a password is stored in the payment card at the initial card issue and only when the passwords
are matched can the service according to the present invention be used (if the
user desires to change batteries, the user must input the correct password
again), or it can be configured as another embodiment in that passwords,
generation reference codes and generation rules are provided to a host (a
payment system) of a service provider and the generation reference codes and
the generation rules (the generation rules are generated after the generation
reference codes are used and the used user number functions as the reference
code) are stored in the payment card.
When the card user number is displayed on the payment card 4 after
inputting the password, the buyer provides the card user number to the
transaction system 3 so as to perform a payment in step S12.
That is, in the case the buyer makes a purchase at a shopping mall site
via the network M1 , the buyer transmits the card user number to the transaction
system using the buyer terminal 2, and in the case the buyer buys goods at a
general card member store, the buyer provides the card user number to a
shopkeeper of the member store so as to input the same to the transaction
system 3 that is a card reader.
Since the card user number used in this instance is discarded after a
single use, even when the buyer uses a general terminal such as a personal
computer (PC) in a public place and the number is exposed to other persons, it
is of no use to use the exposed card user number.
After receiving the card user number from the buyer, the transaction system 3 transmits the transaction history and items on the card user number to
the payment system 1 via the network M1. The items on the card user number
include a card user number, a card valid date and the buyer's receiver ID
number, and the transaction history includes time, price and member store
information.
Data transmitted to the payment system 1 include information for
indicating a corresponding user such as a personal ID (e.g., a personal ID
provided by each shopping mall site), and when the buyer uses the
authentication and payment card according to the present invention, the user
number updated each time can function as the personal ID and the password.
The payment processor D23 of the payment system 1 receives the items
on the card user number and the transaction number from the transaction
system 3, and determines whether the card user number is matched with the
previously provided and allowed card user number.
That is, the payment processor D23 searches the issue information
database D12 based on the receiver ID number, finds the card user number
provided to the payment card of the buyer who requests the payment,
determines whether the card user number is matched with the card user number
transmitted by the transaction system 3 in step S14, and when both card user
numbers are matched, the payment processor D23 transmits the card number of
a card service company matched with the card user number to the
authentication system managed by the card service company so as to request a
transaction approval in step S15. In the case the company that provides the service according to the
present invention issues the card, transaction limits and information on present
states of available services for each card can be stored in the payment system 1 ,
and in this case, the company can independently determine payment states
without requesting the transaction approval from the card service company, and
therefore, the step S15 can be omitted.
In the case the transaction approval is notified by the authentication
system 5 or the company itself determines the transaction approval, the
company transmits the corresponding card user number (or a member ID for
using electronic commerce) and the transaction approval results to the
transaction system 3. In this instance, the approval results are transmitted to the
payment card 4 that has the corresponding card user number as well as to the
transaction system 3 so that the buyer may know the approval results.
In the case a transaction approval refusal is notified by the
authentication system 5 or the company itself refuses the transaction approval,
the corresponding card user number (or a member ID) and a message that
indicates that the transaction approval is not achieved are transmitted to the
transaction system 3. In this case, a report that the number is not appropriate for
approving the transaction is provided to the user so that the user may input the
correct number, and when the approval errors are repeated for a predetermined
times, when the buyer fails to input the correct card user number within a
predetermined time, or when the buyer inputs the same after the predetermined
time, the payment process is stopped and this fact is transmitted to the card user via the wireless network so that the illegal use is instantly prohibited.
As described above, after notifying the approval results according to the
payment request, the number issuer D22 of the payment system 1 assigns a
new card user number in response to the paid card regardless of the approval
results or only when the approval is provided, matches the new card user
number with the receiver ID number of the card user and stores the new card
user number in the issue information database D12. Next, the number issuer
D22 encrypts the new card user number using a given password, matches the
encrypted number with the receiver ID number (a personal ID previously
assigned and built in the card) of the corresponding buyer and periodically or not
periodically transmits the new encrypted card user number to the payment card
4 via the information transmitter and receiver D24 in step S19.
When a new card user number is transmitted by the payment system 1
after this payment process, the payment card 4 stores the new card user number
in a memory so as to use the same for a next transaction in step S20.
FIG. 9 shows a procedure performed in the payment card according to
the first preferred embodiment of the present invention.
When a signal is input in a standby mode in step S30, the controller 432
checks whether the signal is a button input signal via the switch 48, and when it
is found to be the button input signal, the controller determines which card to use
among a plurality of cards in steps S31 to S33. The payment card according to
the preferred embodiment can be used as a bank card, a department store card
and a gas station card, and a case wherein the payment card is applied as a credit card will now be described.
In the case of a credit card as a preferred embodiment, the controller
432 determines which one to use among the credit cards in steps S34 to S39,
receives a password in connection with the selected credit card, and determines
whether the password is matched with a password previously set and stored in
the RAM 442 in steps S40 and S41 . When it is found that they are not matched,
it goes to the previous step S40 and a step for inputting a password is performed.
In another case, steps for including determination variables such as
predetermined number of times and predetermined time frames can be
additionally designed to stop the operation of the credit card.
Also in another case, the payment card can be configured to omit the
steps S40 and S41 , and in this case, an initial reference pseudo user number
and a decryption rule are built into the payment card and the password is stored
in the user's memory and the database of the payment system 1 . If a third
person maliciously inputs a random number as a password, the display 47 of the
card displays a card user number encrypted using the number, and accordingly,
the third person uses a number that cannot be approved and tries an electronic
transaction, and hence the payment system 1 notifies a predetermined person
that a malicious third person steals a card number of the predetermined person.
Next, when the password is accurately input, the controller 432 of the
payment card 4 uses the password, decrypts the pseudo user number received
and stored, and displays the decrypted user number on the display 47 in step
S42. Here, in the case of a payment card having a built-in password, it can be configured that the password can be established in two stages, and only the
password of the first stage is built into the payment card while the second stage
password is not. In addition, at least two passwords can be established.
Next, the buyer is asked whether to either use the card user number or
to cancel the card user number and use the same next time via a guide
information displayed on the display 47 of the payment card 4, when the buyer
can use the updated user number displayed on the display 47. When the buyer
uses the card user number and inputs a confirmation button in step S43, the
controller 432 switches the payment card 4 into a standby state for receiving a
card use history from the payment system 1 of a VAN service provider or a
communication service provider in steps S43 to S49.
Next, when receiving the transaction history and the new pseudo card
user number from the payment system 1 , the controller 432 removes the
previous pseudo card user number stored in the RAM 442 and already used,
stores a new pseudo card user number in the RAM 442, and returns to the initial
standby state in steps S46 to S49.
In this case since the transaction history includes information on
currently available limits, the buyer can refer to it at a next transaction. Also,
when the card user number to which the transaction is requested is matched but
exceeds its service limit, a corresponding step can be added between the steps
S47 and S48.
If the card user number is canceled, a process for displaying the card
user number on a screen is stopped, and it returns to the initial standby state in steps S50 and S51 , and in the case the card user number is not checked or
canceled during a predetermined time, a warning sound can be output via the
speaker 45 so as to notify the buyer of the fact that the card user number is
being displayed.
FIG. 10 shows screenshots to be displayed on the display of the
payment card according to the preferred embodiment.
FIG. 10(a) shows an initial screen of the card, FIG. 10(b) shows a
standby state screen, and FIG. 10(c) shows a screen for asking which card to
use. FIG. 10(d) shows a screen for asking which credit card to use when the
buyer selects a credit card category, and FIG. 10(e) shows a standby state
