KR19980048462A - Credit card based electronic payment method - Google Patents

Abstract

The present invention relates to a credit card based electronic payment system on the Internet. The purpose is to securely deliver and process payment related information such as purchase of goods and credit card information through the Internet using public key cryptography and secret key cryptography. Its features include the payment page request step, payment page transmission step, purchase request step, price agreement request step, price agreement confirmation step, payment processing request step, receipt issuance step and receipt transmission step. .

Description

Credit card based electronic payment method

The present invention relates to a credit card-based electronic payment method, and more particularly to a credit card-based electronic payment method on the Internet.

In general, a credit card-based electronic payment method has been proposed as a method for enabling electronic commerce using the Internet. When payment information is exchanged between components for electronic payment, there is a method of encrypting and transmitting payment information between electronic payment system components by applying symmetric key encryption technology.

This scheme guarantees only safe port communication based on trust in transactions between trading partners without digital signature function. In this case, if any of the trading parties deny the transaction facts and the transaction information, it is difficult to resolve the dispute about the transaction, and there is a problem that there is a possibility of counterfeiting by a third party, which is not secure. In addition, there is a method for encrypting and digitally signing by applying encryption technology using a public key method. This method has a problem in that processing time is relatively high by performing encryption of payment information using a public key technology. Another method is to share a secret session key using a public key method, use symmetric key encryption using the secret session key, and provide a digital signature function. This method has a problem in that it may be vulnerable in terms of safety since it is used during a shared secret session scheduler session.

The present invention devised to solve the above problems is to securely deliver and process payment-related information such as purchase of goods and credit card information through the Internet using public key cryptography and secret key cryptography. .

In order to achieve the above object, the present invention provides a payment page requesting step for requesting a payment page after a buyer selects an item to be purchased while shopping, a payment page transmission step for transmitting a payment page from a seller who has requested the payment page; A purchase request step of transmitting, to the seller, a code, number, random number, and ID of the item to be purchased in the third message to the seller; and after the seller receives the third message, the seller decrypts the ciphertext and verifies the digital signature. A requesting step of a price, etc., written to the fourth message and delivered to the buyer; and the buyer receiving the fourth message decrypts the fourth message and confirms the digital signature to confirm the contents of the price agreement. Confirming the price of delivering the student information to the message, and receiving the fifth message from the buyer. A payment processing requesting step in which the Shinhan seller sends the fifth message to the center as a sixth message; and the center receives and decrypts the sixth message and confirms a digital signature to the buyer and the seller. A receipt issuing step of performing a user authentication function and a receipt transmitting step of receiving the receipt from the center and encrypting the digital signature of the center so that only the purchaser can decrypt it and transmitting it to the buyer. .

In the present invention, a public key scheme is used to share different secret session keys for each message flow between electronic payment system components, and a symmetric key encryption scheme is used to transmit payment information. do. Digital signatures are performed using a public key scheme.

1 is a message flow diagram of a credit card based electronic payment system proposed in the present invention.

Hereinafter, with reference to the accompanying drawings will be described in detail one of the preferred embodiments according to the present invention.

1 is a message flow diagram of a credit card based electronic payment system proposed in the present invention. With reference to Figure 1 will be described in detail the credit card-based electronic payment system proposed in the present invention.

The symbols used in the present invention are defined as follows.

X represents the payment page component X and ∥ represents the concatenation. PKX represents the public key of X, SKX represents the private key of X, and KS represents the secret session key. PKx [M] indicates that message M is encrypted with X's public key PKX, SKx [M] indicates that message M is encrypted with X's private key SKx, and KS [M] indicates message M is secret session key KS To encrypt. H [M] represents a hash value of the message M applied to the hash function H.

The first step is a payment page request step. Message S1 of FIG. 1 is a step of requesting a payment page. The buyer 1 selects a product to purchase during shopping and requests a payment page.

The second step is the payment page transmission step. The seller 2 who receives the payment page transmits the payment page, which is the payment page information to which the message S2 of FIG. 1 is transmitted. Message S1 and S2 have no encryption scheme and are sent just like normal HTTP. The seller 2 should transmit the ID of the seller 2 and the ID of the payment center 3 that he is using in the second message.

The third step is a purchase request step. In message S3 of FIG. 1, the buyer 1 transmits the code, number, random number, and BuyerID of the item to be purchased to the seller 2. BuyerID tells Seller 2 their public key ID so they can encrypt and send the document to them. Random numbers are used to verify receipt of the transaction they applied for when receiving a receipt after payment processing. do. By signing this message with the user's signature, the user is authenticated to the buyer 2 and encrypted so that only the seller 2 can recognize the contents. The public key ID of the seller 2 is the content received by using a hidden tag in message 2. The detailed format of the encrypted message transmitted in the third step is as follows.