screen for a password input for decrypting a user number of a Kookmin credit
card when the Kookmin credit card is selected. FIG. 10(f) shows a screen on
which an accurate password used for the Kookmin credit card is input and a
currently available Kookmin credit card user number is displayed on the display,
and a confirm button and a cancel button for a next process are displayed on the
bottom portion of the screen. FIG. 10(g) shows a screen on which the display
shows a state for awaiting results of a presently attempted payment from the
payment system of the VAN service provider or the communication service
provider when the buyer presses the confirm button and inputs a signal that the
buyer has used the card user number decrypted and obtained at the electronic
transaction, to the controller of the card. FIG. 10(h) shows a screen having
received a transaction history after a normal transaction is completed, and in this
instance, information such as the credit line can also be included. Next, a case for executing a payment by using a payment card (in some
cases, it can be a portable terminal type) of a transmitting and receiving terminal
type will be described.
FIG. 1 1 shows a card number providing service with a card user
number being updated, implemented as a transmitting and receiving type
according to a second preferred embodiment of the present invention.
In this instance, so as to implement a wireless transmitting and receiving
card type, a receiving configuration can be added to the payment card as shown
in FIG. 6, and as a corresponding embodiment, a portable phone can be used
as the payment card to provide the service.
In this case, when the user 920 wirelessly accesses the VAN service
provider or a PG service provider, transmits a password and requests a pseudo
card user number from them in step 902, the VAN service provider checks
whether the received unique ID of the card is matched with the password, and
when they are matched, the VAN service provider transmits a pseudo card user
number, and when they are not matched, the VAN service provider requests a
re-input of the password, or in another cases, the VAN service provider
determines the mismatching as an illegal attempt, stops the corresponding
transaction, cuts the connection states, and promptly reports this fact to the true
card user via a card (when the card is illegally duplicated), a wire or wireless
phone, fax and other various ways in step 904.
Next, the card user decrypts the encrypted card user number using the
password, obtains the real card user number so as to either perform an electronic transaction or attempt a payment via a card reader (in the above-
described case, the process of decrypting using a password can be omitted, and
in this instance, the VAN service provider can transmit the real card user number
that is not encrypted) in step 906. Then, the card user number is transmitted to
the VAN service provider so as to refer to states of a card approval in step 908,
and the VAN service provider searches the VAN service provider's database,
transmits approval states to the member store, and executes the payment
according to corresponding results in steps 910 and 912. In this case, the
transaction history (such as money left over or a use limit) or a reason for a
payment refusal is transmitted to the card according to the present invention so
as to inform of processing results in step 914.
Also, display screens of the respective steps can be similar to the
screens described according to FIG. 6.
A payment system in connection with the transmitting and receiving
payment card (such as a portable phone or a PDA) user numbers being updated
will now be described in reference to the system as shown in FIG. 5. Since the
configuration of the payment system according to the second preferred
embodiment is identical with that according to the first preferred embodiment, no
detailed description will be provided.
FIGs. 12(a) and 12(b) show a flowchart of a payment method according
to the second preferred embodiment of the present invention.
As shown in FIG. 12(a), when a user who is a registered member for
receiving the payment service of the payment system 1 activates the payment card (or a portable phone) 4 and selects a card category via the switch 48 in
step S60, the controller 432 of the payment card 4 transmits category
information of the selected card and a new card user number request (that can
include a password) to the payment system 1 (that can be a VAN service
provider) in step S61 . Optionally in this instance, the controller can concurrently
assign the available money to simultaneously check the use limits.
The number issuer D22 of the payment system 1 encrypts a card user
number appropriate to the selected card category by using a password, again
transmits the encrypted card user number to the payment card 4, and stores the
issued card user number in the issue information database D12 in step S62.
Also in this instance, the number issuer D22 can optionally transmit available
money to the payment card.
The payment card 4 receives a pseudo card user number (an encrypted
card user number) from the RF receiver 41 and stores the same in the RAM 442,
and when a user requests a receipt check via the switch 48, the payment card 4
displays via the display 47 that the card user number has been received.
When the user checks the receipt of the card user number and inputs a
password via the switch 48, the controller 432 of the payment card 4 reads the
decrypted card user number and displays it on the display 47 in step S63.
Identical with the above-described preferred embodiment, the first
method for storing the password in the payment card at the initial operation,
comparing the stored password with a password to be input subsequently, and
displaying a decrypted card user number when the passwords are matched; and the second method for receiving a random number without storing a password,
performing a decryption process using the number as a decryption key, and
displaying the generated card user number, can be used. (A merit of the second
method is that no one knows the password.) Since the above-noted two
methods make it difficult for a person who copies the terminal to use the same,
and in particular, absolutely requires a decryption process, the card user number
is prevented from being exposed to other people.
When the password is input and the card user number is displayed on
the display 47 of the payment card, the buyer provides the card user number to
the transaction system 3 (that can be a card reader of a member store) so as to
execute a payment. Since the card user number is discarded after a single use
in this preferred embodiment, the number that is exposed to other people cannot
be used in other transactions in step S66.
The transaction system 3 such as a shopping mall site or a card reader
transmits the buyer's card user number and the transaction history to the
payment system 1 and requests a payment in step S67. The transaction history
includes card user information (that can include member IDs), card user
numbers, times, prices and member store information.
The payment processor D23 of the payment system 1 searches the
issue information database D12, compares the card user number issued
corresponding to the corresponding card with the card user number included in
the transaction history transmitted by the transaction system 3 in step S68, and
when the transmitted card user number is matched with the available number stored in the issue information database D12, the payment processor D23
transmits the card number of the corresponding card and the payment history to
the authentication system 5 and requests an approval in step S69. Here, the
payment system 1 can request the approval from the authentication system 5
such as conventional card service providers, department stores, gas station card
issuers and banks, and when the payment system 1 issues the cards (e.g.,
credit cards and department store cards), the payment system 1 does not
request the approval from the authentication system 5 but approves the
transaction using card information built into the payment system 1.
When a transaction approval is notified by the authentication system 5 or
is executed by the payment system 1 , the payment processor D23 of the
payment system 1 transmits transaction results for showing that the transaction
is approved to the transaction system 3 using the corresponding card user
number (that can be a member ID) in steps S70 and S71. Transaction approval
information is provided to a card service company so as to perform processes
identical with those of a general card.
When a transaction denial is notified by the authentication system 5 or is
not executed by the payment system 1 , the payment processor D23 of the
payment system 1 transmits the transaction denial and transaction results to the
transaction system 3 using the card user number (that can be a member ID).
The transmitted data can also be transmitted to the payment card 4. Payment
information such as the payment history or use limits or a reason of a payment
prohibition is notified using the card user ID number. As described, in the case of providing the payment service using the
payment card implemented as a transmitting and receiving terminal type, a new
card user number is transmitted to the payment card 4 each time a card user
number is requested via the payment card 4, and the user receives the payment
service using the new payment card. When a pseudo card number is previously
transmitted to a terminal before the request of a card user number, the pseudo
card number is decrypted using the password as a key, and the decrypted
number is authenticated via an electronic transaction, a next pseudo card
number can be configured to be automatically transmitted to the terminal.
Also, in an additional preferred embodiment in relation to the wireless
Internet, by transmitting a seed value such as a card user number generated at
a transmitting and receiving terminal via an authentication of a password to the
electronic commerce site accessed via the wireless Internet, the information can
be obviously modified to help users of the transmitting and receiving
authentication and payment card according to the second preferred embodiment.
Differing from the preferred embodiment, the user can receive the
payment service using the payment card without the transmitting and receiving
function.
In this case, two methods are possible. The first method is to previously
input encrypted pseudo card user numbers in a card, and each time a password
is input, decrypt each number in order or for each predetermined period. This
method may optionally require a protector for disabling the use when the wrong
passwords are input more than a predetermined number of times. In this case, the payment system must memorize all the card user numbers to be used for the
respective cards.
The second method is to encrypt, when a password is input using a card,
unique information (e.g., encrypted personal ID numbers, step information for
indicating time or encryption stages of the n-th order, or previously generated
pseudo card user numbers) stored in a memory according to a generation
algorithm, generate a pseudo card user number and enable the user to use it. In
this instance, when the user transmits the generated pseudo card user number
to the payment system, the payment system inversely operates an algorithm
identical with the algorithm used for generating the pseudo card user number,
decrypts the pseudo card user number, generates a card user number, and
performs an authentication process based on this card user number.
Here, the payment system can generate a card user number each time
the user inputs a password or for each predetermined period. Also in this case, a
protector for disabling the use after wrong passwords are input over a
predetermined number of times can be optionally required.
FIG. 13(a) and (b) show rough concepts of a service provided by using
the payment card that uses the above-described methods.
As shown, the VAN service provider or the PG service provider issues a
card to which a personal ID number or a password is assigned according to the
present invention to the buyer, and builds a database for storing a plurality of
pseudo user card numbers encrypted into corresponding cards according to a
predetermined rule, and decrypted card user numbers each of which is matched with the each pseudo user card number.
The buyer inputs a password to decrypt a pseudo user number
previously encrypted and stored in a memory of a card, and when an available
card user number is displayed on a card display, the buyer obtains this number
and provides it to a member store, and the member store asks a payment
approval state of the VAN service provider, and the VAN service provider
transmits a unique credit card number and a payment request history to a credit
card company that has issued a card connected with the card user number and
asks approval states. The credit card company checks present states
corresponding to the unique card number and replies approval states, and the
VAN service provider transmits corresponding results to the member store. The
member store completes or denies the transaction according to the results, and
when the transaction accomplished, the credit card company requests a price
from a payment bank and receives it, and the buyer pays it for the bank.
The buyer's card stores a plurality of pseudo user numbers, and when a
password is input, a different pseudo user number is decrypted according to an
established order each time the card is used, and when the VAN service
provider transmits an approval message to the member store, the VAN service
provider updates the card user number corresponding to the existing personal ID
number with a next card user number according to an established order.
Also, as described above, since the previously used user number (or
encrypted personal ID information, time or step information) can be used as the
seed value, a decrypted number is generated according to a rule set to the card and the payment system, and the card user number updated each time can be
provided to the member store.
Since the buyer's card user number stored in the database of the VAN
service provider and the card user number (a decrypted number of a pseudo
user number) displayed on the buyer's card are updated and used according to
an identical order, a new card user number is used for each transaction and a
stabler transaction can be obtained.
Based on the above description, a configuration and an operation of a
payment system using a payment card according to a third preferred
embodiment of the present invention will now be described in detail.
FIG. 14 shows a configuration of the payment system using the payment
card according to the third preferred embodiment. As shown, the configuration of
the payment system according to the third preferred embodiment is identical with
that of the first preferred embodiment excluding that the payment card does not
have a transmitting and receiving function.
FIG. 15 shows a configuration of the payment card according to the third
preferred embodiment of the present invention. Differing from the first and
second preferred embodiments, the third preferred embodiment does not include
a wireless transmitting and receiving function. As shown, the payment card 41
comprises a keypad 41 1 , a CPU 412, a display 413, an electrically erasable and
programmable ROM (EEPROM) 414 and a clock signal unit 415.
The keypad 41 1 comprises a plurality of keys for inputting data such as
passwords. The EEPROM 414 stores a plurality of pseudo card user numbers and CPU procedure seed values. In particular, the pseudo card user numbers
are sequentially used in an established order (referred to as a use order
hereinafter). The CPU 412 decrypts the pseudo card user numbers stored in the
EEPROM 414 according to an established rule each time a password is input via
the keypad according to clock signals provided by the clock signal unit 415, and
in particular, the CPU 412 sequentially reads the pseudo card user numbers in
the use order among the pseudo card user numbers stored in the EEPROM 414,
decrypts them and generates available card user numbers. The display 413
displays the generated card user numbers so that the buyer may use them.
In some cases, it is obvious that previous card user numbers (or,
encrypted personal ID information, time or step information) are stored in the
EEPROM 414 and the card user numbers are generated according to a
predetermined rule.
Also, characteristics of the data stored in the issue information database
D12 of the payment system 1 according to the third preferred embodiment are
different from those of the first preferred embodiment. The issue information
database D12 according to the third preferred embodiment stores a plurality of
card user numbers that represent use permissions in correspondence to various
card numbers used as ID numbers assigned to the payment card, and the card
user numbers corresponding to the respective card numbers are sequentially
used according to their use order for each transaction.
However, a second case of the third preferred embodiment for
generating card numbers via a predetermined rule can be implemented to store at least one card user number in the database D12.
A payment method based on a payment system using a payment card
according to the third preferred embodiment will now be described.
FIG. 16 shows a flowchart of a payment method using the payment card
according to a first case of the third preferred embodiment, and the second case
can be implemented by adequately modifying the first case.
Identical with the first preferred embodiment, when a buyer registered as
a member for receiving the payment service of the payment system 1 activates
the payment card 41 and inputs a password via the keypad 41 1 , the CPU 412 of
the payment card 41 displays a use checking message via the display 413 (in
some cases, it need not display the same) and checks again whether the user
desires to use the payment card 41 in steps S60 and S61. After checking the
user's using of the payment card, the CPU 412 reads the pseudo card user
number corresponding to the order to be presently used according to the use
order, decrypts the input password and generates a card user number, and
accordingly, the display 413 displays the generated card user number S62.
As described, in addition to the method for the payment card 41 to
decrypt the password and generate a card user number and display it, a method
for storing the password for the decryption in the payment card 41 at the initial
operation, comparing a number to be subsequently input with the stored
password, and displaying the decrypted card user number when they are
matched, can also be used.
When the card user number is displayed on the payment card 41 according to the input of the password, the buyer provides the card user number
to the transaction system 3 to execute the payment in step S63. That is, in the
like manner of the above preferred embodiment, when the buyer makes a
purchase on the shopping mall site via the network M1 , the buyer transmits the
card user number to the transaction system 3 using the buyer terminal 2, and
when the buyer makes another purchase at a general card member store, the
buyer provides the card user number to the shopkeeper of the member store to
input to a card reader that is the transaction system 3.
As described, when receiving the card user number from the buyer, the
transaction system 3 transmits a transaction history and items on the card user
number to the payment system 1 via the network M1 in step S64. Here, the data
transmitted to the payment system 1 can include an ID number assigned to the
payment card.
The payment processor D23 of the payment system 1 receives the items
on the card user number and the transaction history from the transaction system
3, and determines whether they are matched with the card user number to be
used at the present transaction in the use order in step S65.
That is, the payment processor D23 searches the issue information
database D12 based on the receiver ID number, finds a card user number
corresponding to the order to be presently used according to the use order
among a plurality of card user numbers assigned to the payment card of the
buyer who has requested the payment, determines whether it is matched with
the card user number transmitted by the transaction system 3 in step S65, and when they are not matched, the payment processor D23 notifies the payment
system 1 of a re-inputting of the card number in step S66, and when they are
matched, the payment processor D23 transmits the credit card number of a card
service company matched with the card user number and the transaction history
to the authentication system 5 managed by the card service company, and
requests a transaction approval in step S67.