KSI [BuyerID ∥ code ∥ number ∥ random number ∥ SKBuyer [H (BuyerID ∥ code ∥ number ∥ random number)]] ∥ PK Seller [KS]

The fourth step is a request for price agreement. In FIG. 1, the seller 2 who received the S3 message decrypts the cipher text and verifies the digital signature. The seller (2) calculates the price using the product code and the number to prepare a price agreement. After adding the seller's own digital signature to this price agreement, he encrypts it so that only the buyer 1 can recognize it and sends it to the buyer. In this message, the seller's digital signature and the buyer (1) By adding a digital signature, the center (3) makes evidence that the two parties have agreed on the amount. At this time, the price agreement consists of the following factors:

SellerID, BuyerID, Code, Number, Number, Number, Price, Price The details of the messages sent at this stage are as follows.

KS2 [Price Agreement] SKSeller [H (Price Agreement)] ∥ PKBuyer [KS2]

The fifth step is a price agreement confirmation step. The buyer 1 who received message 4 in FIG. 1 decrypts it and checks the digital signature to see the contents of the price agreement. After confirming the price, the buyer (1) adds his digital signature to the digital signature that the seller (2) has attached to the price agreement, and encrypts it so that only the center (3) can recognize it with the digital signature that the seller (2) has attached. To 2). The buyer's (10's digital signature to the seller's 2 digital signature is used as evidence that both the seller (2) and the buyer (1) have agreed on the price. The format of the message sent at this stage is: same.

KS3 [Price Agreement] SKSeller [H (Price Agreement)] ∥ SKBuyer [H (SKSeller [H (Price Agreement)])]] ∥ PKCenter [KS3]

The sixth step is a payment processing request step. The seller 2 receiving the S5 message from the buyer 1 transmits the S5 message to the center 3 as it is. The detailed format of the message sent in this step is as follows.

KS3 [Price Agreement] SKSeller [H (Price Agreement)] ∥ SKBuyer [H (SKSeller [H (Price Agreement)])]] ∥ PKCenter [KS3]

The seventh step is a receipt issuance step. In this step, the center 3 receives the message S6, decrypts it, checks the digital signature, and performs a user authentication function for the purchaser 1 and the seller 2. The order of verification of digital signature is as follows. First, the hash value of SKSeller [H (price agreement)] transmitted along with H (SKSeller [H (price agreement)] obtained by decoding SKBuyer [H (SKSeller [H (price agreement)]]] is calculated and compared. If the two values match, it means that the buyer (1) and the seller (2) signed the same price agreement, and if they match, H (the price agreement) is obtained by decoding SKSeller [H]. And compare the hash value of the price agreement sent with the agreement.The agreement between the two values means that the contents of the price agreement have not been tampered with, so the center 3 processes the application for payment. A message indicating whether it is present and the CenterID, SellerID, BuyerID, code, number, random number, price, etc. are combined into one message, signed with their own signature, and encrypted so that only the seller (2) can decrypt it. Where receipt information is Includes information such as

Payment success or failure ∥ CenterID ∥ Seller ID ∥ Buyer ID ∥ code ∥ number ∥ random number ∥ price

In addition, the detailed format of the message transmitted in this step is as follows.

KS4 [receipt ∥ SKCenter [H (receipt)] ∥ PKSeller [KS4]

The eighth step is a receipt transmission step. The seller 2 who receives the receipt from the center 3 encrypts the digital signature of the center 3 so that only the buyer 1 can decrypt it and transmits it to the buyer 1. The seller 2 can check whether the receipt is for a transaction for which payment processing is made by comparing the CenterID, SellerID, BuyerID, code, number, random number, and price. The buyer (1) who received the message S8 can also check whether the payment receipt for the product he / she wants to purchase is correct by comparing the CenterID, SellerID, BuyerID, code, number, random number, and price. The detailed format of the message sent in this step is as follows.

KS5 [receipt ∥ SKCenter [H (receipt)] ∥ PKBuyer [KS4]

The present invention as described above has an effect that it is possible to enable secure electronic payment through a simple system configuration when attempting to conduct a credit card-based electronic commerce on the Internet. In particular, the interest of electronic transactions using the Internet is increasing, and the introduction of such payment methods is opaque due to institutional and social issues of electronic payment methods such as electronic money. The development of a payment system is expected to contribute to the spread of full-fledged electronic transaction services using the Internet.