When the transaction approval is notified by the authentication system 5,
or is determined by the payment system 1 , the payment system 1 transmits the
corresponding card user number and transaction approval results to the
transaction system 3 in steps S68 and S69.
When the transaction approval is denied by the authentication system 5
or the payment system 1 , the payment system 1 transmits the card user number
and a message that the transaction has not been approved to the transaction
system 3 so as to receive an accurate number in the identical manner of the first
preferred embodiment.
As described, after notifying the approval results according to the
payment request, the number issuer D22 of the payment system 1 records that a
single transaction has been achieved in no relation to the approval results or in
correspondence to the card by which the transaction has been executed in case
of an approval, and uses a card user number corresponding to the next order
according to the established order at the next transaction.
FIG. 17 shows a flowchart of a procedure performed in the payment card
according to the third preferred embodiment. Differing from the first preferred embodiment, the payment card 41
according to the third preferred embodiment may not perform a step of selecting
a category of a card or a company, and when a button input signals is input via
the keypad 41 1 in step S71 , after a standby mode in step S70 and a password is
input in step S72, a use checking message is displayed on the display 413 and it
is again asked whether to use the payment card in step S73.
Next, when the user presses a confirm button, use of the card is
canceled, the user is asked via the display 413 to use the card next time, and
when it is not canceled, it is determined to decrypt the input password with no
regard to whether the stored password is matched with the input password, and
the pseudo card user number (to be used at the present transaction according to
an established order) stored in the EEPROM 414 is decrypted, and a card user
number is generated in step S75.
Therefore, when the passwords are matched, the pseudo card user
number is decrypted via an accurate decryption key, and accordingly, a card
user number for receiving the transaction approval is displayed on the display
413 in steps S76 and S77, and when the passwords are not matched, the
pseudo card user number is decrypted via a wrong decryption key, and
accordingly, a card user number that does not allow receiving the transaction
approval is displayed on the display 413 in steps S78 and S79. Therefore, if a
third person maliciously inputs a random password, a number that cannot be
approved is displayed, and hence, even when the third person attempts to
execute an electronic transaction using this random number, the approval is prohibited, and damages by a theft of the card number can be easily prevented.
The pseudo card user number can be sequentially decrypted and
displayed according to the use order only when the input password and the
stored password are matched each time the password is input, and in this case,
the password can be established twice to enhance security.
As described, the CPU 412 of the payment card 41 displays a decrypted
card user number on the display 413 according to a password input, and when a
predetermined time frame is passed, the CPU 412 stops displaying the card user
number and returns to a standby mode. In some cases, it is obvious that the
steps S73 to S75 can be appropriately omitted according to modified
embodiments.
FIG. 18 shows an exemplified screen that can be displayed on the
display of the payment card according to the third preferred embodiment.
The stage 'a' shows a standby mode before a password for decrypting a
user number is input, the stage 'b' shows a screen while the password is being
input, the stages 'c' and 'd' show that an available card user number is being
displayed on the display.
Next, a case for performing a transaction using a payment card coupled
to a wireless communication terminal will be described. That is, a case for paying
the money at a mobile transaction using a wireless communication terminal will
now be described, but it is not restricted to this.
FIG. 19 shows a configuration of a payment card according to a fourth
preferred embodiment of the present invention, and a connection state of the payment card with a wireless communication terminal.
As shown, the payment card 200 according to the fourth preferred
embodiment of the present invention comprises a CPU 212; an EEPROM 214; a
clock signal unit 216; and an interface 218. The payment card 200 can be
implemented as a one-chip type memory control unit (MCU) that integrates the
CPU, the EEPROM and the clock signal unit.
The payment card 200 is connected to a wireless communication
terminal 100. The wireless communication terminal 100 comprises a data port
101 for inputting and outputting data of the wireless communication terminal 100,
a keypad 102 including a plurality of keys for inputting data such as passwords,
and a display 103 for displaying input and output data or another data provided
by the payment card 200. The wireless communication terminal 100 can further
comprise a processor, installed in the wireless communication terminal 100, for
processing the data input via the keypad 102, transmitting the data to the
payment card 200, processing the data transmitted by the payment card 200,
and displaying the data on the display 103.
The interface 218 of the payment card 200 is connected to the data port
101 to transmit and receive data. Here, data communication is performed using
the RS-232C method, but it is not restricted to this.
The CPU 212 of the payment card 200 serially communicates with the
display 103 and the keypad 102 via the RS-232C interface 218.
For this, it is desirable for the CPU of the wireless communication
terminal and the CPU of the payment card to have an identical data protocol, and when the inner voltage of the wireless communication terminal and the
voltage required by the CPU of the payment card are different, a DC/DC
converter or a regulator for adjusting the voltage is obviously needed.
For example, the CPU 212 of the payment card 200 uses a protocol
identical with those adopted by various wireless communication terminal makers,
such as the ESMS protocol by SK Telecomm or the EIF protocol (similar to the
ESMS and based on the Internet) to perform data communication.
The EEPROM 214 of the payment card 200 stores pseudo card user
numbers and CPU procedure seed values. In particular, the pseudo card user
numbers are sequentially used in the use order.
The CPU 212 decrypts the pseudo card user numbers stored in the
EEPROM 214 according to an established rule each time a password is input via
the keypad 102 according to clock signals provided by the clock signal unit 216,
and in particular, the CPU 212 sequentially reads the pseudo card user numbers
in the use order among the pseudo card user numbers stored in the EEPROM
214, decrypts them and generates available card user numbers. The CPU 212
provides the generated card user numbers to the wireless communication
terminal 100 to be displayed on the display 103 so that the buyer may use them.
In some cases, in the like manner of the third preferred embodiment, it is
obvious that unique card user information (or, previous card user number,
encrypted personal ID information, time or step information) is stored in the
EEPROM 214 and the card user numbers are generated according to a
predetermined rule. A payment method according to the fourth preferred embodiment based
on the payment card will now be described.
When a user registered as a member for receiving the payment service
of the payment system inserts the interface 218 of the payment card 200 into the
data port 101 of the wireless communication terminal 100, an instruction (e.g.,
SETLCD=1 ) for obtaining controls of the display 103 of the wireless
communication terminal 100 and an instruction (e.g., SETKEY=1 ) for obtaining
controls of the keypad 102 of the wireless communication terminal 100 are
automatically transmitted to the wireless communication terminal 100, and the
processor (not illustrated) of the wireless communication terminal 100 (referred
to as a terminal hereinafter) transmits the controls to the CPU 212 of the
payment card 200.
After this, when an initial payment screen is displayed on the display 103
of the terminal 100 and a user inputs a password of the payment card 200 so as
to perform a payment, the password is input to the CPU 212 of the payment card
200. The CPU 212 of the payment card 200 enables a use check message to be
displayed on the display 103 of the terminal 100 (if needed, the message may
not be displayed) so as to check again whether the user desires to use the
payment card for mobile electronic commerce.
After checking, the CPU 212 reads a pseudo card user number
corresponding to an order to be presently used according to the use order from
the EEPROM 214, decrypts the input password, generates a card user number,
and displays the generated card user number on the display 103 of the terminal 100.
As described, in addition to the method for the payment card 200 to
decrypt the password and generate a card user number and display it, a method
for storing the password for the decryption in the payment card 200 at the initial
operation, comparing a number to be subsequently input with the stored
password, and displaying the decrypted card user number when they are
matched, can also be used.
When the card user number is displayed on the display 103 of the
terminal 100 that communicates with the payment card 200 according to the
input of the password, the user provides the card user number to the transaction
system 3 to execute the payment.
As described, when receiving the card user number from the user, the
transaction system 3 transmits a transaction history and items on the card user
number to the payment system 1 via the network. Here, the data transmitted to
the payment system 1 can include an ID number assigned to the payment card
200.
The payment processor D23 of the payment system 1 receives items on
the card user number and a transaction history from the transaction system 3,
searches the issue information database D12 based on the received ID number
identically with the third preferred embodiment, finds a card user number
corresponding to the order to be presently used according to the user order
among a plurality of card user numbers assigned to the payment card of the user
who requested a payment, determines whether the card user number is matched with the card user number transmitted by the transaction system, and performs
an authentication process according to matching states of the two card user
numbers. Since the payment and authentication process is identical with the
third preferred embodiment, no detailed description will be provided.
As described, after notifying the approval results according to the
payment request, the number issuer D22 of the payment system 1 records that a
single transaction has been achieved in no relation to the approval results or in
correspondence to the card by which the transaction has been executed in case
of an approval, and uses a card user number corresponding to the next order
according to the established order at the next transaction.
In the above-described fourth preferred embodiment, the process
performed in the payment card 200 is identical with that of the third preferred
embodiment (refer to FIG. 18).
Only when a password input each time is matched with the stored
password can the pseudo card user number be sequentially decrypted and
displayed according to the user order, and in this case, the password can be
established twice to enhance security.
FIG. 20 shows another example of the payment card according to the
fourth preferred embodiment. The payment card 300 as shown in FIG. 20
includes an additional connector inserted into a data port 101 of the terminal 100.
Here, the payment card 300 comprises an application-specific integrated
circuit (ASIC) chip 310 having a thickness of a general card, and a connector
320 for providing an interface between the terminal 100 and the payment card 300. Here, the ASIC chip 310 comprises the above-noted CPU, the EEPROM,
and the clock signal unit.
The payment card 300 of the above-mentioned configuration performs
transaction payments in the identical manner of the payment card 200 of the first
case of the fourth preferred embodiment, and differing from the first case of the
fourth preferred embodiment, the payment card 300 provides the interface
between the terminal 100 and the ASIC chip 310 using the connector 320, the
payment card 300 can have a general specification such as the ISO 7816.
Therefore, the payment card can include a magnetic stripe in order for an
automatic teller machine (ATM) or a cash dispenser (CD) to read card
information recorded on the magnetic stripe for an off-line payment. A
corresponding password required by the ATM or the CD can be generated when
the payment card 300 is inserted into the connector 320 provided on the data
port 101. Since the password used by the ATM or the CD requires four digits, in
the second case of the fourth preferred embodiment, it is desirable for an
operation of the display of the terminal to have two selection modes. Here, the
password can be made by using a specific four-digit number generated by using
a user number=generating algorithm that can be generated according to the
present invention.
FIG. 21 shows exemplified screens to be displayed on the display of the
terminal according to the second case of the fourth preferred embodiment.
The stage 'a' shows a screen for a user to select to generate either a card user number needed at an on-line payment or a password for the ATM, the
stages 'b' and 'C show screens for inputting a password for decrypting the user
number, the stage 'd' shows a screen for displaying an available card user
number, and the stage 'e' shows a screen for displaying an available ATM
password.
The card type payment device according to the second case of the
fourth preferred embodiment can implement a conventional electronic money
function by using a communication function of a wireless communication
terminal. That is, in the case the card type payment device is inserted into a
terminal via the connector, a wireless communication terminal having Internet
functions accesses a specific site that provides the electronic money service so
as to buy the electronic money, charge it into the payment device, and transfer
remaining money to another person's authentication and payment device for
mobile electronic transactions.
Also, in addition to the module type and the card type for the payment
card that is inserted into the data port of the wireless communication terminal,
the payment card according to the fourth preferred embodiment can be
configured as an SIM card type or a user identity module (UIM) card type for
inserting the payment card into sides or bottom portions of the wireless
communication terminal.
In the above fourth preferred embodiment, when a password in input, a
card user number stored in the memory (EEPROM) of the payment card
connected to the wireless communication terminal is read and processed to be displayed on the display of the wireless communication terminal, but differing
from this, when the payment card is connected to the wireless communication
terminal, a card user number is generated at the payment card and stored in the
memory of the wireless communication terminal so that the card user number
stored in the memory of the wireless communication terminal may be displayed
on the display without communicating with the payment card when a password is
input next time.
According to the fourth preferred embodiment, since the payment device
can use the keypad and the display provided to the terminal, the size of the
module becomes more compact than the card and the user can more
conveniently pay.
Also, since the payment device can have a card type of the ISO 7816
specification, the keypad and the display provided to the terminal can be used
via the magnetic stripe when performing a payment via the ATM or the CD, and
accordingly, the size of the module becomes more compact than the card. Also,
the user can optionally insert the payment card into the wireless communication
terminal when an authentication or a payment process is needed.
In the above-described preferred embodiments, it is important for a VAN
service provider or a PG service provider to obtain a user number system that
can be updated by itself and perform the same. FIGs. 22(a) to 22(m) show an
alternative of this card user number system.
Referring to FIG. 22(a), the card user number system comprises a field
A for including information on a card service provider, a field B for including information on a user, a personal assignment field private pool (PP) for providing
a variable number to be assigned to the user, and a field C for indicating
corresponding information when scrambling the field PP. FIGs. 22(b) to 22(m)
exemplifies scrambled cases of the above-noted fields.
In this case, the field B is a fixed field, and the field PP is a variable field,
and if needed, the field A can be omitted. A check digit (not illustrated in FIGs.
22(a) to 22(m)) for checking validity of the card numbers can also be included.
Also, when a password that is not built in is used to decrypt a card user
number from a pseudo card user number, a number corresponding to the field
PP, or the fixed and variable fields can be decrypted.
According to the above-described configuration, a malicious third person
can be prevented from obtaining a card user number using a random password
and attempting electronic transactions on the network, thereby hindering
damage to the original user, and since a single illegal attempt to access the
payment service by the malicious person can be immediately detected, the
corresponding transaction is stopped and this illegal access is reported to the
legitimate card user.
Also, inserting a payment range into the card user number system and
billing more than the original price at the shopping mall on purpose is prevented.
For example, the card user number system is configured as "pseudo
user number + password + available price range (or available price) + check
digit" and this card user number and a payment requested price are transmitted
by a transaction system such as a shopping mall, the payment system compares the payment price requested by the transaction system with the available price
range (or the available price) included in the received card user number,
performs a final payment approval only when the payment requested price is
within the available price range or the available price.
Accordingly, unlawful attempts to get more profits than the actual
payment price via the transaction system are prevented.
When the method of the above-described configuration is used, a card
number system of excellent expandability and security can be applied to the
present invention by adjusting the size of the total fields, and if this number
system is used together with the authentication and payment card having a
function of updating the user numbers, the conventional problem can be solved.
In the above-described embodiments, when a user desires to use the
card user number displayed on the payment card at a terminal connected to a
network, the payment methods can further be a direct payment and an advance
payment as well as the credit card payment. That is, the user can select a
desired payment method from among the cards possessed by the user. For
example, in the case the payment amount is a small amount of money or the
user does not possess a credit card, the user can use his direct or advance
account, and in the case the payment amount is substantial, the user can select
a credit card for deferred payment.
In the case of the direct payment, the payment system receives items on
the card user number and a transaction history from the transaction system,
checks whether the received card user number is a valid one, and when it is found to be valid, the payment system checks an account number of the user's
direct payment connected to the card user number, and requests a withdrawal
and a transfer from the corresponding bank. Accordingly, when the bank
transmits withdrawal results to the payment system, the payment system
transmits the results to the transaction system, and when the transaction is a
valid one, the transaction system provides goods or services to the client, and
the transaction system receives corresponding money from the payment system.
In the case of the advance payment for paying a small amount of money,
the user makes the user's corresponding account of the payment system be
charged with predetermined advance money. In detail, when the user accesses
the bank via the Internet banking method, and requests a money transfer from