Claims (14)

A payment page requesting step of requesting a payment page after the buyer selects an item to purchase during shopping; A payment page transmission step of the seller receiving the payment page transmitting the seller ID and the payment center ID used by the seller in the payment page information as a second message; A purchase request step of transmitting, to the seller, the code, the number, the random number, and the ID of the Beier to the seller in the third message; A price agreement request step of the seller receiving the third message to decrypt a cipher text and verify a digital signature; A confirmation step of decrypting the fourth message received by the purchaser in the fourth message and verifying a digital signature to view contents of a price agreement; A payment processing request step of the seller receiving the fifth message from the buyer, transmitting the fifth message to the center as a sixth message; A receipt issuing step in which the center receives and decrypts the sixth message and verifies a digital signature to perform a user authentication function for the purchaser and the seller; And The seller receiving the receipt in the seventh message from the center is a credit transfer characterized in that the digital signature of the center encrypted so that only the buyer can decrypt and transmits to the buyer as an eighth message Card-based electronic payment method. The method of claim 1, The credit card-based electronic payment method, characterized in that in the payment page transmission step, the seller transmits the ID of the seller and the ID of the payment center used by the seller in a second message. The method of claim 1, In order to identify a verification key for the signed information in any one of the purchase request step, the request step such as the price, the price agreement confirmation step, the payment processing request step, the receipt issuance step and the receipt transmission step. Credit card-based electronic payment method characterized in that it tells the public key ID. The method of claim 1, Credit card-based electronic payment method, characterized in that used to check whether the random number is a receipt for the transaction he applied when receiving the receipt after payment processing by introducing a random number in the price agreement and receipt information in the purchase request step. The method of claim 1, By signing the payment information to be sent from the buyer to the seller in the purchase request step, the user is authenticated to the buyer, and a secret session key is generated so that only the seller can recognize the contents. Credit card-based electronic payment method, characterized in that for transmitting the encrypted payment information using the session key. The method of claim 1, The price agreement request step is A small step of the seller calculating a price using a product code price and the number, and creating the price agreement using the ID and a random number with the buyer; The step of the seller adding his digital signature to the price agreement; And Credit card-based electronic payment method comprising the step of transmitting the encrypted to the buyer so that only the buyer can recognize the buyer. The method of claim 1, The expansion of the price agreement, A small step of confirming the price by the buyer to confirm the digital signature that the seller has attached to the price agreement; Adding a digital signature to the price agreement information itself; A small step of the purchaser encrypting the price agreement together with the digital signature so that only the center can recognize it; And Credit card based electronic payment method comprising the step of transmitting said price agreement encrypted with said digital signature to said seller. The method of claim 7, wherein Credit card based electronic payment method characterized in that the buyer's digital signature on the price agreement with the digital signature of the seller is used as evidence that both the seller and the buyer agreed to the price agreement. The method of claim 1, The receipt issuance step. A small step of the center receiving the sixth message; A small step of decrypting the sixth message and verifying a digital signature; A small step of performing a user authentication function for the buyer and the seller; A step of generating, by the center, receipt information indicating a payment processing result; And a small step of the center adding the digital signature to the receipt information and encrypting and storing the digital signature so that only the seller can recognize the credit card. The method of claim 9, A small step to verify the digital signature, Calculating and comparing a hash value of SKSeller [H (price agreement)] transmitted with H (SKSeller [H (price agreement)] obtained by decoding SKBuyer [H (SKSeller [H (price agreement)]]]; And Credit card-based electronic payment method comprising the step of obtaining and comparing the hash value of the price agreement sent with H (price agreement) obtained by decoding SKSeller [H (price agreement)] when the two values match. . The method of claim 1, The receipt transmission step, A step of confirming whether or not the seller is a receipt for a transaction for which the seller applied for payment processing for the seventh message received from the center; And 8. The credit card-based electronic payment method of claim 8, wherein the buyer receives the eighth message and checks whether the receipt of the goods to be purchased is correct. The method of claim 11, Receipt information consisting of an ID of the center used by the seller, an ID of the seller, an ID of the buyer, a code, number, a random number, a price, etc., to confirm whether or not the receipt is for a transaction for which payment processing is applied. Credit card-based electronic payment method, characterized in that all compared. The method of claim 11, The purchaser compares all receipt information consisting of the ID of the center, the ID of the seller, the ID of the buyer, the code, the number, the random number, the price, etc., in order to confirm that the receipt for the product to be purchased is correct. A credit card based electronic payment method. The method of claim 1. A credit card-based electronic payment method comprising generating a secret session key required for encrypting payment information exchanged between electronic payment system components for each necessary step and performing key distribution using a public key cryptography.