the payment system, the corresponding bank transfers the money to the
payment system and concurrently notifies the user of the money transfer, and
the payment system transmits checking results of the money transfer by the
bank to the corresponding user.
In the case of desiring to buy goods or services via the advance
payment where predetermined amount of money is charged in the
corresponding account of the payment system, when receiving the items on the
card user number and the transaction history from the transaction system
according to the user's purchase, the payment system according to the present
invention checks whether the card user number is a valid one, and when it is
found to be valid, that is, when a full money is deposited into the account
corresponding to the card user number, the payment system returns approval states and transmits an authentication number to the transaction system so that
the transaction system may provide the goods or services to the corresponding
user.
As described, since the payment card according to the present invention
can be used as a credit card, a direct payment card and an advance payment
card, the users need not carry respective corresponding cards, and teenagers
who do not have credit cards can also perform the electronic transactions using
the direct payment account or the advance payment account.
Also, since the user is not needed to input additional credit information
or authentication information when performing an electronic payment or during a
user authentication, hacking attempts are reduced, and when the user uses the
shopping mall, the user's credit information is transmitted to a card service
company via the payment system and not via the shopping mall site, and hence,
illegal drains of client information by the shopping mall sites are prevented and
anonymity is guaranteed.
In addition, the payment money can be added to the cell phone charge.
In the general electronic commerce, clients, service providers and payment
service providers according to payment methods are provided to perform the
payment process, but in the payment process according to the present invention,
since the payment system according to the present invention as well as the
clients, the service providers and the payment service providers according to the
payment methods are provided, when information on the user's mobile phone is
stored in the payment system (in the case of receiving the user's mobile phone information from a wireless communication network service provider, or in the
case the payment system is managed by the wireless communication network
service provider), the payment money can be included to the user's mobile
phone fee bill. FIG. 23 shows an exemplified diagram for billing the payment
money as a part of the mobile phone fee.
As shown, when a user obtains a card user number from the payment
card and provides it to the transaction system, the transaction system provides
the card user number to the payment system so as to request a payment. The
payment system performs an authentication based on the provided card user
number, and when the card user number is found to be a valid one, the payment
system provides a mobile phone number matched with a corresponding card
user number to a mobile communication service provider and requests its
usability, and when it is found to be available, the payment system notifies
approval results of the transaction system so as to provide services or goods to
the corresponding user. After this, the payment system bills the phone fee
together with the price of the provided services or the goods. Therefore, the user
can pay for the transaction via the mobile phone fee.
Also, in the first and fourth preferred embodiments, the card user
numbers are updated for each making a purchase, but differing from this,
transaction passwords can also be updated.
When an input of a transaction password for checking the user at
electronic or general commerce is needed, identical with the above-described
preferred embodiments, the payment system newly generates a transaction
33 password and not a card user number, transmits the transaction password to the
payment card, or installs or generates a plurality of transaction passwords
consecutively used according to an established order, into the payment card so
that the transaction passwords may be sequentially displayed for each
transaction and hence, the transaction security may be maintained.
In this instance, since the transaction password has a digit combination
fewer than that of the card user number, the user can more easily memorize and
input it, and since each user has a different user number, when transactions of
inputting an identical password are concurrently generated, no confusion is
generated. In particular, if it becomes a duty to use a password when attempting
to pay using a credit card at electronic commerce and general commerce, it
becomes a very effective security method to update the transaction passwords.
In addition, the present invention can be applied to a user ID or a
password to be used for authenticating the user when accessing a system or a
specific device via the Internet or a communication network.
FIG. 24 shows a diagram for a service provided by using a payment and
authentication card.
Here, differing from the first to fourth preferred embodiments, the
payment card is used as an authentication card for authenticating the user, and
in this instance, the user ID or the password is varied in the same manner of the
card user number of the above-described preferred embodiment. For example,
the password can be updated for each using the password while the user ID is
affixed, or both the user ID and the password cab be updated for the user's authentication. By inputting the user ID or the password updated each time and
enabling the user to access a system or a device, the security corresponding to
the user authentication can be greatly enhanced.
As shown in FIG. 24, when the user attempts to execute Internet
banking, identical with the first to fourth preferred embodiments, a user number
for distinguishing the service users is created by the authentication card
according to the present invention, and when the user inputs the created user
number at the time of an authentication request, an authentication server of a
corresponding bank receives the user number via a network such as the Internet,
and compares the received user number with a unique ID and passwords of
available members stored in a database.
When the user is found to be a correct service user after the comparison,
the authentication server provides a corresponding service, and when the user is
found to be an incorrect service user, the authentication server reports
corresponding results via the network through which the user number has been
transmitted.
Differing from this, when another authentication authority that is not the
authentication server of the bank performs the authentication process, identical
with the above-described preferred embodiment, a user number for
distinguishing the service users is generated by the authentication card, and
when the user inputs the generated user number at the time of an authentication
request, the authentication server (which is not restricted to this and also can be
a service provider that requests authentication so as to provide specific services) of the bank provides the user number to an additional authentication authority
via the network such as the Internet so as to request an authentication, and the
authentication server of the authentication authority compares the received user
number with available members' unique IDs and passwords stored in a
database.
When the user is found to be a correct service user after the comparison,
the authentication server of the authentication authority transmits the unique ID
and the password of the available member to the authentication server of the
bank and reports that the user is authenticated, and when the user is found to be
an incorrect service user after the comparison, the authentication server of the
authentication authority reports corresponding results together with the user
number to the authentication server of the bank. This kind of authentication
method is divided into a first case of inputting a user number and performing an
authentication when accessing a site, and a second case of inputting a user
number and performing an authentication when performing a transaction.
As described, the payment card according to the preferred embodiment
of the present invention can be used as the authentication card in the same
method of the first to fourth preferred embodiments, and means to be used as
the authentication card are identical with those of first to fourth preferred
embodiments.
The payment and authentication card, the user number of which being
updated, can be implemented by including payable cards such as a securities
card, a bank cash card and a traffic card. The payment and authentication card can provide a card user number,
information on the corresponding card service provider, and additional
information (e.g., securities, weather, sports, entertainment and horse racing)
that can be provided to the card user.
As described above, the present invention provides a card that includes
a user number that can be automatically updated after a single transaction, a
card service system and method for preventing personal credit information from
being exposed.
According to the present invention, since the user can use a different
card user number at a next authentication and transaction, the card user can be
fully protected even when the card user number is maliciously stolen.
Also, since the user can immediately be notified of authentication and
payment states and can obtain information on the user's payment limits, the
user can freely use the card, and a single illegal attempt by a third person is
instantly detected to stop the corresponding transaction, and this fact is instantly
reported to the real card owner, and accordingly, probable monetary loss is
minimized.
Further, functions of a credit card, a bank card, a securities card, a
department store card and a gas station card can be integrated into a single
card.
While this invention has been described in connection with what is
presently considered to be the most practical and preferred embodiment, it is to
be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent
arrangements included within the spirit and scope of the appended claims.

Claims

WHAT IS CLAIMED IS:
1 . In a payment method of a payment system connected to a buyer's
payment card and a seller's transaction system via a network, and including a
database for storing card user numbers matched with respective card numbers
available to the buyer, a payment method comprising:
searching the database and finding a corresponding card number
when a card user number is received from the transaction system;
determining whether to approve a transaction on the card number;
notifying the transaction system of the transaction approval when the
transaction approval on the card number is determined; and
changing the card user number corresponding to the card number with
a new card user number, transmitting it to the buyer's payment card so as to
update the card user number of the payment card, and updating the card user
number of the database corresponding to the card number with the changed
card user number.
2. In a payment method of a payment system connected to a buyer's
payment card and a seller's transaction system via a network, and including a
database for storing card user numbers and passwords matched with respective
card numbers available to the buyer, a payment method comprising:
searching the database and finding a corresponding card user number
when a password is input via the network;
transmitting the card user number to the payment card;
searching the database and finding a corresponding card number when a card user number is received from the transaction system that checks the card
user number of the payment card;
determining whether to approve a transaction on the card number;
notifying the transaction system of the transaction approval when the
transaction approval on the card number is determined; and
changing the card user number corresponding to the card number with a
new card user number, and updating the card user number of the database
corresponding to the card number with the changed card user number.
3. The method of claim 1 or 2, wherein the payment card stores the card
user number transmitted by the payment system, and the method further
comprises a step of the payment card displaying the card user number
according to an input password.
4. The method of claim 1 or 2, wherein, in the step of determining
whether to approve a transaction on the card number, the transaction is
approved only when the card user number transmitted by the transaction system
is matched with the card user number transmitted to the payment card.
5. The method of claim 1 or 2, wherein, in the step of transmitting the
card user number, the card user number is encrypted and transmitted to the
buyer's payment card.
6. The method of claim 5, wherein the payment card stores the
encrypted card user numbers transmitted by the payment system for each
corresponding card, and the method further comprises a step of: the payment
card decrypting, when a card is selected, the card user number encrypted according to an established decryption rule according to an input number and
displaying the decrypted card user number.
7. In a payment method of a payment system connected to a seller's
transaction system via a network, and including a database for storing available
card numbers for respective buyers and storing a plurality of card user numbers
matched with the respective card numbers, a payment method comprising:
searching the database and finding a corresponding card number when
an identification (ID) number and a card user number are transmitted by the
transaction system;
determining whether to approve a transaction on the card number; and
notifying the transaction system of the transaction approval when the
transaction approval on the card number is determined, and the card number
corresponding to the card user number is found when the card user number
transmitted by the transaction system is matched with the card user number
corresponding to a sequence to be presently used.
8. The method of claim 7, wherein the transaction system transmits the
card user number to the payment system checked by a payment card, and a
payment card that stores a plurality of encrypted card user numbers decrypts the
encrypted card user number corresponding to the sequence to be presently
used according to the input password and displays the card user number.
9. In a payment method of a payment system connected to a seller's
transaction system via a network, and including a database for storing card
users' unique information for a plurality of respective card numbers available for each buyer, a payment method comprising:
processing a card user number and generating a corresponding card
user's unique information when the card user number is transmitted by the
transaction system;
searching the database according to the generated card user's unique
information, and finding a corresponding card number;
determining whether to approve a transaction on the card number; and
notifying the transaction system of the transaction approval when the
transaction approval on the card number is determined.
10. The method of claim 9, wherein the transaction system checks the
card user number from a payment card storing the card user's unique
information and transmits it to the payment system, and when a card is selected,
the payment card encrypts the card user's unique information according to an
input password, generates a card user number and displays it, and in the step of
generating a corresponding card user's unique information, the card user
number transmitted by the transaction system is decrypted and a corresponding
card user's unique information is generated.
1 1 . The method of claim 9, wherein the card user's unique information is
a previously generated card user number or a number of transactions.
12. The method of claim 7 or 9, wherein the card user number includes a
user number and available money representing payable money, and in the step
of determining whether to approve a transaction, the transaction is approved
only when the transaction approval money required by the transaction system is less than the available money included in the received card user number.
13. A payment card comprising:
an input unit;
a memory for storing a plurality of encrypted card user numbers;
a processor for sequentially reading the encrypted card user numbers
from the memory according to an established order each time a password is
input by the input unit, and decrypting a read card user number according to the
input password; and
a display for displaying the decrypted card user number.
14. In a payment card that can be connected to a wireless
communication terminal including a display and an input unit, a payment card
comprising:
a memory for storing a plurality of encrypted card user numbers; and
a processor for sequentially reading the encrypted card user numbers
from the memory according to an established order each time a password is
input by an input unit of the wireless communication terminal, decrypting a read
card user number according to the input password, and providing the decrypted
card user number to the wireless communication terminal to be displayed on a
display.
15. In a payment card that can be connected to a wireless
communication terminal including a display and an input unit, a payment card
comprising:
a memory for storing a card user's unique information; and a processor for reading the card user's unique information from the
memory each time a password is input by the input unit, generating a card user
number according to the input password, and providing the generated card user
number to the wireless communication terminal to be displayed on the display.
16. A payment card comprising:
an input unit for receiving a password;
a transmitter for transmitting the password via a network and requesting
a card user number;
a receiver for receiving an encrypted card user number transmitted
corresponding to the password transmitted via the network;
a memory for storing the received encrypted card user number;
a processor for decrypting the encrypted card user number into an
available card user number; and
a display for displaying the card user number decrypted by the
processor.
17. The payment card of one of claims 13 to 16, wherein the processor
decrypts the encrypted card user number corresponding to the transmitted
password when the password input via the input unit is matched with the
transmitted password.
18. The payment card of one of claims 13 to 16, wherein the card user
number is used as an authentication number for authenticating a user.
19. The payment card of claim 14 or 15, wherein the payment card
further comprises an interface for communicating with a data port of the wireless communication terminal.
20. The payment card of claim 14 or 15, wherein the payment card is
connected to a data port of the wireless communication terminal via a connector
and transmits and receives data.
21 . A payment card comprising:
an input unit;
a memory for storing a card user's unique information;
a processor for reading the card user's unique information from the
memory each time a password is input by the input unit, and generating a card
user number according to the input password; and
a display for displaying the generated card user number.
22. A payment card comprising:
an input unit;
a receiver for receiving an encrypted card user number;
a memory for storing the encrypted card user number;
a processor for decrypting the encrypted card user number stored in the
memory according to a password input by the input unit; and
a display for displaying the card user number decrypted by the
processor.
23. The payment card of claim 21 or 22, wherein the card user number
is used as an authentication number for authenticating a user.
24. In a payment system connected to a buyer's payment card and a
seller's transaction system via a network and performing a payment operation, a payment system comprising:
a database for storing card user numbers matched with a plurality of
respective card numbers available to each buyer; and
a processor for searching the database when the card user number is
transmitted by the transaction system, finding a card number corresponding to
the transmitted card user number, executing a payment, changing the card user
number corresponding to the payment card number with a new card user
number, updating the card user number stored in the database with the new
card user number, and transmitting it to the payment card.
25. In a payment system connected to a buyer's payment card and a
seller's transaction system via a network and performing a payment operation, a
payment system comprising:
a database for storing card user numbers matched with a plurality of
respective card numbers available to each buyer; and
a processor for searching the database when a card user number
transmission request is provided by the payment card, transmitting a card user
number corresponding to the corresponding card to the payment card, and when
the card user number is transmitted by the transaction system, determining
whether the card user number transmitted to the payment card is matched with
the card user number transmitted by the transaction system, and when they are
found to be matched, performing a payment, changing the card user number
corresponding to the card number with a new card user number, and updating
the card user number stored in the database corresponding to the card number with the new card user number.
26. In a payment system connected to a seller's transaction system via
a network and performing a payment operation, a payment system comprising:
a database for storing a plurality of card user numbers for a plurality of
respective card numbers available to each buyer; and
a processor for receiving a card user number from the transaction
system, reading a card user number from the database to determine whether
they are matched, and when they are found to be matched, finding a card
number corresponding to the card user number, and performing a payment;
wherein the processor reads a card user number from among a plurality of card
user numbers sequentially stored in the database according to an established
order and compares the read card user number with the card user number
transmitted by the transaction system.
27. In a payment system connected to a seller's transaction system via
a network and performing a payment operation, a payment system comprising:
a database for storing a plurality of card user's unique information for a
plurality of respective card numbers available to each buyer; and
a processor for processing a card user number and generating the card
user's unique information when the card user number is transmitted by the
transaction system, searching the database according to the generated card
user's unique information, finding a corresponding card number, and performing
a payment.
28. The payment system of claim 24 or 25, wherein the processor encrypts the card user number corresponding to the card and transmits the
encrypted card user number to the payment card.
29. The payment system of one of claims 24 to 27, wherein the card
number corresponding to the card user number is a credit card number.
30. In an authentication method of a system for authenticating service
users by using a database for storing user numbers matched with respective
service users, an authentication method comprising:
receiving a user number from an authentication card via a network;
comparing the received user number with a user number stored in the
database;
determining, when the received user number is matched with the user
number stored in the database, the corresponding user as a correct service user
and providing the service;
determining, when the received user number is not matched with the
user number stored in the database, the corresponding user as an incorrect
service user and notifying determination results via the network path through
which the user number is transmitted; and
changing the user number corresponding to the service user with a new
user number after providing the service or notifying the determination results,
transmitting the new user number to the authentication card so as to update the
user number of the authentication card, and updating the user number of the
database corresponding to the service user with the new user number.
31. In an authentication method of a system for authenticating service users by using a database for storing a plurality of user numbers matched with
each service user, an authentication method comprising:
receiving a user number from an authentication card via a network;
selecting a user number corresponding to an order to be presently used
from among the user numbers stored in the database, and comparing it with the
received user number;
determining, when the received user number is matched with the user
number stored in the database, the corresponding user as a correct service user
and providing the service; and
determining, when the received user number is not matched with the
user number stored in the database, the corresponding user as an incorrect
service user and notifying determination results via the network path through
which the user number is transmitted.
32. The method of claim 30 or 31 , wherein when the user number is
received from a service provider via the network, the method further comprises:
providing the user number, an identification (ID) and a password of the
available user to the service provider when the received user number is matched
with the user number stored in the database, and notifying that the
authentication is executed; and
determining that the corresponding user is not a correct service user
when the received user number is not matched with the user number stored in
the database, and notifying the service provider of the user number and
determination results.
33. The method of claim 30 or 31 , wherein the user number transmitted
via the network includes a unique field for distinguishing members so as to
authenticate users who can receive the service, and a password, wherein the
unique field and/or the password can be changed.
34. In an authentication method of a system for authenticating service
users by using a database for storing user's unique information for each service
user, an authentication method comprising:
receiving a user number from an authentication card via a network;
processing the user number and generating a corresponding user's
unique information;
searching the database according to the generated user's unique
information;
determining the corresponding user as a correct service user when the
generated user's unique information is found to be stored in the database, and
providing the service; and
determining the corresponding user as an incorrect service user when
the generated user's unique information is not found in the database, and
notifying determination results via the network path through which the user
number is transmitted.
35. The method of claim 34, wherein the authentication card encrypts
the user's unique information according to an input password, generates a card
user number and displays it, and in the step of generating a corresponding
user's unique information, the received user number is decrypted and a corresponding user's unique information is generated.
36. In a system for authenticating a user number transmitted via a
network and providing a service to the corresponding user, an authentication
system comprising:
a database for storing the user numbers matched with respective users;
and a processor for determining, when the user number is transmitted via the
network, whether the transmitted user number is matched with the user number
stored in the database, and when they are found to be matched, providing the
service and changing the user number stored in the database.
37. The system of claim 36, wherein the user number transmitted via the
network includes a unique field for distinguishing members so as to authenticate
users who can receive the service, and a password, wherein the processor
changes the unique field and/or the password.
PCT/KR2000/001570 2000-05-03 2000-12-30 Authentication and payment card for automatically updating user numbers, and authentication payment system and method using the card WO2001084460A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2001581200A JP2004508612A (en) 2000-05-03 2000-12-30 Authentication / payment card for automatically updating user number, authentication / payment system using the same, and method thereof
AU2001227116A AU2001227116A1 (en) 2000-05-03 2000-12-30 Authentication and payment card for automatically updating user numbers, and authentication payment system and method using the card

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
KR2000/23812 2000-05-03
KR20000023812 2000-05-03
KR1020000058001A KR100581342B1 (en) 2000-05-03 2000-10-02 certification and payment card, system using the certification and payment card and method thereof
KR2000/58001 2000-10-02
KR2000/64415 2000-10-31
KR1020000064415A KR20010100750A (en) 2000-05-03 2000-10-31 certification and payment device for m-commerce, system and method using the same

Publications (1)

Publication Number Publication Date
WO2001084460A1 true WO2001084460A1 (en) 2001-11-08

Family

ID=27350226

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2000/001570 WO2001084460A1 (en) 2000-05-03 2000-12-30 Authentication and payment card for automatically updating user numbers, and authentication payment system and method using the card

Country Status (3)

Country Link
JP (1) JP2004508612A (en)
AU (1) AU2001227116A1 (en)
WO (1) WO2001084460A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003067488A1 (en) * 2002-02-08 2003-08-14 Tri-C Inc. Method of settlement using mobile communication terminal
JP2004005425A (en) * 2002-02-08 2004-01-08 Mobusutaazu:Kk Settlement method by various paying means using subscriber terminal machine for mobile communication
EP1876559A1 (en) * 2006-07-03 2008-01-09 Axalto SA IC card parameters selection

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6324849B2 (en) * 2014-08-29 2018-05-16 Kddi株式会社 Management system and management method
KR101872278B1 (en) * 2016-06-20 2018-06-29 비씨카드(주) Method for controlling operation of display card and display card

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08115366A (en) * 1994-10-18 1996-05-07 Omron Corp Credit transaction management system
JPH11250200A (en) * 1998-03-04 1999-09-17 Omron Corp Electronic cash processor
US6026379A (en) * 1996-06-17 2000-02-15 Verifone, Inc. System, method and article of manufacture for managing transactions in a high availability system
US6029150A (en) * 1996-10-04 2000-02-22 Certco, Llc Payment and transactions in electronic commerce system
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system
JPH08115366A (en) * 1994-10-18 1996-05-07 Omron Corp Credit transaction management system
US6026379A (en) * 1996-06-17 2000-02-15 Verifone, Inc. System, method and article of manufacture for managing transactions in a high availability system
US6029150A (en) * 1996-10-04 2000-02-22 Certco, Llc Payment and transactions in electronic commerce system
JPH11250200A (en) * 1998-03-04 1999-09-17 Omron Corp Electronic cash processor

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003067488A1 (en) * 2002-02-08 2003-08-14 Tri-C Inc. Method of settlement using mobile communication terminal
JP2004005425A (en) * 2002-02-08 2004-01-08 Mobusutaazu:Kk Settlement method by various paying means using subscriber terminal machine for mobile communication
EP1876559A1 (en) * 2006-07-03 2008-01-09 Axalto SA IC card parameters selection

Also Published As

Publication number Publication date
AU2001227116A1 (en) 2001-11-12
JP2004508612A (en) 2004-03-18

Similar Documents

Publication Publication Date Title
US5721781A (en) Authentication system and method for smart card transactions
CN1307594C (en) Payment system
US7808489B2 (en) System and method of secure touch screen input and display
KR100792147B1 (en) Interactive Financial settlement service method using mobile phone number or virtual number
US9754255B1 (en) Geo-location based authentication in a mobile point-of-sale terminal
US20020184500A1 (en) System and method for secure entry and authentication of consumer-centric information
US20020194128A1 (en) System and method for secure reverse payment
CA2392229A1 (en) Methods, systems, and apparatuses for secure interactions
WO2002059727A2 (en) Security system and method for providing a user with an authorisation code for accessing a service
US7430540B1 (en) System and method for safe financial transactions in E.Commerce
US20020032662A1 (en) System and method for servicing secure credit/debit card transactions
KR20070121618A (en) Payment agency server
WO2001095204A1 (en) Electronic commerce system and method using credit card
JPH10198636A (en) System and method for personal authentication
US20040039709A1 (en) Method of payment
KR100581342B1 (en) certification and payment card, system using the certification and payment card and method thereof
KR20020033588A (en) certification/payment device for M-commerce, system and method using the same
WO2001084460A1 (en) Authentication and payment card for automatically updating user numbers, and authentication payment system and method using the card
US7925892B2 (en) Method to grant modification rights for a smart card
KR20050017699A (en) Portable terminal control device, specially in connection with conducting a stable and convenient payment process while processing a fund transfer service with one click
JP4503341B2 (en) Electronic money deposit machine and authentication method thereof
KR20010100750A (en) certification and payment device for m-commerce, system and method using the same
JP3454785B2 (en) Card payment merchant terminal, card payment service system, and card validity display method in card payment
KR100579165B1 (en) User and mobile phone authentication/control apparatus and method thereof
KR100664878B1 (en) Settlement method and system of using the IC chip

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase