US20200134610A1 - Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code - Google Patents

Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code Download PDF

Info

Publication number
US20200134610A1
US20200134610A1 US16/728,796 US201916728796A US2020134610A1 US 20200134610 A1 US20200134610 A1 US 20200134610A1 US 201916728796 A US201916728796 A US 201916728796A US 2020134610 A1 US2020134610 A1 US 2020134610A1
Authority
US
United States
Prior art keywords
code
virtual
virtual code
payment card
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/728,796
Inventor
Chang Hun Yoo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SSenStone Inc
Original Assignee
SSenStone Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from PCT/KR2018/008741 external-priority patent/WO2019031761A1/en
Application filed by SSenStone Inc filed Critical SSenStone Inc
Assigned to SSenStone Inc. reassignment SSenStone Inc. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: YOO, CHANG HUN
Publication of US20200134610A1 publication Critical patent/US20200134610A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
    • H04Q9/04Arrangements for synchronous operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3672Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • G06Q20/0658Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash e-cash managed locally
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/351Virtual cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/354Card activation or deactivation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2209/00Arrangements in telecontrol or telemetry systems
    • H04Q2209/40Arrangements in telecontrol or telemetry systems using a wireless architecture

Definitions

  • Embodiments of the inventive concept disclosed herein relate to a method and a program for outputting a virtual code, which is generated from a payment card, on a screen, and the payment card for generating the virtual code, and more particularly to a method for transmitting a virtual code generated from a payment card to a mobile terminal and outputting the virtual code on a screen, and a payment card for the same.
  • IPIN Internet Personal Identification Number
  • social security number for user identification
  • card number for payment
  • account number used for payment
  • the payment card which generates the virtual code, has no display on the surface, so the generated virtual code may not be visually identified.
  • the direct identification of the virtual code is unnecessary when payment is performed offline, there is a difficulty in online payment or offline payment requiring direct input of code data.
  • Embodiments of the inventive concept provide a method and a program for outputting a virtual code, which is generated from a payment card, on a screen, which enables a user to identify the virtual code generated form the payment card having no display, through a mobile terminal of the user, and a payment card for generating a virtual code.
  • a method for outputting a virtual code, which is generated from a payment card, on a screen includes receiving, by a virtual code output application, the virtual code from the payment card after connecting the payment card with a mobile terminal through short-range wireless communication, and outputting, by the virtual code output application, the virtual code on the screen.
  • the virtual code output application is installed or embedded in the mobile terminal.
  • the virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • the virtual code output application is activated when the short-range wireless communication is made between the payment card and the mobile terminal as the virtual code output application is run in the background in the mobile terminal.
  • a method for outputting a virtual code, which is generated from a payment card, on a screen includes synchronizing, by a virtual code output application, time of an encryption algorithm through wireless communication between a virtual code output application and the payment card, receiving, by the virtual code output application, an encrypted code generated from the payment card, wherein the encrypted code is obtained by encrypting the virtual code generated from the payment card based on the synchronized encryption algorithm, decrypting, by the virtual code output application, the encrypted code to the virtual code based on the encryption algorithm, and outputting, by the virtual code output application, the virtual code on the screen.
  • the virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • the encryption algorithm is matched to an encryption rule every time.
  • the payment card generates at least one detailed code through at least one detailed code generating function, and generates the virtual code by combining the at least one detailed code through a detailed code combining function.
  • the detailed code generating function and the detailed code combining function are included in the virtual code generating function.
  • the at least one detailed code includes a first code to set a starting point of searching for a storage position, and a second code to set a search path to the storage position from the starting point according to a specific searching scheme.
  • a method for outputting a virtual code, which is generated from a payment card, on a screen includes receiving, by a second virtual code generating module, a virtual security code from a first virtual code generating module, generating, by the second virtual code generating module, at least one detailed code through at least one detailed code generating function, generating, by the second virtual code generating module, the virtual code through combination of the at least one detailed code through at least one detailed code combining function, and outputting, by the second virtual code generating module the virtual code the screen.
  • the virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • the virtual code generating function includes the detailed code generating function and the detailed code combining function.
  • the first virtual code generating module is included in the payment card, and the mobile terminal is embedded therein or installed with a virtual code output application including the second virtual code generating module.
  • the second virtual code generating module generates a plurality of detailed codes matched to a unit count in which generation of the virtual code is requested using the virtual security code, generates the virtual code by combining the plurality of detailed codes, and outputs the virtual code on the screen.
  • the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • the plurality of detailed codes include a first code generated based on a first count, and a second code generated based on a second count.
  • the first count is the number of unit counts elapsed from an initial time point at which the virtual code generating function is run in a virtual code verifying server
  • the second count is the number of unit counts elapsed from a time point at which a real card number of a specific user is issued
  • the generating of the at least one detailed code includes applying the virtual security code to the second count or the number of counts elapsed from a current time point.
  • the method may further include providing, by the virtual code output application, the virtual code to a clipboard.
  • the virtual code provided on the clipboard is input to an online payment page in response to an operation of a user.
  • a payment card includes a virtual code generating unit to generate a virtual code, and a virtual code transmitting unit to transmit the virtual code to a mobile terminal after recognizing connection with the mobile terminal through short-range wireless communication.
  • the mobile terminal outputs, on a screen, the virtual code received from a payment card through a virtual code output application, the virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • a payment card includes a virtual code generating unit to generate a virtual code at every unit count through a virtual code generating function, a timer to synchronize time of an encryption algorithm through wireless communication with a mobile terminal, an encrypted code generating unit to generate an encrypted code from the virtual code based on the synchronized encryption algorithm, a wireless communication unit to transmit the encrypted code to the mobile terminal through wireless communication.
  • the wireless communication unit transmits synchronization condition data to the mobile terminal or receives the synchronization condition data from the mobile terminal, the mobile terminal outputs, on a screen, the virtual code received from a payment card through a virtual code output application, the virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored therein, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • a payment card includes a first virtual code generating module.
  • the first virtual code generating module includes a virtual security code generating unit to generate a virtual security code using a time value and a card security code of a real card number, in which the virtual security code is a disposable code having a specific digit number, and a wireless communication unit to transmit the virtual security code to a mobile terminal.
  • the mobile terminal is embedded or installed with a virtual code output application including a second virtual code generating module, the second virtual code generating module generates a plurality of detailed codes matched to a unit count in which generation of the virtual code is requested using the virtual security code, generates the virtual code by combining the plurality of detailed codes, and outputs the virtual code on the screen.
  • the virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • FIG. 1 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen according to an embodiment of the inventive concept;
  • FIG. 2 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen according to another embodiment of the inventive concept;
  • FIG. 3 is a flowchart illustrating a procedure of generating an encrypted code after generating a virtual code from a payment card
  • FIG. 4 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen according to another embodiment of the inventive concept;
  • FIG. 5 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen, in which the method further includes providing the virtual code to a clipboard, according to another embodiment of the inventive concept;
  • FIG. 6 is a block diagram illustrating the internal structure of a payment card to transmit a virtual code through short-range wireless communication, according to another embodiment of the inventive concept
  • FIG. 7 is a block diagram illustrating the internal structure of a payment card to transmit an encrypted code based on a virtual code, according to still another embodiment of the inventive concept.
  • FIG. 8 is a block diagram illustrating the internal structure of a payment card to transmit a virtual security code according to another embodiment of the inventive concept.
  • a ‘character’ is an element to form a code, and includes an entire portion or some of an uppercase alphabet, a lowercase alphabet, a number, and a special character.
  • a ‘code’ refers to a character string in which characters are listed.
  • a ‘card number’ which is used for a financial transaction, such as payment, is a number assigned to a card, and transmitted to a card company in the situation of payment or the cancellation of the payment.
  • a ‘real card number’ is a number assigned to a card of a specific user by a card company.
  • the ‘real card number’ refers to a number assigned to a general actual card or a mobile card.
  • a ‘virtual code’ is a card number temporarily generated to be connected to a real card number, and is a code having a specific digit number, which is formed using characters including numbers.
  • the virtual code includes a virtual card number used to detect a real card number in a financial company server, a virtual token used to detect the real card number in a virtual token verification server.
  • the ‘detailed code’ refers to some code included in the virtual token.
  • the detailed code refers to a individual code separately generated and constituting the virtual token.
  • a ‘unit count’ is set as a specific time interval and changed as the specific time interval is elapsed.
  • ‘count 1’ may be set as a specific time interval (for example, 1.5 seconds) and used.
  • a ‘virtual code generating function’ refers to a function used to generate a virtual token.
  • a ‘detailed code generating function’ refers to a function of generating each detailed code constituting the virtual code number.
  • a ‘detailed code combining function’ refers to a function of generating a virtual code (for example, a virtual card number or a virtual token) obtained by combining or linking a plurality of detailed codes.
  • a ‘mobile terminal’ includes various devices to provide a result for a user by performing an arithmetic operation.
  • a computer may correspond to, as well as a desktop personal computer (PC) or a notebook, a smartphone, a tablet PC, a cellular phone, a personal communication service (PCS) phone, a mobile terminal of a synchronous/asynchronous international mobile telecommunication (IMT-2000), a palm personal computer, or a personal digital assistant (PDA).
  • PC personal computer
  • PCS personal communication service
  • IMT-2000 synchronous/asynchronous international mobile telecommunication
  • PDA personal digital assistant
  • a ‘payment card’ refers to an entire portion or a portion of the virtual code generating function.
  • a ‘payment service server’ includes all servers of providers linking or assisting a payment service between a virtual token verifying server or a financial company server in a virtual token generating device or a POS terminal.
  • the payment service server may correspond to a payment gateway (a service provider that performs transactions with a financial institution on the Internet), a payment agency (VAN company), or a server of Acquirer.
  • a ‘financial company server’ refers to a server that determines whether to approve payment based on the real card number.
  • a ‘virtual token verifying server’ refers to a server that detects a real card number based on a virtual token and transmits the real card number to the payment service server or the financial company server.
  • a ‘virtual code output application’ which is an application installed or embedded in a mobile terminal, outputs a virtual code on a screen.
  • short-range wireless communication refers to wireless communication performed as a terminal, which is spaced, comes into contact or proximity.
  • short-range wireless communication refers to a scheme in which a plurality of terminals make wireless communication at distances where users manually control the terminals while personally determining communication states.
  • a ‘virtual code generating module’ refers to a module to generate a virtual code in the form provided to a virtual code verifying server.
  • the ‘virtual code generating module’ may be divided into a plurality of detailed modules depending on functions.
  • the detailed modules included in the virtual code generating module may be included in one terminal device or may be separately included in individual terminal devices.
  • a ‘first virtual code generating module’ refers to a module to generate a virtual security code used to generate the virtual code.
  • a ‘second virtual code generating module’ refers to a module to generate a virtual code using the virtual security code generated from the first virtual code generating module.
  • the ‘second virtual code generating module’ includes a detailed code generating function and a detailed code combining function.
  • the ‘real card number’ includes at least one of a card identification (ID) number, a card security code, and a card validity period.
  • the card ID number is a code assigned to identify a card company, a card type, and a card user.
  • the card ID number assigned to a card has 15 or 16 digits.
  • the first 6 digits constitute the issuer identification number (IIN) of the card
  • the 7 th digit to the 15 th digit have codes assigned to each card according to an arbitrary rule
  • the 16 th digit has a value for verifying the card ID number according to a specific formula.
  • the card security code is printed at one side of the card and has a specific digit number (for example, Visa and Master have three digits, and American Express has four digits).
  • a specific digit number for example, Visa and Master have three digits, and American Express has four digits.
  • the card security code of a 3-digit code and the card ID number of a 16-digit code are encrypted/decrypted according to the specific rule. If the relevant values are matched, the card is verified as a normal card.
  • the card security codes have different names depending on card companies.
  • the card security code of Visa card is called Card Verification Value (CVV)
  • the card security card of MasterCard/JCB is called Card Validation Code (CVC)
  • the card security code of American Express is called Confidential Identifier Number or Card Identification Number (CID).
  • the card validity period refers to a time limit that may be used after a real card number is issued.
  • two digits are assigned to each of year and month fields to form a 4-digit code.
  • FIG. 1 is a flowchart illustrating a method for outputting the virtual code, which is generated from the payment card, on a screen, according to an embodiment of the inventive concept.
  • the method for outputting the virtual code generated from the payment card includes receiving, by a virtual code output application, the virtual code from the payment card after connecting the payment card with a mobile terminal through short-range wireless communication (S 120 ), and outputting, by the virtual code output application, the virtual code on the screen (S 140 ).
  • the virtual code output application receives the virtual code from the payment card after connecting the payment card with the mobile terminal through short-range wireless communication (S 120 ).
  • the virtual code output application may receive the virtual code generated from the payment card as a user manipulates the mobile terminal or the payment card.
  • the virtual code output application when the user manipulates the mobile terminal, the virtual code output application is run to transmit a request the payment card to provide the virtual code through short-range wireless communication (for example, NFC communication). Thereafter, when the payment card is connected with the mobile terminal through the short-range wireless communication, the payment card generates and transmits a virtual code corresponding to a relevant time point.
  • the virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • the payment card when the user starts the procedure for outputting the virtual code by manipulating the payment card, the payment card receives a manipulation of activating the virtual code from the user.
  • the user may activate the payment card by operating a button provided on the surface of the payment card or by inputting an operation of shaking or tapping the payment card.
  • the payment card generates the virtual code and transmits the virtual code to the mobile terminal through short-range wireless communication.
  • the virtual code is generated corresponding to a virtual code generation time point by the virtual code generating function stored in the payment card.
  • the virtual code output application recognizes that that short-range wireless communication is made, as the payment card is in the proximity or contact to the mobile terminal after the payment card is activated.
  • the virtual code output application is activated, when the short-range wireless communication is made between the payment card and the mobile terminal, as the virtual code output application is run in the background in the mobile terminal.
  • the payment card transmits the virtual code through long-range wireless communication (for example, Bluetooth communication) rather than short-range wireless communication, there may occur a situation that another person intercepts the virtual code and uses the virtual code for payment. Accordingly, the short-range wireless communication is made between the payment card and the mobile terminal.
  • long-range wireless communication for example, Bluetooth communication
  • short-range wireless communication is made between the payment card and the mobile terminal.
  • a mobile terminal case for inserting the payment card for example, a smartphone case allowing the payment card to be inserted into the rear surface of a smartphone
  • the payment card and the mobile terminal is in contact with each other. Accordingly, the user may activate the payment card by manipulating the mobile terminal or the payment card, without performing a separate operation to bring the payment card into contact with the mobile terminal.
  • the payment card and the mobile terminal are in contact with each other in the state that the user views the screen of the mobile terminal. Accordingly, the user does not need to perform a separate operation to bring the payment card into contact with the mobile terminal.
  • the user may activate the payment card disposed on the rear surface of the mobile terminal by tapping the payment card with a finger of the user or pressing a button, and the payment card may generate a virtual code through a virtual code generating function stored in the payment card.
  • a program for outputting the virtual code in the mobile terminal receives the virtual code from the payment card through short-range wireless communication. Since the mobile terminal and the payment card are in proximity to each other, the user does not need to perform a separate operation to bring the payment card into contact with the mobile terminal or to make the payment card in proximity to the mobile terminal.
  • the virtual code output application outputs the virtual code on the screen (S 140 ).
  • the virtual code output application includes a user interface for displaying the virtual code on the screen.
  • the virtual code output application further includes providing the virtual code to a clipboard.
  • the virtual code output application may include a button for requesting the virtual code to be provided to the clipboard on the user interface for displaying the virtual code.
  • the virtual code output application provides the clipboard such that the virtual code output on the screen is inserted into another program in response to the request of the user.
  • FIG. 2 is a method for outputting the screen of the virtual code generated from the payment card, according to another embodiment of the inventive concept.
  • the method for outputting the virtual code generated from the payment card includes synchronizing, by the virtual code output application, time of an encryption algorithm through wireless communication between the virtual code output application and the payment card (S 220 ); receiving, by the virtual code output application, an encrypted code generated in the payment card (S 240 ; encrypted code receiving step), decrypting, by the virtual code output application, the encrypted code to a virtual code based on the encryption algorithm (S 260 ), and outputting, by the virtual code output application, the virtual code on the screen (S 280 ).
  • S 220 receives, by the virtual code output application, an encrypted code generated in the payment card
  • S 240 encrypted code receiving step
  • decrypting by the virtual code output application, the encrypted code to a virtual code based on the encryption algorithm
  • S 280 outputting, by the virtual code output application, the virtual code on the screen
  • the virtual code output application synchronizes the time of the encryption algorithm through the wireless communication between the virtual code output application and the payment card (S 220 ).
  • the payment card and the mobile terminal that is, the virtual code output application
  • the payment card include the same encryption algorithm. Accordingly, the payment card generates the virtual code in the form of an encryption code as described below, and decrypts the received encryption code to recover the virtual code.
  • the virtual code generating module in the payment card and the mobile terminal may change the encryption algorithm (for example, may change an encryption pattern (or an encryption code change pattern) depending on a specific rule to prevent another person from obtaining a plurality of encryption codes, which are provided from the virtual code generating module to the mobile terminal, to find out the encryption algorithm.
  • the encryption algorithm for example, may change an encryption pattern (or an encryption code change pattern) depending on a specific rule to prevent another person from obtaining a plurality of encryption codes, which are provided from the virtual code generating module to the mobile terminal, to find out the encryption algorithm.
  • the payment card when the payment card receives the request to generate a virtual code from the virtual code output application or when the operation of requesting the payment card to generate the virtual code is input from a user, the payment card synchronizes the time with the mobile terminal (that is, the virtual code output application) such that the payment card (that is, the virtual code generating module) and the mobile terminal (that is, the virtual code output application) perform converting and recovering with the same encryption pattern.
  • the virtual code generating module in the payment card may perform synchronization to be matched to the time data of a clock included in the mobile terminal (that is, the virtual code output application).
  • the mobile terminal since the mobile terminal includes a global positioning system (GPS) module or a wireless communication module (for example, a Wi-Fi module or LTE module) that is able to communicate with an external server, the mobile terminal may accurately match the time data. However, since the payment card produces time, errors may occur. Accordingly, the time data in the mobile terminal may be mismatched from the time data in the payment card. Accordingly, the timers in the payment card and the mobile terminal need to be synchronized with each other such that the virtual code output application and the virtual code generating module perform encryption based on time data. The scheme of changing an encryption pattern by utilizing the time data will be described below.
  • the virtual code output application receives the encrypted code generated from the payment card (S 240 ).
  • the virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • the virtual code generating module in the payment card generates the virtual code (S 241 ; virtual code generating step).
  • the virtual code generating module may include the same virtual code generating function as that included in the virtual code verifying server (that is, the financial company server or a virtual token verifying server). Accordingly, the virtual code verifying server (for example, financial company server) may perform a financial transaction after receiving a virtual code, which is generated by the virtual code generating module in the payment card to be output to the outside in offline payment or is provided by the virtual code output application, and detecting a real card number.
  • the virtual code generating function generates the virtual code in various schemes.
  • the virtual code generating step (S 241 ) includes generating, by the virtual code generating module, at least one detailed code through at least one detailed code generating function, and generating, by the virtual code generating module, the virtual code by combining the at least detailed code through a detailed code combining function.
  • the virtual code generating function includes the detailed code generating function and the detailed code combining function.
  • the virtual code generating module generates at least one detailed code through at least one detailed code generating function.
  • the virtual code generating module generates a first code and a second code by including a first function and a second function as the detailed code generating function.
  • the plurality of detailed codes include a first code for setting a starting point for detecting a storage position of a real card number in the virtual code verifying server (for example, the financial company server or the virtual token verifying server); and a second code for setting a detecting path from the starting point to the storage position according to the specific detection scheme.
  • the virtual code verifying server for example, the financial company server or the virtual token verifying server
  • a virtual code generating module includes, as a detailed code generating function, a first function to generate the first code and a second function to generate the second code for enhancing the security, but may not include data on the correlation between the first code and the second code.
  • the plurality of detailed codes may include: a first code generated based on a first count; and a second code generated based on a second count.
  • the first count corresponds to the number of unit counts elapsed from the initial time point at which the virtual code generating function is run in the virtual code verifying server
  • the second count is the number of unit counts elapsed from a time point (issued time point) at which the real card number of a specific user is issued.
  • a first function for generating the first code is a function for providing a specific code value corresponding to the first count
  • a second function for generating the second code is a function for providing a specific code value corresponding to the second count.
  • the virtual code is not duplicated regardless of the virtual code generating time and a user.
  • the first code is set to any one code value (for example, a code value corresponding to a time point at which the generation of the virtual code is requested) of the codes matched at each count from the initial time point at which the first function is run in the virtual code verification server.
  • the virtual code generating module generates a code value, which is varied at every virtual code generating time, as the first code for the same user.
  • the second count value is always varied in each virtual code generating module at the same time point to prevent the real card number from being issued at the same time point. Accordingly, the virtual code generating module always generates a different second code for each user at the same time point.
  • the first code has a different code value at each count and the second code has a different code value in the virtual code generating module (that is, an APP card application installed in a mobile terminal 10 of each user) of each user at the same time point. Accordingly, the virtual code generated by combining the first code and the second code is output without being duplicated, regardless of a user and a virtual code generation request time.
  • the virtual code generating module that is, an APP card application installed in a mobile terminal 10 of each user
  • the virtual code generating module generates the first code and the second code by using a virtual security code.
  • the virtual code generating module (or a first virtual code generating module to generate the virtual security code and a second virtual code generating module when the second virtual code generating module is included to generate a virtual code based on the virtual security code) applies the virtual security code to the number of counts elapsed from the second count or the current time point.
  • the second virtual code generating module generates the first code by applying, to the first count, the number of counts, which is obtained by adding a count (that is, the count serving as a basis of the generation of the second code), which corresponds to the issued time point of the real card number, to the virtual security code.
  • the first virtual code generating module included in the virtual code generating module generates a virtual security code through One Time Password (OTP; a user authentication scheme employing a disposable password randomly generated instead of a fixed password).
  • OTP One Time Password
  • the first virtual code generating module generates an OTP by using, as key data, time data (that is, the virtual code generation requesting time point), an intrinsic card value, and a card security code (that is, a CVC or CVV of the real card number) of a real card number
  • the second virtual code generating module generates each detailed code using the virtual security code.
  • the second virtual code generating module applies the virtual security code to a second count (that is, the number of counts shifted from the issued time point of the real card number) or the number (that is, the number of counts shifted from the current time point) of counts elapsed from a current time point.
  • the second virtual code generating module generates the first code by applying, to the first count, the number of counts, which is obtained by adding a count (that is, the count serving as a basis of the generation of the second code), which corresponds to the issued time point of the real card number, to the virtual security code. Accordingly, as another person fails to recognize the sequence (that is, the first function and the second function) provided by the first code and the second code forming the virtual code, security may be improved.
  • the virtual code generating module generates a virtual code by combining the at least one detailed code through the detailed code combining function.
  • a scheme of generating one virtual code by combining a plurality of detailed codes may include various schemes.
  • the detailed code combining function may generate a virtual code by alternately placing a first code having N digits and a second code having N digits.
  • the detailed code generating function may be a function of placing the second code after the first code. As detailed codes included in the virtual function are increased, various detailed code generating functions may be generated.
  • the virtual code generating module generates an encrypted code from a virtual code based on the synchronized encryption algorithm (S 242 ). In other words, the virtual code generating module generates the encrypted code from the virtual code based on a conversion pattern (that is, an encryption pattern) corresponding to a time point synchronized with a time point of the virtual code output application in the mobile terminal.
  • a conversion pattern that is, an encryption pattern
  • another person is prevented from recovering the virtual code due to the leakage of key data as the OTP code for code conversion, which is changed every moment, is used as the key data for encryption or decryption.
  • the virtual code generating module and the encryption module in the payment card perform encryption and decryption using the OPT code for code conversion, which is randomly generated through an OTP function at each moment, another person fails to detect key data used for encryption and decryption at a specific time point. Accordingly, this may solve the problem occurring in a conventional encryption scheme in which the key data used for encryption and decryption is fixed to allow another person to decrypt the encrypted code due to the leakage of the key data.
  • an OTP code for code conversion is generated using an ID value (for example, the intrinsic number of the payment card) included in the payment card and the synchronized time data, and a relevant conversion pattern is applied to the OTP code for the code conversion, thereby converting the virtual code into the encrypted code.
  • the virtual code generating module which may have various rules (that is., encryption rules) for generating an encrypted code from a virtual code, may generate the encrypted code by applying a relevant encryption rule to the OTP code value for code conversion, which is generated at a time point at which the virtual code is generated.
  • another person detects the synchronized time data between the application and the payment card, and the identification value of the payment card, if the another person fails to recognize an algorithm of generating the OPT code for the code conversion, the another person fails to recover the virtual code from the encrypted code. In addition, if the another person fails to recognize the matching relationship between the OTP code for the code conversion and the conversion pattern (or the encryption rule), the another person fails to recover the virtual code from the encrypted code.
  • the virtual code generating module transmits the encrypted code to the mobile terminal (S 243 ).
  • the virtual code output application in the mobile terminal receives the encrypted code from the payment card.
  • the virtual code generating module may transmit the encrypted code through various communication schemes.
  • the virtual code output application decrypts the encrypted code to the virtual code based on the encryption algorithm (S 260 ). Thereafter, the virtual code output application outputs the virtual code on the screen (S 280 ).
  • FIG. 4 is a flowchart illustrating the method for outputting the virtual code, which is generated from the payment card, according to another embodiment of the inventive concept.
  • the method for outputting the virtual code, which is generated from the payment card includes receiving, by the second virtual code generating module, a virtual security code from the first virtual code generating module (S 320 ; virtual security code receiving step), generating, by the second virtual code generating module, at least one detailed code through at least one detailed code generating function (S 340 ), generating, by the second virtual code generating module, the virtual code through combination of at least one detailed code through at least one detailed code combining function (S 360 ), and outputting, by the second virtual code generating module, the virtual code on the screen (S 380 ).
  • the details of each step will be described in detail.
  • the payment card may include the first virtual code generating module and the second virtual code generating module to generate the virtual code and to output the virtual code to the outside in offline payment.
  • the payment card may use the display of the mobile terminal instead through a program for outputting the virtual code, to generate the virtual code.
  • the present embodiment is performed by the first virtual code generating module included in the payment card and the second virtual code generating module included in the virtual code output application.
  • the present embodiment relates to a procedure of performing the second virtual code generating module in the virtual code output application.
  • the second virtual code generating module receives a virtual security code from the first virtual code generating module (S 320 ; virtual security code receiving step).
  • the first virtual code generating module in the payment card transmits a virtual security code, which is used to generate a virtual code, to a mobile terminal having a virtual code output application including the second virtual code generating module.
  • the first virtual code generating module is embedded or installed in the payment card and includes a virtual security code generating function.
  • the virtual security code is an OTP code generated by using time data (that is, the virtual code generation requesting time point), an intrinsic card value, and a card security code (that is, a CVC or CVV of the real card number) of a real card number.
  • the intrinsic card value refers to an intrinsic value assigned to the payment card. In other words, the intrinsic card value is an intrinsic value assigned to the payment card corresponding to the electronic device.
  • the first virtual code generating module may sore the intrinsic card value and a card security code therein to generate the virtual security code.
  • the first virtual code generating module generates a virtual security code through One Time Password (OTP; a user authentication scheme employing a disposable password randomly generated instead of a fixed password).
  • OTP One Time Password
  • the first virtual code generating module generates an OTP by using, as key data, time data (that is, the virtual code generation requesting time point), an intrinsic card value, and a card security code (that is, a CVC or CVV of the real card number) of a real card number
  • the virtual code output application receives the virtual security code from the payment card through wireless communication.
  • the first virtual code generating module encrypts the virtual security code using a password as the key data and transmits the virtual security code.
  • the virtual code output application having the encrypted virtual security code received therein performs decryption based on a payment card password stored therein, thereby detecting the virtual security code.
  • the password may be set in the process of initially linking the payment card and the virtual code output application, or may be set as a serial number of the payment card.
  • the mobile terminal may receive the virtual security code and provide the virtual code to the virtual code output application, through various wireless communication schemes.
  • the second virtual code generating module generates at least one detailed code through at least one detailed code generating function (S 340 ).
  • the second virtual code generating module included in the virtual code output application generates a plurality of detailed codes suitable for a unit count, at which the generation of the virtual code is requested, using the virtual security code received from the first virtual code generating module in the virtual code output application.
  • the virtual code generating module may reflect the virtual security code in generating the first code and the second code without outputting the virtual code to the outside.
  • the plurality of detailed codes may include: a first code generated based on a first count; and a second code generated based on the second count.
  • the first count is the number of unit counts elapsed from the initial time point at which the virtual code generating function is run in the virtual code verifying server
  • the second count is the number of unit counts elapsed from a time point at which the real card number of a specific user is issued.
  • a first function for generating the first code is a function for providing a specific code value corresponding to the first count
  • a second function for generating a second code is a function for providing a specific code value corresponding to the second count.
  • the second virtual code generating module applies the virtual security code to a second count (that is, the number of counts shifted from the issued time point of the real card number) or the number (that is, the number of counts shifted from the current time point) of counts elapsed from a current time point.
  • the second virtual code generating module generates the first code by applying, to the first count, the number of counts, which is obtained by adding a count (that is, the count serving as a basis of the generation of the second code), which corresponds to the issued time point of the real card number, to the virtual security code.
  • the second virtual code generating module generates the first code corresponding to the count obtained by adding the virtual security code to the issued time point of the real card number, and generates the second code of the count corresponding to the virtual security code.
  • the first code and the second code are generated based on a count shifted by the virtual security code from a time point A, at which the real card number is issued to a first user.
  • the count shifted from the time point A may be a count prior to or posterior to a count corresponding to the current time point, depending on the virtual security code value. Accordingly, as another person fails to recognize the providing sequence (that is, the first function and the second function) of the first code and the second code forming the virtual code, security may be improved.
  • the first code of the plurality of detailed codes is a code for setting a starting point of detecting the storage position of the real card number in the financial company server and virtual token verifying server
  • the second code of the plurality of detailed codes may be a code for setting a detecting path of the storage position from the starting point depending on a specific detecting scheme.
  • the searching scheme may be determined by a storage position detecting algorithm.
  • the virtual code generating function when a first code or a second code having N digits is generated using M characters, the virtual code generating function includes a first function or a second function to provide the first code or the second code generated by changing M N codes at every unit count.
  • the first function or the second function which is a function to generate M N codes, which are not duplicated as the count increases, generates a specific one of M N codes as the first code or the second code at a count corresponding to a specific time point.
  • the virtual code generating unit 110 generates a new virtual code at every unit count by generating a new detailed code (that is, the first code or the second code) at every unit count without duplicating the first code or the second code for a M N count (that is, time length corresponding M N count).
  • the first code and the second code have the correlation for detecting the storage position of the real card number in the financial company server or the virtual token verifying server
  • the virtual code generator or a user client includes a first function to generate the first code and a second function to generate the second code for enhancing the security, but may not include data on the correlation between the first code and the second code.
  • the virtual code generating function generates a first code or a second code having N digits using M characters
  • M N codes are used as the first code or the second code
  • each code is matched at every count from the initial time point at which the detailed code generating function is run. For example, when the count client is set to one second, the detailed code generating function matches different M N codes at every second from the time point in which the detailed code generating function is initially run.
  • the period of using a specific detailed code generating function or a use period (e.g., the validate period of the payment card to generate the virtual code) of the virtual code generator is set to be a time length shorter than the time length (for example, M N second when the first count is one second) corresponding to an M N count, the duplicated code of the first code or the second code is not generated for the use period.
  • the virtual code generator or the user client may generate, as the first code or the second code, a code value matched to a count corresponding to the specific time point.
  • the second virtual code generating module generates a virtual code through combination of at least one detailed code through at least one detailed code generating function (S 360 ).
  • a scheme of generating one virtual code by combining a plurality of detailed codes may include various schemes.
  • the detailed code generating function may generate a virtual code through a scheme of alternately placing a first code having N digits and a second code having N digits.
  • the detailed code generating function may be a function of placing the second code after the first code. As detailed codes included in the virtual function are increased, various detailed code generating functions may be generated.
  • the virtual code combining function couple a fixed code with the first code and the second code.
  • the virtual code may include a fixing code, which is not changed to distinguish between groups, together with a plurality of detailed codes.
  • the fixed code includes a code for identifying the code or virtual code for determining a card company or card type corresponding to the real card number.
  • the fixed code is connected to a specific position of the virtual code. For example, when the virtual code generating function is assigned for each card company or each card type, the virtual code generator or the user client uses the first six digits, which represent the card company or the card type, of card numbers.
  • the financial company server or the virtual token verifying server may identify a specific card company or a specific card type to which the virtual code generator is applied in the virtual code generator or the user client.
  • the fixed code is a code for determining the card company or card type corresponding to the real card number.
  • the fixed code when the virtual code corresponds to a virtual token, the fixed code includes information or a code identifying that the virtual code corresponds to the virtual token.
  • a payment service server for example, VAN server or PG company server
  • a payment terminal for example, kiosk device or POS device
  • the virtual code output program includes information or a code identifying the virtual token in the fixed code.
  • the virtual code output program and the payment card may utilize, as the fixed code, a code that corresponds to an issuer identification number in the real card number of the user and allows the identification of the virtual token.
  • a new code matched to the IIN is assigned as the fixed code and used by using six digits corresponding to the IIN in the real card number.
  • the virtual token verifying server may store the matching relation between the fixed code and the IIN, which is identical to the matching relation in the virtual code output program or the payment card. Accordingly, when the virtual token is received, the card company and the card type of the real card number may be detected based on the fixed code.
  • the fixed code is connected to a specific position of the virtual code.
  • the virtual token verifying server or the financial company server may determine the card type group only when first extracting the fixed code from the virtual code. Therefore, the fixed code may be connected to a specific position (for example, the same position as a position of the IIN of the real card number) in the virtual code such that the fixed code is separated without an additional function.
  • the second virtual code generating module outputs a virtual code on screen (S 380 ).
  • the virtual code output application outputs, in the form of a text, the virtual code on the screen.
  • the virtual code output application generates the virtual code in the form of a bar code or a QR code to be output on the screen.
  • the virtual code output application When only the bar code or the QR code is used in offline payment, the virtual code output application generates the virtual code in the form of a bar code or a QR code to be output on the screen.
  • the virtual code output application may include a user interface for selecting the type of outputting the virtual code on the screen. For example, when a text output mode is output by a user, the virtual code output application outputs the virtual code in the form of a text. When an image output mode is output by the user, the virtual code output application outputs the virtual code in the form of a QR code or a bar code.
  • the virtual code output application further includes providing the virtual code to a clipboard (S 390 ) as illustrated in FIG. 5 .
  • the virtual code provided to the clipboard is input to an online payment page in response to the operation of the user.
  • the user has to input the virtual code displayed on the screen of the virtual code output application into an online shopping application or a web browser.
  • the virtual code output application provides the virtual code data to the clipboard such that the virtual code may be easily inserted into another application.
  • a virtual security code is used to determine, in the virtual code verifying server, whether the virtual code transmitted through the payment card is normally produced.
  • the virtual code verifying server extracts the virtual security code (that is, the received virtual security code) from the virtual code after receiving the virtual code obtained by a financial transaction terminal, and determines whether the virtual code is normal by identifying that the received virtual security code is normally generated at the financial transaction request time point, based on information (that is, the virtual security code generating function, an intrinsic card value, and a card security code a real card number) stored in the virtual code verifying server.
  • the virtual security code verifying server determines whether there is a value, which is matched to the virtual security code, of OTP numbers calculated by inputting a count in a specific range from a count, in which the virtual code is received, into the virtual security code generating function (that is, OTP function).
  • the virtual code verifying server obtains a virtual security code value (that is, OTP function value) used to generate the second code by applying the inverse function of the second function to the second code, and finds out a count in which the same value as the virtual security code value is calculated.
  • a virtual security code value that is, OTP function value
  • the count, in which the virtual code verifying server receives the virtual code may not be matched to a count in which an OTP number corresponding to the virtual security code is generated. Accordingly, the virtual code verifying server allows an error range from the count in which the virtual code is received. Accordingly, even if another person hacks the second virtual code generating module to find out the first function and the second function, if the another person fails to obtain a normal virtual security code in real time, the virtual code matched to the financial transaction request time point is not generated.
  • the method of outputting the virtual code, which is generated from the payment card, on the screen is implemented in the form of a program (or application) to be stored in a medium, so as to be executed in combination with a computer which is hardware.
  • the above-described program is a code formed in a computer language, such as C, C++, JAVA, or a machine language, that a central processing unit (CPU) of the computer can be read through a device interface of a computer, such that the computer reads the program and executes methods implemented with the program.
  • the code may include a functional code related to a function defining function necessary for executing the methods, and include a control code related to an execution procedure necessary for the functions executed by the processor of the computer in a predetermined procedure.
  • the code may further include a memory reference code indicating a location (address) of the internal or external memory of the computer, which is referred to by that additional information or media required for the computer's processor to execute the functions.
  • the code may further include a communication-related code indicating another computer or server at a remote place, a communication scheme with the another computer or server through the communication module of the computer, and an information or media type to be transmitted or received in communication.
  • the stored medium does not refer to a medium to store data for a short time such as a register, a cache, or a memory.
  • a medium that stores data but a medium which stores data semi-permanently and readable by a device.
  • the storage medium includes, for example, a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy-disk, or an optical data stage device, but the inventive concept is not limited thereto.
  • the program may be stored in various recording media on various servers to be accessed by the computer, or various recording media on the computer of the user.
  • the media may be distributed in computer systems connected over the network, and codes readable by the computer may be stored in the distribution scheme.
  • FIG. 6 is a block diagram illustrating the internal structure of the payment card to transmit the virtual code through short-range wireless communication, according to still another embodiment of the inventive concept.
  • the payment card 10 include a virtual code generating unit 110 and a virtual code transmitting unit 120 .
  • the duplicated description of the above components will be omitted.
  • the virtual code generating unit 110 generates a virtual code.
  • the virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • the virtual code generating unit 110 includes a virtual code generating module (for example, a first virtual code generating module and a second virtual code generating module).
  • the virtual code transmitting unit 120 transmits a virtual code to the mobile terminal after recognizing the connection with the mobile terminal through the short-range wireless communication.
  • the mobile terminal outputs, on the screen, the virtual code received from the payment card through the virtual code output application 40 .
  • FIG. 7 is a block diagram illustrating the internal structure of the payment card to transmit an encrypted code based on a virtual code, according to still another embodiment of the inventive concept.
  • the payment card 20 includes a virtual code generating unit 210 , a timer 220 , an encrypted code generating unit 230 , and a wireless communication unit 240 .
  • a virtual code generating unit 210 the payment card 20 includes a virtual code generating unit 210 , a timer 220 , an encrypted code generating unit 230 , and a wireless communication unit 240 .
  • the duplicated description of the above components will be omitted.
  • the virtual code generating unit 210 generates a virtual code.
  • the virtual code is generated at every unit count by the virtual code generating function.
  • the virtual code is generated as a code matched to a real card number through the virtual code generating function stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • the virtual code generating unit 210 includes a virtual code generating module (for example, a first virtual code generating module and a second virtual code generating module).
  • the timer 220 synchronizes the time of the encryption algorithm through wireless communication with the mobile terminal.
  • the encrypted code generating unit 230 generates an encrypted code from the virtual code based on the synchronized encryption algorithm.
  • the wireless communication unit 240 transmits the encrypted code to the mobile terminal through wireless communication, and transmits synchronization condition data to the mobile terminal or receives the synchronization condition data from the mobile terminal.
  • the mobile terminal outputs, on the screen, the virtual code received from the payment card through the virtual code output application 40 .
  • FIG. 8 is a block diagram illustrating the internal structure of the payment card to transmit a virtual security code according to still another embodiment of the inventive concept.
  • the payment card 30 includes a first virtual code generating module 31 .
  • the first virtual code generating module 31 includes a virtual code generating unit 310 and a wireless communication unit 320 .
  • the duplicated description of the above components will be omitted.
  • the virtual code generating unit 310 generates a virtual security code using a time value and the card security code of the real card number.
  • the virtual security code is a disposable code having a specific digit number.
  • the wireless communication unit 320 transmits the virtual security code to the mobile terminal.
  • a virtual code output application 40 including a second virtual code generating module 41 is embedded in or installed in the mobile terminal.
  • the second virtual code generating module 41 generates a plurality of detailed codes matched to a unit count in which the generation of the virtual code is requested using the virtual security code, generates a virtual code by combining the plurality of detailed codes, and outputs the virtual code on the screen.
  • the virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • the ‘unit count’ is set as a specific time interval and changed as the time interval is elapsed.
  • the virtual code may be identified through the mobile terminal, so online payment or offline payment requiring the direct input of the virtual code or the recognition of a bar code or a QR code may be performed.
  • Another person may be prevented from intercepting the virtual code to be used for payment in the process of providing the virtual code to the mobile terminal.
  • the virtual code may be visually identified, so the manufacturing costs of the payment card may be saved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Selective Calling Equipment (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

A method and a program for outputting a virtual code generated from a payment card, and a payment card for generating a virtual code are provided. The method for outputting the virtual code generated from the payment card includes receiving, by a virtual code output application, a virtual code from a payment card after connecting the payment card with a mobile terminal through short-range wireless communication, and outputting, by the virtual code output application, the virtual code on the screen.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • The present application is a continuation of International Patent Application No. PCT/KR2018/008741, filed Aug. 1, 2018, which are based upon and claims the benefit of priority to Korean Patent Application Nos. 10-2017-0100953 filed on Aug. 9, 2017 and 10-2018-0081707 filed on Jul. 13, 2018. The disclosures of the above-listed applications are hereby incorporated by reference herein in their entirety.
    • BACKGROUND
  • Embodiments of the inventive concept disclosed herein relate to a method and a program for outputting a virtual code, which is generated from a payment card, on a screen, and the payment card for generating the virtual code, and more particularly to a method for transmitting a virtual code generated from a payment card to a mobile terminal and outputting the virtual code on a screen, and a payment card for the same.
  • Data in the form of a code has been used in many fields. The data in the form of the code includes, an Internet Personal Identification Number (IPIN) and a social security number for user identification, as well as a card number and an account number used for payment.
  • However, many accidents occur in the process of using such code data. In the case of the card number, since the real card number is written on the surface of the card, the real card number is visually leaked to another person, and is transmitted to a Point of Sales (POS) terminal without change in payment using a magnetic manner.
  • Although many attempts have been made to use a virtual card number or a virtual token to prevent the real card number from being leaked, there is required data for identifying a user to detect a real card number corresponding to the virtual card number or virtual token. For example, in the case of One Time Password (OTP), although a code is changed and generated every time, a login procedure is required to determine an algorithm assigned to a user. Accordingly, it is difficult to apply the OTP to various fields. Accordingly, there is required an invention that may detect a real card number based on a virtual card number changed in real time, without providing identification information for a user or device corresponding to the real card number.
    • SUMMARY
  • The payment card, which generates the virtual code, has no display on the surface, so the generated virtual code may not be visually identified. In general, although the direct identification of the virtual code is unnecessary when payment is performed offline, there is a difficulty in online payment or offline payment requiring direct input of code data.
  • Embodiments of the inventive concept provide a method and a program for outputting a virtual code, which is generated from a payment card, on a screen, which enables a user to identify the virtual code generated form the payment card having no display, through a mobile terminal of the user, and a payment card for generating a virtual code.
  • The objects of the inventive concept are not limited to the above, but other effects, which are not mentioned, will be apparently understood to those skilled in the art.
  • According to an exemplary embodiment, a method for outputting a virtual code, which is generated from a payment card, on a screen includes receiving, by a virtual code output application, the virtual code from the payment card after connecting the payment card with a mobile terminal through short-range wireless communication, and outputting, by the virtual code output application, the virtual code on the screen. The virtual code output application is installed or embedded in the mobile terminal. The virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server. The unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • According to an exemplary embodiment, the virtual code output application is activated when the short-range wireless communication is made between the payment card and the mobile terminal as the virtual code output application is run in the background in the mobile terminal.
  • According to an exemplary embodiment, a method for outputting a virtual code, which is generated from a payment card, on a screen, includes synchronizing, by a virtual code output application, time of an encryption algorithm through wireless communication between a virtual code output application and the payment card, receiving, by the virtual code output application, an encrypted code generated from the payment card, wherein the encrypted code is obtained by encrypting the virtual code generated from the payment card based on the synchronized encryption algorithm, decrypting, by the virtual code output application, the encrypted code to the virtual code based on the encryption algorithm, and outputting, by the virtual code output application, the virtual code on the screen. The virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • According to an exemplary embodiment, the encryption algorithm is matched to an encryption rule every time.
  • According to exemplary embodiment, the payment card generates at least one detailed code through at least one detailed code generating function, and generates the virtual code by combining the at least one detailed code through a detailed code combining function. The detailed code generating function and the detailed code combining function are included in the virtual code generating function. The at least one detailed code includes a first code to set a starting point of searching for a storage position, and a second code to set a search path to the storage position from the starting point according to a specific searching scheme.
  • According to an exemplary embodiment, a method for outputting a virtual code, which is generated from a payment card, on a screen, includes receiving, by a second virtual code generating module, a virtual security code from a first virtual code generating module, generating, by the second virtual code generating module, at least one detailed code through at least one detailed code generating function, generating, by the second virtual code generating module, the virtual code through combination of the at least one detailed code through at least one detailed code combining function, and outputting, by the second virtual code generating module the virtual code the screen. The virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server. The virtual code generating function includes the detailed code generating function and the detailed code combining function. The first virtual code generating module is included in the payment card, and the mobile terminal is embedded therein or installed with a virtual code output application including the second virtual code generating module. The second virtual code generating module generates a plurality of detailed codes matched to a unit count in which generation of the virtual code is requested using the virtual security code, generates the virtual code by combining the plurality of detailed codes, and outputs the virtual code on the screen. The unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • According to an exemplary embodiment, the plurality of detailed codes include a first code generated based on a first count, and a second code generated based on a second count. The first count is the number of unit counts elapsed from an initial time point at which the virtual code generating function is run in a virtual code verifying server, the second count is the number of unit counts elapsed from a time point at which a real card number of a specific user is issued, and the generating of the at least one detailed code includes applying the virtual security code to the second count or the number of counts elapsed from a current time point.
  • According to an exemplary embodiment, the method may further include providing, by the virtual code output application, the virtual code to a clipboard. The virtual code provided on the clipboard is input to an online payment page in response to an operation of a user.
  • According to an exemplary embodiment, a payment card includes a virtual code generating unit to generate a virtual code, and a virtual code transmitting unit to transmit the virtual code to a mobile terminal after recognizing connection with the mobile terminal through short-range wireless communication. The mobile terminal outputs, on a screen, the virtual code received from a payment card through a virtual code output application, the virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • According to an exemplary embodiment, a payment card includes a virtual code generating unit to generate a virtual code at every unit count through a virtual code generating function, a timer to synchronize time of an encryption algorithm through wireless communication with a mobile terminal, an encrypted code generating unit to generate an encrypted code from the virtual code based on the synchronized encryption algorithm, a wireless communication unit to transmit the encrypted code to the mobile terminal through wireless communication. The wireless communication unit transmits synchronization condition data to the mobile terminal or receives the synchronization condition data from the mobile terminal, the mobile terminal outputs, on a screen, the virtual code received from a payment card through a virtual code output application, the virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored therein, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
  • According to an exemplary embodiment, a payment card includes a first virtual code generating module. The first virtual code generating module includes a virtual security code generating unit to generate a virtual security code using a time value and a card security code of a real card number, in which the virtual security code is a disposable code having a specific digit number, and a wireless communication unit to transmit the virtual security code to a mobile terminal. The mobile terminal is embedded or installed with a virtual code output application including a second virtual code generating module, the second virtual code generating module generates a plurality of detailed codes matched to a unit count in which generation of the virtual code is requested using the virtual security code, generates the virtual code by combining the plurality of detailed codes, and outputs the virtual code on the screen. The virtual code is generated as a code matched to a real card number through a virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
    • BRIEF DESCRIPTION OF THE FIGURES
  • The above and other objects and features will become apparent from the following description with reference to the following figures, wherein like reference numerals refer to like parts throughout the various figures unless otherwise specified, and wherein:
  • FIG. 1 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen according to an embodiment of the inventive concept;
  • FIG. 2 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen according to another embodiment of the inventive concept;
  • FIG. 3 is a flowchart illustrating a procedure of generating an encrypted code after generating a virtual code from a payment card;
  • FIG. 4 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen according to another embodiment of the inventive concept;
  • FIG. 5 is a flowchart illustrating a method for outputting a virtual code, which is generated from a payment card, on a screen, in which the method further includes providing the virtual code to a clipboard, according to another embodiment of the inventive concept;
  • FIG. 6 is a block diagram illustrating the internal structure of a payment card to transmit a virtual code through short-range wireless communication, according to another embodiment of the inventive concept;
  • FIG. 7 is a block diagram illustrating the internal structure of a payment card to transmit an encrypted code based on a virtual code, according to still another embodiment of the inventive concept; and
  • FIG. 8 is a block diagram illustrating the internal structure of a payment card to transmit a virtual security code according to another embodiment of the inventive concept.
    •  DETAILED DESCRIPTION
  • Hereinafter, an exemplary embodiment of the inventive concept will be described with reference to accompanying drawings. Advantage points and features of the inventive concept and a method of accomplishing the same will become apparent from the following description made with reference to accompanying drawings. The inventive concept, however, may be embodied in various different forms, and should not be construed as being limited only to the illustrated embodiments. Rather, these embodiments are provided as examples so that this disclosure will be thorough and complete, and will fully convey the concept of the inventive concept to those skilled in the art. The inventive concept may be defined by scope of the claims. Meanwhile, the terminology used herein to describe embodiments of the invention is not intended to limit the scope of the inventive concept. Like reference numerals refer to like elements throughout the whole specification.
  • Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by those skilled in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
  • The terminology used in the inventive concept is provided for the illustrative purpose, but the inventive concept is not limited thereto. As used herein, the singular terms “a,” “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. Furthermore, it will be further understood that the terms “comprises”, “comprising,” “includes” and/or “including”, when used herein, specify the presence of stated elements, steps, operations, and/or devices, but do not preclude the presence or addition of one or more other components, steps, operations and/or devices.
  • Herein, a ‘character’ is an element to form a code, and includes an entire portion or some of an uppercase alphabet, a lowercase alphabet, a number, and a special character.
  • Herein, a ‘code’ refers to a character string in which characters are listed.
  • Herein, a ‘card number’, which is used for a financial transaction, such as payment, is a number assigned to a card, and transmitted to a card company in the situation of payment or the cancellation of the payment.
  • Herein, a ‘real card number’ is a number assigned to a card of a specific user by a card company. In other words, the ‘real card number’ refers to a number assigned to a general actual card or a mobile card.
  • Herein, a ‘virtual code’ is a card number temporarily generated to be connected to a real card number, and is a code having a specific digit number, which is formed using characters including numbers. The virtual code includes a virtual card number used to detect a real card number in a financial company server, a virtual token used to detect the real card number in a virtual token verification server.
  • Herein, the ‘detailed code’ refers to some code included in the virtual token. In other words, when the virtual token is generated by combining a plurality of separately generated codes, the detailed code refers to a individual code separately generated and constituting the virtual token.
  • Herein, a ‘unit count’ is set as a specific time interval and changed as the specific time interval is elapsed. For example, ‘count 1’ may be set as a specific time interval (for example, 1.5 seconds) and used.
  • Herein, a ‘virtual code generating function’ refers to a function used to generate a virtual token.
  • Herein, a ‘detailed code generating function’ refers to a function of generating each detailed code constituting the virtual code number.
  • Herein, a ‘detailed code combining function’ refers to a function of generating a virtual code (for example, a virtual card number or a virtual token) obtained by combining or linking a plurality of detailed codes.
  • Herein, a ‘mobile terminal’ includes various devices to provide a result for a user by performing an arithmetic operation. For example, a computer may correspond to, as well as a desktop personal computer (PC) or a notebook, a smartphone, a tablet PC, a cellular phone, a personal communication service (PCS) phone, a mobile terminal of a synchronous/asynchronous international mobile telecommunication (IMT-2000), a palm personal computer, or a personal digital assistant (PDA).
  • Herein, a ‘payment card’ refers to an entire portion or a portion of the virtual code generating function.
  • Herein, a ‘payment service server’ includes all servers of providers linking or assisting a payment service between a virtual token verifying server or a financial company server in a virtual token generating device or a POS terminal. In other words, the payment service server may correspond to a payment gateway (a service provider that performs transactions with a financial institution on the Internet), a payment agency (VAN company), or a server of Acquirer.
  • Herein, a ‘financial company server’ refers to a server that determines whether to approve payment based on the real card number.
  • Herein, a ‘virtual token verifying server’ refers to a server that detects a real card number based on a virtual token and transmits the real card number to the payment service server or the financial company server.
  • Herein, a ‘virtual code output application’, which is an application installed or embedded in a mobile terminal, outputs a virtual code on a screen.
  • Herein, ‘short-range wireless communication’ refers to wireless communication performed as a terminal, which is spaced, comes into contact or proximity. For example, ‘short-range wireless communication’ refers to a scheme in which a plurality of terminals make wireless communication at distances where users manually control the terminals while personally determining communication states.
  • Herein, a ‘virtual code generating module’ refers to a module to generate a virtual code in the form provided to a virtual code verifying server. Herein, the ‘virtual code generating module’ may be divided into a plurality of detailed modules depending on functions. The detailed modules included in the virtual code generating module may be included in one terminal device or may be separately included in individual terminal devices.
  • Herein, a ‘first virtual code generating module’ refers to a module to generate a virtual security code used to generate the virtual code.
  • Herein, a ‘second virtual code generating module’ refers to a module to generate a virtual code using the virtual security code generated from the first virtual code generating module. In other words, the ‘second virtual code generating module’ includes a detailed code generating function and a detailed code combining function.
  • Hereinafter, the configuration of a real card number will be described to illustrate a procedure of generating and outputting a virtual code which is a substitute of the real card number, according to an embodiment of the inventive concept.
  • The ‘real card number’ includes at least one of a card identification (ID) number, a card security code, and a card validity period. The card ID number is a code assigned to identify a card company, a card type, and a card user. In general, the card ID number assigned to a card has 15 or 16 digits. In general, in the case of a card ID number having 16 digits, the first 6 digits constitute the issuer identification number (IIN) of the card, the 7th digit to the 15th digit have codes assigned to each card according to an arbitrary rule, and the 16th digit has a value for verifying the card ID number according to a specific formula.
  • The card security code is printed at one side of the card and has a specific digit number (for example, Visa and Master have three digits, and American Express has four digits). In other words, when the card security code has three digits, and the card ID number 16 digits, the card security code of a 3-digit code and the card ID number of a 16-digit code are encrypted/decrypted according to the specific rule. If the relevant values are matched, the card is verified as a normal card. The card security codes have different names depending on card companies. Accordingly, the card security code of Visa card is called Card Verification Value (CVV), the card security card of MasterCard/JCB is called Card Validation Code (CVC), and the card security code of American Express is called Confidential Identifier Number or Card Identification Number (CID).
  • The card validity period refers to a time limit that may be used after a real card number is issued. In general, in the card validity period, two digits are assigned to each of year and month fields to form a 4-digit code.
  • Hereinafter, a method and a program for outputting a virtual code generated from a payment card, and the payment card according to embodiments of the inventive concept will be described in detail with reference to accompanying drawings.
  • FIG. 1 is a flowchart illustrating a method for outputting the virtual code, which is generated from the payment card, on a screen, according to an embodiment of the inventive concept.
  • Referring to FIG. 1, according to an embodiment of the inventive concept, the method for outputting the virtual code generated from the payment card includes receiving, by a virtual code output application, the virtual code from the payment card after connecting the payment card with a mobile terminal through short-range wireless communication (S120), and outputting, by the virtual code output application, the virtual code on the screen (S140).
  • The virtual code output application receives the virtual code from the payment card after connecting the payment card with the mobile terminal through short-range wireless communication (S120). The virtual code output application may receive the virtual code generated from the payment card as a user manipulates the mobile terminal or the payment card.
  • According to an embodiment, when the user manipulates the mobile terminal, the virtual code output application is run to transmit a request the payment card to provide the virtual code through short-range wireless communication (for example, NFC communication). Thereafter, when the payment card is connected with the mobile terminal through the short-range wireless communication, the payment card generates and transmits a virtual code corresponding to a relevant time point. The virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • In addition, according to another embodiment, when the user starts the procedure for outputting the virtual code by manipulating the payment card, the payment card receives a manipulation of activating the virtual code from the user. For example, the user may activate the payment card by operating a button provided on the surface of the payment card or by inputting an operation of shaking or tapping the payment card.
  • Thereafter, the payment card generates the virtual code and transmits the virtual code to the mobile terminal through short-range wireless communication. The virtual code is generated corresponding to a virtual code generation time point by the virtual code generating function stored in the payment card. In this case, the virtual code output application recognizes that that short-range wireless communication is made, as the payment card is in the proximity or contact to the mobile terminal after the payment card is activated. According to an embodiment, the virtual code output application is activated, when the short-range wireless communication is made between the payment card and the mobile terminal, as the virtual code output application is run in the background in the mobile terminal.
  • If the payment card transmits the virtual code through long-range wireless communication (for example, Bluetooth communication) rather than short-range wireless communication, there may occur a situation that another person intercepts the virtual code and uses the virtual code for payment. Accordingly, the short-range wireless communication is made between the payment card and the mobile terminal.
  • For example, when a user uses a mobile terminal case for inserting the payment card (for example, a smartphone case allowing the payment card to be inserted into the rear surface of a smartphone), the payment card and the mobile terminal is in contact with each other. Accordingly, the user may activate the payment card by manipulating the mobile terminal or the payment card, without performing a separate operation to bring the payment card into contact with the mobile terminal. In addition, for example, when there is a space for inserting the payment card in a case cover, and when the case cover is folded and placed on the rear surface of the mobile terminal, the payment card and the mobile terminal are in contact with each other in the state that the user views the screen of the mobile terminal. Accordingly, the user does not need to perform a separate operation to bring the payment card into contact with the mobile terminal.
  • In detail, when a user uses a mobile terminal case allowing the payment card to be inserted into the rear surface of the mobile terminal, the user may activate the payment card disposed on the rear surface of the mobile terminal by tapping the payment card with a finger of the user or pressing a button, and the payment card may generate a virtual code through a virtual code generating function stored in the payment card. Thereafter, a program (virtual code output program) for outputting the virtual code in the mobile terminal receives the virtual code from the payment card through short-range wireless communication. Since the mobile terminal and the payment card are in proximity to each other, the user does not need to perform a separate operation to bring the payment card into contact with the mobile terminal or to make the payment card in proximity to the mobile terminal.
  • The virtual code output application outputs the virtual code on the screen (S140). The virtual code output application includes a user interface for displaying the virtual code on the screen.
  • In addition, according to another embodiment, the virtual code output application further includes providing the virtual code to a clipboard. The virtual code output application may include a button for requesting the virtual code to be provided to the clipboard on the user interface for displaying the virtual code. The virtual code output application provides the clipboard such that the virtual code output on the screen is inserted into another program in response to the request of the user.
  • FIG. 2 is a method for outputting the screen of the virtual code generated from the payment card, according to another embodiment of the inventive concept.
  • Referring to FIG. 2, according to another embodiment of the inventive concept, the method for outputting the virtual code generated from the payment card includes synchronizing, by the virtual code output application, time of an encryption algorithm through wireless communication between the virtual code output application and the payment card (S220); receiving, by the virtual code output application, an encrypted code generated in the payment card (S240; encrypted code receiving step), decrypting, by the virtual code output application, the encrypted code to a virtual code based on the encryption algorithm (S260), and outputting, by the virtual code output application, the virtual code on the screen (S280). Hereinafter, the details of each step will be made.
  • The virtual code output application synchronizes the time of the encryption algorithm through the wireless communication between the virtual code output application and the payment card (S220). The payment card and the mobile terminal (that is, the virtual code output application) include the same encryption algorithm. Accordingly, the payment card generates the virtual code in the form of an encryption code as described below, and decrypts the received encryption code to recover the virtual code.
  • The virtual code generating module in the payment card and the mobile terminal (that is, the virtual code output application) may change the encryption algorithm (for example, may change an encryption pattern (or an encryption code change pattern) depending on a specific rule to prevent another person from obtaining a plurality of encryption codes, which are provided from the virtual code generating module to the mobile terminal, to find out the encryption algorithm.
  • For example, when the payment card receives the request to generate a virtual code from the virtual code output application or when the operation of requesting the payment card to generate the virtual code is input from a user, the payment card synchronizes the time with the mobile terminal (that is, the virtual code output application) such that the payment card (that is, the virtual code generating module) and the mobile terminal (that is, the virtual code output application) perform converting and recovering with the same encryption pattern. For example, the virtual code generating module in the payment card may perform synchronization to be matched to the time data of a clock included in the mobile terminal (that is, the virtual code output application).
  • Since the mobile terminal includes a global positioning system (GPS) module or a wireless communication module (for example, a Wi-Fi module or LTE module) that is able to communicate with an external server, the mobile terminal may accurately match the time data. However, since the payment card produces time, errors may occur. Accordingly, the time data in the mobile terminal may be mismatched from the time data in the payment card. Accordingly, the timers in the payment card and the mobile terminal need to be synchronized with each other such that the virtual code output application and the virtual code generating module perform encryption based on time data. The scheme of changing an encryption pattern by utilizing the time data will be described below.
  • The virtual code output application receives the encrypted code generated from the payment card (S240). The virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server.
  • Referring to FIG. 3, the virtual code generating module in the payment card generates the virtual code (S241; virtual code generating step). The virtual code generating module may include the same virtual code generating function as that included in the virtual code verifying server (that is, the financial company server or a virtual token verifying server). Accordingly, the virtual code verifying server (for example, financial company server) may perform a financial transaction after receiving a virtual code, which is generated by the virtual code generating module in the payment card to be output to the outside in offline payment or is provided by the virtual code output application, and detecting a real card number.
  • The virtual code generating function generates the virtual code in various schemes. According to an embodiment, the virtual code generating step (S241) includes generating, by the virtual code generating module, at least one detailed code through at least one detailed code generating function, and generating, by the virtual code generating module, the virtual code by combining the at least detailed code through a detailed code combining function. In other words, the virtual code generating function includes the detailed code generating function and the detailed code combining function.
  • First, the virtual code generating module generates at least one detailed code through at least one detailed code generating function. For example, the virtual code generating module generates a first code and a second code by including a first function and a second function as the detailed code generating function.
  • According to an embodiment, in the scheme of generating the first code and the second code by the virtual code generating module, the plurality of detailed codes include a first code for setting a starting point for detecting a storage position of a real card number in the virtual code verifying server (for example, the financial company server or the virtual token verifying server); and a second code for setting a detecting path from the starting point to the storage position according to the specific detection scheme. Although the first code and the second code have the correlation for detecting the storage position of the real card number in the virtual code verifying server, a virtual code generating module includes, as a detailed code generating function, a first function to generate the first code and a second function to generate the second code for enhancing the security, but may not include data on the correlation between the first code and the second code.
  • Further, according to another embodiment, the plurality of detailed codes may include: a first code generated based on a first count; and a second code generated based on a second count. The first count corresponds to the number of unit counts elapsed from the initial time point at which the virtual code generating function is run in the virtual code verifying server, and the second count is the number of unit counts elapsed from a time point (issued time point) at which the real card number of a specific user is issued. In other words, a first function for generating the first code is a function for providing a specific code value corresponding to the first count, and a second function for generating the second code is a function for providing a specific code value corresponding to the second count.
  • Accordingly, the virtual code is not duplicated regardless of the virtual code generating time and a user. The first code is set to any one code value (for example, a code value corresponding to a time point at which the generation of the virtual code is requested) of the codes matched at each count from the initial time point at which the first function is run in the virtual code verification server. Accordingly, the virtual code generating module generates a code value, which is varied at every virtual code generating time, as the first code for the same user. In addition, the second count value is always varied in each virtual code generating module at the same time point to prevent the real card number from being issued at the same time point. Accordingly, the virtual code generating module always generates a different second code for each user at the same time point. In other words, the first code has a different code value at each count and the second code has a different code value in the virtual code generating module (that is, an APP card application installed in a mobile terminal 10 of each user) of each user at the same time point. Accordingly, the virtual code generated by combining the first code and the second code is output without being duplicated, regardless of a user and a virtual code generation request time.
  • In addition, according to an embodiment, the virtual code generating module generates the first code and the second code by using a virtual security code. In other words, the virtual code generating module (or a first virtual code generating module to generate the virtual security code and a second virtual code generating module when the second virtual code generating module is included to generate a virtual code based on the virtual security code) applies the virtual security code to the number of counts elapsed from the second count or the current time point. In this case, the second virtual code generating module generates the first code by applying, to the first count, the number of counts, which is obtained by adding a count (that is, the count serving as a basis of the generation of the second code), which corresponds to the issued time point of the real card number, to the virtual security code.
  • In detail, the first virtual code generating module included in the virtual code generating module generates a virtual security code through One Time Password (OTP; a user authentication scheme employing a disposable password randomly generated instead of a fixed password). In other words, the first virtual code generating module generates an OTP by using, as key data, time data (that is, the virtual code generation requesting time point), an intrinsic card value, and a card security code (that is, a CVC or CVV of the real card number) of a real card number
  • The second virtual code generating module generates each detailed code using the virtual security code. In other words, the second virtual code generating module applies the virtual security code to a second count (that is, the number of counts shifted from the issued time point of the real card number) or the number (that is, the number of counts shifted from the current time point) of counts elapsed from a current time point. In this case, the second virtual code generating module generates the first code by applying, to the first count, the number of counts, which is obtained by adding a count (that is, the count serving as a basis of the generation of the second code), which corresponds to the issued time point of the real card number, to the virtual security code. Accordingly, as another person fails to recognize the sequence (that is, the first function and the second function) provided by the first code and the second code forming the virtual code, security may be improved.
  • The virtual code generating module generates a virtual code by combining the at least one detailed code through the detailed code combining function. A scheme of generating one virtual code by combining a plurality of detailed codes may include various schemes. For example, the detailed code combining function may generate a virtual code by alternately placing a first code having N digits and a second code having N digits. In addition, according to another embodiment, the detailed code generating function may be a function of placing the second code after the first code. As detailed codes included in the virtual function are increased, various detailed code generating functions may be generated.
  • The virtual code generating module generates an encrypted code from a virtual code based on the synchronized encryption algorithm (S242). In other words, the virtual code generating module generates the encrypted code from the virtual code based on a conversion pattern (that is, an encryption pattern) corresponding to a time point synchronized with a time point of the virtual code output application in the mobile terminal.
  • According to an embodiment, another person is prevented from recovering the virtual code due to the leakage of key data as the OTP code for code conversion, which is changed every moment, is used as the key data for encryption or decryption. In other words, as the virtual code generating module and the encryption module in the payment card perform encryption and decryption using the OPT code for code conversion, which is randomly generated through an OTP function at each moment, another person fails to detect key data used for encryption and decryption at a specific time point. Accordingly, this may solve the problem occurring in a conventional encryption scheme in which the key data used for encryption and decryption is fixed to allow another person to decrypt the encrypted code due to the leakage of the key data.
  • In detail, in the generating of the encrypted code (S242), an OTP code for code conversion is generated using an ID value (for example, the intrinsic number of the payment card) included in the payment card and the synchronized time data, and a relevant conversion pattern is applied to the OTP code for the code conversion, thereby converting the virtual code into the encrypted code. The virtual code generating module, which may have various rules (that is., encryption rules) for generating an encrypted code from a virtual code, may generate the encrypted code by applying a relevant encryption rule to the OTP code value for code conversion, which is generated at a time point at which the virtual code is generated. Accordingly, although another person detects the synchronized time data between the application and the payment card, and the identification value of the payment card, if the another person fails to recognize an algorithm of generating the OPT code for the code conversion, the another person fails to recover the virtual code from the encrypted code. In addition, if the another person fails to recognize the matching relationship between the OTP code for the code conversion and the conversion pattern (or the encryption rule), the another person fails to recover the virtual code from the encrypted code.
  • Thereafter, the virtual code generating module transmits the encrypted code to the mobile terminal (S243). In other words, the virtual code output application in the mobile terminal receives the encrypted code from the payment card. In this case, the virtual code generating module may transmit the encrypted code through various communication schemes.
  • The virtual code output application decrypts the encrypted code to the virtual code based on the encryption algorithm (S260). Thereafter, the virtual code output application outputs the virtual code on the screen (S280).
  • FIG. 4 is a flowchart illustrating the method for outputting the virtual code, which is generated from the payment card, according to another embodiment of the inventive concept.
  • Referring to FIG. 4, according to another embodiment of the inventive concept, the method for outputting the virtual code, which is generated from the payment card, includes receiving, by the second virtual code generating module, a virtual security code from the first virtual code generating module (S320; virtual security code receiving step), generating, by the second virtual code generating module, at least one detailed code through at least one detailed code generating function (S340), generating, by the second virtual code generating module, the virtual code through combination of at least one detailed code through at least one detailed code combining function (S360), and outputting, by the second virtual code generating module, the virtual code on the screen (S380). Hereinafter, the details of each step will be described in detail.
  • To generate and output a virtual code based on a virtual security code, there are required the first virtual code generating module to generate the virtual security code and the second virtual code generating module to generate the virtual code through a virtual code generating function. The payment card may include the first virtual code generating module and the second virtual code generating module to generate the virtual code and to output the virtual code to the outside in offline payment. However, when the payment card does not include a display, the payment card may use the display of the mobile terminal instead through a program for outputting the virtual code, to generate the virtual code. To prevent the virtual code from being leaked in the process of being transmitted to the mobile terminal for screen output, only a virtual security code generated in the first virtual code generating module is transmitted to the mobile terminal, and the virtual code is completed by the second virtual code generating module, which is included in the virtual code output application and identical to that of the payment card, and is output on the screen. In other words, the present embodiment is performed by the first virtual code generating module included in the payment card and the second virtual code generating module included in the virtual code output application. In particular, the present embodiment relates to a procedure of performing the second virtual code generating module in the virtual code output application.
  • First, the second virtual code generating module receives a virtual security code from the first virtual code generating module (S320; virtual security code receiving step). As the payment card is activated or the virtual code output application is run by the operation (for example, the operation of pressing a button provided in the payment card or of moving the payment card) of the user, the first virtual code generating module in the payment card transmits a virtual security code, which is used to generate a virtual code, to a mobile terminal having a virtual code output application including the second virtual code generating module.
  • The first virtual code generating module is embedded or installed in the payment card and includes a virtual security code generating function. According to an embodiment, the virtual security code is an OTP code generated by using time data (that is, the virtual code generation requesting time point), an intrinsic card value, and a card security code (that is, a CVC or CVV of the real card number) of a real card number. The intrinsic card value refers to an intrinsic value assigned to the payment card. In other words, the intrinsic card value is an intrinsic value assigned to the payment card corresponding to the electronic device. The first virtual code generating module may sore the intrinsic card value and a card security code therein to generate the virtual security code.
  • In detail, the first virtual code generating module generates a virtual security code through One Time Password (OTP; a user authentication scheme employing a disposable password randomly generated instead of a fixed password). In other words, the first virtual code generating module generates an OTP by using, as key data, time data (that is, the virtual code generation requesting time point), an intrinsic card value, and a card security code (that is, a CVC or CVV of the real card number) of a real card number
  • The virtual code output application receives the virtual security code from the payment card through wireless communication. According to an embodiment, the first virtual code generating module encrypts the virtual security code using a password as the key data and transmits the virtual security code. The virtual code output application having the encrypted virtual security code received therein performs decryption based on a payment card password stored therein, thereby detecting the virtual security code. The password may be set in the process of initially linking the payment card and the virtual code output application, or may be set as a serial number of the payment card. The mobile terminal may receive the virtual security code and provide the virtual code to the virtual code output application, through various wireless communication schemes.
  • The second virtual code generating module generates at least one detailed code through at least one detailed code generating function (S340). The second virtual code generating module included in the virtual code output application generates a plurality of detailed codes suitable for a unit count, at which the generation of the virtual code is requested, using the virtual security code received from the first virtual code generating module in the virtual code output application. In other words, the virtual code generating module may reflect the virtual security code in generating the first code and the second code without outputting the virtual code to the outside.
  • The plurality of detailed codes may include: a first code generated based on a first count; and a second code generated based on the second count. The first count is the number of unit counts elapsed from the initial time point at which the virtual code generating function is run in the virtual code verifying server, and the second count is the number of unit counts elapsed from a time point at which the real card number of a specific user is issued. In other words, a first function for generating the first code is a function for providing a specific code value corresponding to the first count, and a second function for generating a second code is a function for providing a specific code value corresponding to the second count.
  • In other words, the second virtual code generating module applies the virtual security code to a second count (that is, the number of counts shifted from the issued time point of the real card number) or the number (that is, the number of counts shifted from the current time point) of counts elapsed from a current time point. In this case, the second virtual code generating module generates the first code by applying, to the first count, the number of counts, which is obtained by adding a count (that is, the count serving as a basis of the generation of the second code), which corresponds to the issued time point of the real card number, to the virtual security code.
  • In detail, the second virtual code generating module generates the first code corresponding to the count obtained by adding the virtual security code to the issued time point of the real card number, and generates the second code of the count corresponding to the virtual security code. In other words, the first code and the second code are generated based on a count shifted by the virtual security code from a time point A, at which the real card number is issued to a first user. The count shifted from the time point A may be a count prior to or posterior to a count corresponding to the current time point, depending on the virtual security code value. Accordingly, as another person fails to recognize the providing sequence (that is, the first function and the second function) of the first code and the second code forming the virtual code, security may be improved.
  • The first code of the plurality of detailed codes is a code for setting a starting point of detecting the storage position of the real card number in the financial company server and virtual token verifying server, and the second code of the plurality of detailed codes may be a code for setting a detecting path of the storage position from the starting point depending on a specific detecting scheme. The searching scheme may be determined by a storage position detecting algorithm.
  • In addition, according to another embodiment, when a first code or a second code having N digits is generated using M characters, the virtual code generating function includes a first function or a second function to provide the first code or the second code generated by changing MN codes at every unit count. In other words, the first function or the second function, which is a function to generate MN codes, which are not duplicated as the count increases, generates a specific one of MN codes as the first code or the second code at a count corresponding to a specific time point. Accordingly, the virtual code generating unit 110 generates a new virtual code at every unit count by generating a new detailed code (that is, the first code or the second code) at every unit count without duplicating the first code or the second code for a MN count (that is, time length corresponding MN count). Although the first code and the second code have the correlation for detecting the storage position of the real card number in the financial company server or the virtual token verifying server, the virtual code generator or a user client includes a first function to generate the first code and a second function to generate the second code for enhancing the security, but may not include data on the correlation between the first code and the second code.
  • In detail, as the virtual code generating function generates a first code or a second code having N digits using M characters, when MN codes are used as the first code or the second code, each code is matched at every count from the initial time point at which the detailed code generating function is run. For example, when the count client is set to one second, the detailed code generating function matches different MN codes at every second from the time point in which the detailed code generating function is initially run. In addition, when the period of using a specific detailed code generating function or a use period (e.g., the validate period of the payment card to generate the virtual code) of the virtual code generator is set to be a time length shorter than the time length (for example, MN second when the first count is one second) corresponding to an MN count, the duplicated code of the first code or the second code is not generated for the use period. In other words, when the count increases over time, and when the user requests the virtual code generator or the user client to generate a virtual code at a specific time point, the virtual code generator or the user client may generate, as the first code or the second code, a code value matched to a count corresponding to the specific time point.
  • The second virtual code generating module generates a virtual code through combination of at least one detailed code through at least one detailed code generating function (S360). A scheme of generating one virtual code by combining a plurality of detailed codes may include various schemes. For example, the detailed code generating function may generate a virtual code through a scheme of alternately placing a first code having N digits and a second code having N digits. In addition, according to another embodiment, the detailed code generating function may be a function of placing the second code after the first code. As detailed codes included in the virtual function are increased, various detailed code generating functions may be generated.
  • In addition, according to another embodiment, the virtual code combining function couple a fixed code with the first code and the second code. The virtual code may include a fixing code, which is not changed to distinguish between groups, together with a plurality of detailed codes. The fixed code includes a code for identifying the code or virtual code for determining a card company or card type corresponding to the real card number. The fixed code is connected to a specific position of the virtual code. For example, when the virtual code generating function is assigned for each card company or each card type, the virtual code generator or the user client uses the first six digits, which represent the card company or the card type, of card numbers. Accordingly, the financial company server or the virtual token verifying server may identify a specific card company or a specific card type to which the virtual code generator is applied in the virtual code generator or the user client. In other words, the fixed code is a code for determining the card company or card type corresponding to the real card number.
  • In addition, according to another embodiment, when the virtual code corresponds to a virtual token, the fixed code includes information or a code identifying that the virtual code corresponds to the virtual token. When a payment service server (for example, VAN server or PG company server) or a payment terminal (for example, kiosk device or POS device) receives only the virtual token, the payment service server or the payment terminal fails to distinguish among a real card number, a virtual card number directly matched to the real card number and used in the financial company server, or the virtual token to be verified in the virtual token verifying server. Accordingly, the virtual code output program includes information or a code identifying the virtual token in the fixed code. For example, the virtual code output program and the payment card may utilize, as the fixed code, a code that corresponds to an issuer identification number in the real card number of the user and allows the identification of the virtual token. For example, a new code matched to the IIN is assigned as the fixed code and used by using six digits corresponding to the IIN in the real card number. The virtual token verifying server may store the matching relation between the fixed code and the IIN, which is identical to the matching relation in the virtual code output program or the payment card. Accordingly, when the virtual token is received, the card company and the card type of the real card number may be detected based on the fixed code.
  • The fixed code is connected to a specific position of the virtual code. When the virtual code generating function is assigned for each card type group, the virtual token verifying server or the financial company server may determine the card type group only when first extracting the fixed code from the virtual code. Therefore, the fixed code may be connected to a specific position (for example, the same position as a position of the IIN of the real card number) in the virtual code such that the fixed code is separated without an additional function.
  • The second virtual code generating module outputs a virtual code on screen (S380). According to an embodiment, the virtual code output application outputs, in the form of a text, the virtual code on the screen. In addition, according to another embodiment, the virtual code output application generates the virtual code in the form of a bar code or a QR code to be output on the screen. When only the bar code or the QR code is used in offline payment, the virtual code output application generates the virtual code in the form of a bar code or a QR code to be output on the screen.
  • According to an embodiment, the virtual code output application may include a user interface for selecting the type of outputting the virtual code on the screen. For example, when a text output mode is output by a user, the virtual code output application outputs the virtual code in the form of a text. When an image output mode is output by the user, the virtual code output application outputs the virtual code in the form of a QR code or a bar code.
  • In addition, according to another embodiment, the virtual code output application further includes providing the virtual code to a clipboard (S390) as illustrated in FIG. 5. The virtual code provided to the clipboard is input to an online payment page in response to the operation of the user. For example, when the user performs online payment using the virtual code output on the screen by the virtual code output application, the user has to input the virtual code displayed on the screen of the virtual code output application into an online shopping application or a web browser. To directly input the virtual code to the screen of the application providing the payment page, the user has to repeat the procedure of alternately displaying, on the screen, the virtual code output application and the application for providing the payment page, so the user feels uncomfortable. Accordingly, the virtual code output application provides the virtual code data to the clipboard such that the virtual code may be easily inserted into another application.
  • In addition, according to another embodiment, a virtual security code is used to determine, in the virtual code verifying server, whether the virtual code transmitted through the payment card is normally produced. In other words, the virtual code verifying server extracts the virtual security code (that is, the received virtual security code) from the virtual code after receiving the virtual code obtained by a financial transaction terminal, and determines whether the virtual code is normal by identifying that the received virtual security code is normally generated at the financial transaction request time point, based on information (that is, the virtual security code generating function, an intrinsic card value, and a card security code a real card number) stored in the virtual code verifying server.
  • For example, when the virtual security code is used for the second count (that is, a clock is not included in the payment card to obtain a current time), after the virtual code verifying server (for example, the financial company server) extracts the virtual security code from the second code generated based on the virtual security code, the virtual code verifying server determines whether there is a value, which is matched to the virtual security code, of OTP numbers calculated by inputting a count in a specific range from a count, in which the virtual code is received, into the virtual security code generating function (that is, OTP function). The virtual code verifying server obtains a virtual security code value (that is, OTP function value) used to generate the second code by applying the inverse function of the second function to the second code, and finds out a count in which the same value as the virtual security code value is calculated. As there is a difference between a time point, at which the virtual security code is generated from the virtual code generating unit, and a time point, at which the virtual code verifying server receives the virtual security code, due to the transmission time or the delay of the virtual code, the count, in which the virtual code verifying server receives the virtual code, may not be matched to a count in which an OTP number corresponding to the virtual security code is generated. Accordingly, the virtual code verifying server allows an error range from the count in which the virtual code is received. Accordingly, even if another person hacks the second virtual code generating module to find out the first function and the second function, if the another person fails to obtain a normal virtual security code in real time, the virtual code matched to the financial transaction request time point is not generated.
  • As described above, according to an embodiment of the inventive concept, the method of outputting the virtual code, which is generated from the payment card, on the screen, is implemented in the form of a program (or application) to be stored in a medium, so as to be executed in combination with a computer which is hardware.
  • The above-described program is a code formed in a computer language, such as C, C++, JAVA, or a machine language, that a central processing unit (CPU) of the computer can be read through a device interface of a computer, such that the computer reads the program and executes methods implemented with the program. The code may include a functional code related to a function defining function necessary for executing the methods, and include a control code related to an execution procedure necessary for the functions executed by the processor of the computer in a predetermined procedure. In addition, the code may further include a memory reference code indicating a location (address) of the internal or external memory of the computer, which is referred to by that additional information or media required for the computer's processor to execute the functions. In addition, when it is necessary for the processor of the computer to communicate with another computer or server at a remote place to execute the function, the code may further include a communication-related code indicating another computer or server at a remote place, a communication scheme with the another computer or server through the communication module of the computer, and an information or media type to be transmitted or received in communication.
  • The stored medium does not refer to a medium to store data for a short time such as a register, a cache, or a memory. A medium that stores data, but a medium which stores data semi-permanently and readable by a device. In detail, the storage medium includes, for example, a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy-disk, or an optical data stage device, but the inventive concept is not limited thereto. In other words, the program may be stored in various recording media on various servers to be accessed by the computer, or various recording media on the computer of the user. In addition, the media may be distributed in computer systems connected over the network, and codes readable by the computer may be stored in the distribution scheme.
  • FIG. 6 is a block diagram illustrating the internal structure of the payment card to transmit the virtual code through short-range wireless communication, according to still another embodiment of the inventive concept.
  • Referring to FIG. 6, according to still another embodiment of the inventive concept, the payment card 10 include a virtual code generating unit 110 and a virtual code transmitting unit 120. Hereinafter, the duplicated description of the above components will be omitted.
  • The virtual code generating unit 110 generates a virtual code. The virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server. For example, the virtual code generating unit 110 includes a virtual code generating module (for example, a first virtual code generating module and a second virtual code generating module).
  • The virtual code transmitting unit 120 transmits a virtual code to the mobile terminal after recognizing the connection with the mobile terminal through the short-range wireless communication. The mobile terminal outputs, on the screen, the virtual code received from the payment card through the virtual code output application 40.
  • FIG. 7 is a block diagram illustrating the internal structure of the payment card to transmit an encrypted code based on a virtual code, according to still another embodiment of the inventive concept.
  • Referring to FIG. 7, according to another embodiment of the inventive concept, the payment card 20 includes a virtual code generating unit 210, a timer 220, an encrypted code generating unit 230, and a wireless communication unit 240. Hereinafter, the duplicated description of the above components will be omitted.
  • The virtual code generating unit 210 generates a virtual code. The virtual code is generated at every unit count by the virtual code generating function. The virtual code is generated as a code matched to a real card number through the virtual code generating function stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server. For example, the virtual code generating unit 210 includes a virtual code generating module (for example, a first virtual code generating module and a second virtual code generating module).
  • The timer 220 synchronizes the time of the encryption algorithm through wireless communication with the mobile terminal.
  • The encrypted code generating unit 230 generates an encrypted code from the virtual code based on the synchronized encryption algorithm.
  • The wireless communication unit 240 transmits the encrypted code to the mobile terminal through wireless communication, and transmits synchronization condition data to the mobile terminal or receives the synchronization condition data from the mobile terminal. The mobile terminal outputs, on the screen, the virtual code received from the payment card through the virtual code output application 40.
  • FIG. 8 is a block diagram illustrating the internal structure of the payment card to transmit a virtual security code according to still another embodiment of the inventive concept.
  • Referring to FIG. 8, according to still another embodiment of the inventive concept, the payment card 30 includes a first virtual code generating module 31. The first virtual code generating module 31 includes a virtual code generating unit 310 and a wireless communication unit 320. Hereinafter, the duplicated description of the above components will be omitted.
  • The virtual code generating unit 310 generates a virtual security code using a time value and the card security code of the real card number. The virtual security code is a disposable code having a specific digit number.
  • The wireless communication unit 320 transmits the virtual security code to the mobile terminal. A virtual code output application 40 including a second virtual code generating module 41 is embedded in or installed in the mobile terminal. The second virtual code generating module 41 generates a plurality of detailed codes matched to a unit count in which the generation of the virtual code is requested using the virtual security code, generates a virtual code by combining the plurality of detailed codes, and outputs the virtual code on the screen.
  • The virtual code is generated as a code matched to a real card number through the virtual code generating function, which is stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server. The ‘unit count’ is set as a specific time interval and changed as the time interval is elapsed.
  • Although embodiments of the inventive concept have been described with reference to accompanying drawings, those skilled in the art should understand that various modifications are possible without departing from the technical scope of the inventive concept or without changing the subject matter of the inventive concept. Therefore, those skilled in the art should understand that the technical embodiments are provided for the illustrative purpose in all aspects and the inventive concept is not limited thereto.
  • As described above, the inventive concept has following various effects.
  • First, even if the payment card generating the virtual code has no display, the virtual code may be identified through the mobile terminal, so online payment or offline payment requiring the direct input of the virtual code or the recognition of a bar code or a QR code may be performed.
  • Second, another person may be prevented from intercepting the virtual code to be used for payment in the process of providing the virtual code to the mobile terminal.
  • Third, even if the payment card has no display, the virtual code may be visually identified, so the manufacturing costs of the payment card may be saved.
  • While the inventive concept has been described with reference to exemplary embodiments, it will be apparent to those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the inventive concept. Therefore, it should be understood that the above embodiments are not limiting, but illustrative.

Claims (10)

What is claimed is:
1. A method for outputting a virtual code, which is generated from a payment card, on a screen, the method comprising:
receiving, by a virtual code output application, the virtual code from the payment card after connecting the payment card with a mobile terminal through short-range wireless communication; and
outputting, by the virtual code output application, the virtual code on the screen,
wherein the virtual code output application is installed or embedded in the mobile terminal,
wherein the virtual code is generated as a code, which is matched to a real card number, through a virtual code generating function stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server, and
wherein the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
2. The method of claim 1, wherein the virtual code output application is activated when the short-range wireless communication is made between the payment card and the mobile terminal as the virtual code output application is run in background in the mobile terminal.
3. A method for outputting a virtual code, which is generated from a payment card, on a screen, the method comprising:
synchronizing, by a virtual code output application, time of an encryption algorithm through wireless communication between a virtual code output application and the payment card;
receiving, by the virtual code output application, an encrypted code generated from the payment card, wherein the encrypted code is obtained by encrypting the virtual code generated from the payment card based on the synchronized encryption algorithm;
decrypting, by the virtual code output application, the encrypted code to the virtual code based on the encryption algorithm; and
outputting, by the virtual code output application, the virtual code on the screen,
wherein the virtual code is generated as a code matched to a real card number through a virtual code generating function stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server; and
wherein the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
4. The method of claim 3, wherein the encryption algorithm is matched to an encryption rule every time.
5. The method of claim 3, wherein the payment card generates a plurality of detailed codes through a plurality of detailed code generating functions;
and generates the virtual code by combining the plurality of detailed codes through a detailed code combining function,
wherein the detailed code generating function and the detailed code combining function are included in the virtual code generating function, and
wherein the plurality of detailed codes include:
a first code to set a starting point of detecting a storage position; and
a second code to set a search path to the storage position from the starting point according to a specific searching scheme.
6. A method for outputting a virtual code, which is generated from a payment card, on a screen, the method comprising:
receiving, by a second virtual code generating module, a virtual security code from a first virtual code generating module;
generating, by the second virtual code generating module, a plurality of detailed codes through a plurality of detailed code generating functions;
generating, by the second virtual code generating module, the virtual code through combination of the plurality of detailed codes through at least one detailed code combining function; and
outputting, by the second virtual code generating module, the virtual code on the screen,
wherein the virtual code is generated as a code matched to a real card number through a virtual code generating function stored in the payment card, at every unit count, and is used to detect the real card number in a financial company server or a virtual token verifying server,
wherein the virtual code generating function includes the detailed code generating function and the detailed code combining function,
wherein the first virtual code generating module is included in the payment card,
wherein the second virtual code generating module is included in a virtual code output application embedded or installed in a mobile terminal, generates the plurality of detailed codes matched to a unit count in which generation of the virtual code is requested using the virtual security code, generates the virtual code by combining the plurality of detailed codes, and outputs the virtual code on the screen, and
wherein the unit count is set as a specific time interval and changed as the specific time interval is elapsed.
7. The method of claim 6, wherein the plurality of detailed codes include:
a first code generated based on a first count; and
a second code generated based on a second count,
wherein the first count is the number of unit counts elapsed from an initial time point at which the virtual code generating function is run in a virtual code verifying server,
wherein the second count is the number of unit counts elapsed from a time point at which a real card number of a specific user is issued, and
wherein the generating of the at least one detailed code includes:
applying the virtual security code to the second count or the number of counts elapsed from a current time point.
8. The method of claim 1, further comprising:
providing, by the virtual code output application, the virtual code to a clipboard,
wherein the virtual code provided on the clipboard is input to an online payment page in response to an operation of a user.
9. The method of claim 3, further comprising:
providing, by the virtual code output application, the virtual code to a clipboard,
wherein the virtual code provided on the clipboard is input to an online payment page in response to an operation of a user.
10. The method of claim 6, further comprising:
providing, by the virtual code output application, the virtual code to a clipboard,
wherein the virtual code provided on the clipboard is input to an online payment page in response to an operation of a user.
US16/728,796 2017-08-09 2019-12-27 Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code Abandoned US20200134610A1 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
KR10-2017-0100953 2017-08-09
KR20170100953 2017-08-09
KR10-2018-0081707 2018-07-13
KR1020180081707A KR102053910B1 (en) 2017-08-09 2018-07-13 Payment card for generating virtual code, method and program for displaying the virtual card generated by payment card
PCT/KR2018/008741 WO2019031761A1 (en) 2017-08-09 2018-08-01 Screen output method and program for virtual code generated from payment card, and payment card for generating virtual code

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/008741 Continuation WO2019031761A1 (en) 2017-08-09 2018-08-01 Screen output method and program for virtual code generated from payment card, and payment card for generating virtual code

Publications (1)

Publication Number Publication Date
US20200134610A1 true US20200134610A1 (en) 2020-04-30

Family

ID=65528760

Family Applications (6)

Application Number Title Priority Date Filing Date
US16/657,170 Active US11188895B2 (en) 2017-08-09 2019-10-18 Virtual token-based settlement providing system, virtual token generation apparatus, virtual token verification server, virtual token-based settlement providing method, and virtual token-based settlement providing program
US16/728,796 Abandoned US20200134610A1 (en) 2017-08-09 2019-12-27 Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code
US16/728,846 Active 2038-09-10 US11250417B2 (en) 2017-08-09 2019-12-27 Virtual code-based control system, method, and program, control device, and control signal generating means
US16/784,195 Active 2039-03-25 US11842334B2 (en) 2017-08-09 2020-02-06 Smart card for generating virtual card number, and method and program for providing smart card-based virtual card number
US17/575,022 Active US11775963B2 (en) 2017-08-09 2022-01-13 Virtual code-based control system, method, and program, control device, and control signal generating means
US18/457,140 Pending US20230401567A1 (en) 2017-08-09 2023-08-28 Virtual code-based control system, method, and program, control device, and control signal generating means

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US16/657,170 Active US11188895B2 (en) 2017-08-09 2019-10-18 Virtual token-based settlement providing system, virtual token generation apparatus, virtual token verification server, virtual token-based settlement providing method, and virtual token-based settlement providing program

Family Applications After (4)

Application Number Title Priority Date Filing Date
US16/728,846 Active 2038-09-10 US11250417B2 (en) 2017-08-09 2019-12-27 Virtual code-based control system, method, and program, control device, and control signal generating means
US16/784,195 Active 2039-03-25 US11842334B2 (en) 2017-08-09 2020-02-06 Smart card for generating virtual card number, and method and program for providing smart card-based virtual card number
US17/575,022 Active US11775963B2 (en) 2017-08-09 2022-01-13 Virtual code-based control system, method, and program, control device, and control signal generating means
US18/457,140 Pending US20230401567A1 (en) 2017-08-09 2023-08-28 Virtual code-based control system, method, and program, control device, and control signal generating means

Country Status (6)

Country Link
US (6) US11188895B2 (en)
EP (4) EP3667593A4 (en)
JP (4) JP6931472B6 (en)
KR (17) KR101978812B1 (en)
CN (1) CN111095323B (en)
SG (3) SG10201800375TA (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11188895B2 (en) * 2017-08-09 2021-11-30 SSenStone Inc. Virtual token-based settlement providing system, virtual token generation apparatus, virtual token verification server, virtual token-based settlement providing method, and virtual token-based settlement providing program
US11983704B2 (en) 2017-08-09 2024-05-14 SSenStone Inc. Virtual token-based settlement providing system, virtual token generation apparatus, virtual token verification server, virtual token-based settlement providing method, and virtual token-based settlement providing program

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2778451T3 (en) * 2017-11-22 2020-08-10 Siemens Ag Login procedure protection
WO2020027495A1 (en) 2018-07-30 2020-02-06 주식회사 엘지화학 Lithium electrode and lithium secondary battery comprising same
KR102005554B1 (en) 2018-08-09 2019-07-30 주식회사 센스톤 Method and system for providing financial transaction using empty card
US20200242590A1 (en) * 2019-01-24 2020-07-30 Shopify Inc. E-commerce platform with tokenization system
WO2020162738A1 (en) 2019-02-08 2020-08-13 주식회사 센스톤 Method, program, server, and wearable device for providing financial transaction on basis of wearable device
CN110097358A (en) * 2019-04-28 2019-08-06 北京小米支付技术有限公司 Virtual card generation method, device, equipment and storage medium
KR102346701B1 (en) * 2019-08-30 2022-01-03 주식회사 센스톤 Apparatus, method and program for providing financial transaction by vritual card number
WO2021040243A1 (en) * 2019-08-30 2021-03-04 주식회사 센스톤 Virtual card number-based financial transaction device, virtual card number-based financial transaction provision method, and virtual card number-based financial transaction provision program
CN114467108A (en) 2019-08-30 2022-05-10 森斯通株式会社 Transaction system, method and program based on virtual code
CN114503511B (en) * 2019-08-30 2024-05-03 森斯通株式会社 User authentication method using virtual code for authentication and system therefor
WO2021040462A1 (en) * 2019-08-30 2021-03-04 주식회사 센스톤 Method, program and system for providing virtual corporate card-based financial transaction
US11113685B2 (en) * 2019-12-23 2021-09-07 Capital One Services, Llc Card issuing with restricted virtual numbers
KR20210090850A (en) 2020-01-13 2021-07-21 주식회사 코밴 Smart payment method
WO2021172877A1 (en) * 2020-02-24 2021-09-02 주식회사 센스톤 Method and program for authentication between apparatuses based on virtual authentication code
JP7297107B2 (en) * 2020-02-24 2023-06-23 センストーン インコーポレイテッド User setting information authentication method, program and device using virtual code
KR102464002B1 (en) * 2020-02-24 2022-11-07 주식회사 센스톤 Device and method for authentication between device based on virtual authentication code
EP3968253B1 (en) * 2020-02-24 2024-04-17 SSenStone Inc. Method, program, and device for authenticating user setting information by using virtual code
JP7469490B2 (en) * 2020-02-24 2024-04-16 株式会社センストーン Apparatus and method for approving procedures based on virtual authentication code
KR102630287B1 (en) * 2020-12-14 2024-01-30 주식회사 네오수텍 Smart card for creating virtual card number and virtual card number decryption apparatus
KR102502339B1 (en) * 2021-03-04 2023-02-23 주식회사 센스톤 Terminal, card device and method for generating virtual security code based on card data using near field communication
US20220400107A1 (en) * 2021-06-15 2022-12-15 Capital One Services, Llc Modifying a document object of a graphical user interface to present a temporary credential

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100125516A1 (en) * 2008-11-14 2010-05-20 Wankmueller John R Methods and systems for secure mobile device initiated payments
US20130320081A1 (en) * 2012-05-29 2013-12-05 Protean Payment, Inc. Payment card and methods
US20150134540A1 (en) * 2012-04-16 2015-05-14 Salt Technology, Inc. Systems and methods for facilitating a transaction using a virtual card on a mobile device
US20150161591A1 (en) * 2013-09-11 2015-06-11 Chien-Kang Yang Mobile payment method and mobile payment apparatus
US20160042343A1 (en) * 2013-04-30 2016-02-11 Rakuten, Inc. Information processing apparatus, information processing method and information processing program
US20170286946A1 (en) * 2016-03-29 2017-10-05 Lenovo (Beijing) Limited Method, apparatus and computer program product for virtual card payment
US20180018654A1 (en) * 2016-07-15 2018-01-18 Mike Miskin Portable electronic payment security devices, systems and methods
US9916529B1 (en) * 2016-11-03 2018-03-13 Gotrust Technology Inc. Multifunctional touch smart card

Family Cites Families (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4802218A (en) * 1986-11-26 1989-01-31 Wright Technologies, L.P. Automated transaction system
JPH04220030A (en) * 1990-12-19 1992-08-11 Alpine Electron Inc Data communication system
JP3319230B2 (en) * 1994-08-05 2002-08-26 株式会社デンソー Remote control device
CA2193846C (en) * 1995-05-17 2004-02-17 Bradford L. Farris Rolling code security system
US6049289A (en) * 1996-09-06 2000-04-11 Overhead Door Corporation Remote controlled garage door opening system
US6000832A (en) * 1997-09-24 1999-12-14 Microsoft Corporation Electronic online commerce card with customer generated transaction proxy number for online transactions
US7136995B1 (en) * 2000-11-03 2006-11-14 Enova Technology Corporation Cryptographic device
JP4616510B2 (en) * 2001-05-17 2011-01-19 株式会社リコー Electronic commerce method, payment agent method, disposable postpaid method information issuance method, and payment request method
JP2002298055A (en) * 2001-03-29 2002-10-11 Oki Electric Ind Co Ltd Electronic commerce system
US7917585B2 (en) * 2001-06-21 2011-03-29 Cybersoft, Inc. Apparatus, methods and articles of manufacture for intercepting, examining and controlling code, data and files and their transfer
US7383432B1 (en) * 2001-07-09 2008-06-03 Advanced Micro Devices, Inc. Software modem with hidden authentication commands
US7363494B2 (en) * 2001-12-04 2008-04-22 Rsa Security Inc. Method and apparatus for performing enhanced time-based authentication
AU2003293125A1 (en) * 2002-11-27 2004-06-23 Rsa Security Inc Identity authentication system and method
NO20050152D0 (en) * 2005-01-11 2005-01-11 Dnb Nor Bank Asa Method of generating security code and programmable device therefor
US7786843B2 (en) * 2005-04-19 2010-08-31 Johnson Controls Technology Company System and method for training a trainable transmitter and a remote control system receiver
US8091128B2 (en) 2006-09-14 2012-01-03 Ntt Docomo, Inc. Information flow enforcement for RISC-style assembly code in the presence of timing-related covert channels and multi-threading
JP4869963B2 (en) * 2007-01-29 2012-02-08 オリンパス株式会社 Imaging system
JP5147258B2 (en) * 2007-02-21 2013-02-20 株式会社野村総合研究所 Settlement system and settlement method
US8181259B2 (en) * 2007-03-23 2012-05-15 Universal Electronics Inc. System and method for upgrading the functionality of a controlling device via a secure portable adapter device
US8494959B2 (en) * 2007-08-17 2013-07-23 Emc Corporation Payment card with dynamic account number
US8065715B2 (en) * 2008-01-31 2011-11-22 Microsoft Corporation Authenticating a user of a wireless data processing device
CN101299662B (en) * 2008-06-23 2012-05-09 山东大学 Time-varying ciphering communication method based on GNSS
KR100992797B1 (en) * 2008-10-15 2010-11-08 주식회사 아레오네트웍스 IC Card with Wireless Communication Application
JP4932867B2 (en) * 2009-03-30 2012-05-16 京楽産業.株式会社 Electronic device, main control board, peripheral board, authentication method and authentication program
KR101132056B1 (en) * 2009-06-15 2012-04-02 에스케이플래닛 주식회사 Management system and management method for international integration electronic money
JP5458184B2 (en) * 2009-10-08 2014-04-02 イルデト カナダ コーポレーション System and method for aggressive automatic correction in a dynamic function call system
KR101051420B1 (en) 2010-06-29 2011-07-22 (주)에이티솔루션 Secure one time password generating apparatus and method
US10032163B2 (en) * 2010-12-02 2018-07-24 B & H Worldwide, Llc Processing a financial transaction using single-use financial account card number via portable communication device
JP5400097B2 (en) * 2011-06-30 2014-01-29 楽天株式会社 Credit card information processing system, credit card information processing method, order information receiving apparatus, credit card settlement apparatus, program, and information recording medium
KR101413110B1 (en) * 2012-05-23 2014-07-02 주식회사 비즈모델라인 Method for Processing Financial Transaction by using Token Code
KR101666032B1 (en) * 2012-05-31 2016-10-14 한국전자통신연구원 Method and apparatus for supporting virtualization of loadable module
WO2014020820A1 (en) * 2012-07-31 2014-02-06 パナソニック株式会社 Mark reading device and mark reading method
KR20120102565A (en) * 2012-09-04 2012-09-18 주식회사 비즈모델라인 Method for certificating payment by using dynamic created code
KR101316466B1 (en) 2012-11-20 2013-10-08 신한카드 주식회사 Mobile transaction system using dynamic track 2 data and method using the same
KR101330943B1 (en) * 2012-12-10 2013-11-26 신한카드 주식회사 Transaction method using one time card information
KR101354388B1 (en) * 2012-12-12 2014-01-23 신한카드 주식회사 Generating method for one time code
KR20140097832A (en) * 2013-01-30 2014-08-07 주식회사 케이티 Device of generating and terminating a virtual card transferred to a physical card
KR101557895B1 (en) * 2013-02-15 2015-10-19 류창화 Payment method based on safety payment code and safe payment agency server for the same method
KR101480034B1 (en) * 2013-02-22 2015-01-08 농협은행(주) Method for providing financial service using qr security code
KR101499535B1 (en) * 2013-05-29 2015-03-06 주식회사 엘지씨엔에스 Computer-executable hybrid application performing method, coumputer-excutable device and storage media performing the same
KR20150020927A (en) * 2013-08-19 2015-02-27 김창훈 Card payment system and method using mobile communication terminal
KR101339723B1 (en) 2013-08-19 2013-12-10 주식회사 벨소프트 Text message security system and method for prevention of identity theft and smishing
JP2015061261A (en) * 2013-09-20 2015-03-30 アプリックスIpホールディングス株式会社 Transmission/reception system, transmission device, reception device, and control method and program in the same
US20150142657A1 (en) * 2013-11-21 2015-05-21 Mastercard International Incorporated Linking physical card to virtual card account method and apparatus
KR102193696B1 (en) * 2013-12-05 2020-12-22 주식회사 비즈모델라인 Method for Providing Safety Login based on One Time Code by using User’s Card
US9652770B1 (en) * 2014-04-30 2017-05-16 Wells Fargo Bank, N.A. Mobile wallet using tokenized card systems and methods
KR101621254B1 (en) * 2014-08-27 2016-05-31 유한회사 실릭스 Payment method, computer readable recording medium and system using virtual number based on otp
KR102334894B1 (en) * 2014-12-24 2021-12-03 십일번가 주식회사 Apparatus for authentication and payment based on web, method for authentication and payment based on web, system for authentication and payment based on web and computer readable medium having computer program recorded thereon
US9979719B2 (en) 2015-01-06 2018-05-22 Duo Security, Inc. System and method for converting one-time passcodes to app-based authentication
KR101667193B1 (en) * 2015-04-02 2016-10-19 현대오토에버 주식회사 Method and system for providing payment service using one time card number
KR101760502B1 (en) * 2015-07-14 2017-07-21 김병수 Payment system and method using dynamic track 2
KR20170040469A (en) * 2015-10-05 2017-04-13 페이몬㈜ Smart card of OTP-based and authentication method using the same
KR101675927B1 (en) * 2015-10-08 2016-11-14 주식회사 지씨엠씨 Credid authorization terminal, payment managing server, payment managing method, payment terminal, payment terminal operating method and computer program for managing payment
KR101644568B1 (en) * 2015-10-15 2016-08-12 주식회사 한국엔에프씨 Mobile card payment system and method which performs payment between mobile communication terminals
CN108883357A (en) * 2015-11-16 2018-11-23 埃克森美孚上游研究公司 The method of sorbent material and absorption carbon dioxide
KR101751894B1 (en) 2015-12-29 2017-07-03 한국정보통신주식회사 Payment terminal and method for processing card payment using one-time card code
KR20160006646A (en) 2015-12-29 2016-01-19 주식회사 비즈모델라인 Method for Authenticating Non-Faced Transaction by using Near Field Communication Card for Generating One Time Password
CN105704149A (en) * 2016-03-24 2016-06-22 国网江苏省电力公司电力科学研究院 Safety protection method for power mobile application
EP3406067B1 (en) * 2016-04-28 2019-06-05 Serge Covain Electronic device for generating a control signal in a secured fashion and method for generating said control signal using the electronic device
US20180337925A1 (en) * 2017-05-17 2018-11-22 Bank Of America Corporation System for allowing secure access and use of a virtual credential
KR20170078563A (en) * 2017-06-15 2017-07-07 한국정보통신주식회사 Payment terminal and method for processing card payment using one-time card code
KR20170078564A (en) * 2017-06-15 2017-07-07 한국정보통신주식회사 Method for generating one-time card code, approving card payment, reader and server thereof
KR101978812B1 (en) * 2017-08-09 2019-05-15 주식회사 센스톤 System, method and program for providing financial transaction by vritual card number, vritual card number generator and vritual card number verification device
US10783516B2 (en) * 2018-04-11 2020-09-22 Capital One Services, Llc Systems and methods for automatically identifying a checkout webpage and injecting a virtual token
US11935044B2 (en) * 2018-08-09 2024-03-19 SSenStone Inc. System, method and program for providing financial transaction by virtual code, virtual code generator and virtual code verification device
KR102005549B1 (en) * 2018-08-09 2019-07-30 주식회사 센스톤 System, method and program for providing financial transaction by virtual code, vritual code generator and vritual code verification device
EP3654264A1 (en) * 2018-11-14 2020-05-20 Mastercard International Incorporated Credential management for mobile devices
CN111861451A (en) * 2019-04-25 2020-10-30 刘永乐 Offline transaction method, client device and POS (point of sale) machine

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100125516A1 (en) * 2008-11-14 2010-05-20 Wankmueller John R Methods and systems for secure mobile device initiated payments
US20150134540A1 (en) * 2012-04-16 2015-05-14 Salt Technology, Inc. Systems and methods for facilitating a transaction using a virtual card on a mobile device
US20130320081A1 (en) * 2012-05-29 2013-12-05 Protean Payment, Inc. Payment card and methods
US20160042343A1 (en) * 2013-04-30 2016-02-11 Rakuten, Inc. Information processing apparatus, information processing method and information processing program
US20150161591A1 (en) * 2013-09-11 2015-06-11 Chien-Kang Yang Mobile payment method and mobile payment apparatus
US20170286946A1 (en) * 2016-03-29 2017-10-05 Lenovo (Beijing) Limited Method, apparatus and computer program product for virtual card payment
US20180018654A1 (en) * 2016-07-15 2018-01-18 Mike Miskin Portable electronic payment security devices, systems and methods
US9916529B1 (en) * 2016-11-03 2018-03-13 Gotrust Technology Inc. Multifunctional touch smart card

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11188895B2 (en) * 2017-08-09 2021-11-30 SSenStone Inc. Virtual token-based settlement providing system, virtual token generation apparatus, virtual token verification server, virtual token-based settlement providing method, and virtual token-based settlement providing program
US11983704B2 (en) 2017-08-09 2024-05-14 SSenStone Inc. Virtual token-based settlement providing system, virtual token generation apparatus, virtual token verification server, virtual token-based settlement providing method, and virtual token-based settlement providing program

Also Published As

Publication number Publication date
US11842334B2 (en) 2023-12-12
EP4033436A1 (en) 2022-07-27
EP4033436B1 (en) 2023-09-27
JP6742455B2 (en) 2020-08-19
KR101978812B1 (en) 2019-05-15
KR20190016879A (en) 2019-02-19
KR102005495B1 (en) 2019-10-01
US20220138727A1 (en) 2022-05-05
KR102277199B1 (en) 2021-07-14
KR20190016878A (en) 2019-02-19
KR102355676B1 (en) 2022-02-08
KR20190139805A (en) 2019-12-18
KR20190016888A (en) 2019-02-19
KR20220098709A (en) 2022-07-12
KR102499624B1 (en) 2023-02-14
KR102308230B1 (en) 2021-10-01
US20200133215A1 (en) 2020-04-30
KR102518771B1 (en) 2023-04-07
KR102053910B1 (en) 2019-12-09
CN111095323A (en) 2020-05-01
KR20190016893A (en) 2019-02-19
KR20200038916A (en) 2020-04-14
KR101950904B1 (en) 2019-05-20
CN111095323B (en) 2024-05-10
US11775963B2 (en) 2023-10-03
US11250417B2 (en) 2022-02-15
EP3667593A2 (en) 2020-06-17
JP2021170398A (en) 2021-10-28
KR102073883B1 (en) 2020-03-02
JP6920385B2 (en) 2021-08-18
KR20190016880A (en) 2019-02-19
EP3644256A4 (en) 2020-07-01
KR20220016244A (en) 2022-02-08
KR20210090130A (en) 2021-07-19
SG10201806705SA (en) 2019-03-28
JP7187624B2 (en) 2022-12-12
KR20220035057A (en) 2022-03-21
KR102094815B1 (en) 2020-03-30
JP6931472B6 (en) 2021-10-20
KR20200016307A (en) 2020-02-14
EP3644257A1 (en) 2020-04-29
KR102005535B1 (en) 2019-07-30
KR20190019980A (en) 2019-02-27
US11188895B2 (en) 2021-11-30
JP2019091485A (en) 2019-06-13
US20200051070A1 (en) 2020-02-13
KR102417138B1 (en) 2022-07-05
KR102099974B1 (en) 2020-05-15
KR20190016890A (en) 2019-02-19
KR20190089820A (en) 2019-07-31
JP6931472B2 (en) 2021-09-08
SG10201900350UA (en) 2019-03-28
KR20190016884A (en) 2019-02-19
KR102370162B1 (en) 2022-03-04
EP3644257A4 (en) 2020-06-03
EP3667593A4 (en) 2020-06-17
US20230401567A1 (en) 2023-12-14
EP3644256A1 (en) 2020-04-29
JP2020530164A (en) 2020-10-15
KR102304333B1 (en) 2021-09-23
US20200202329A1 (en) 2020-06-25
KR20190055039A (en) 2019-05-22
KR102602310B1 (en) 2023-11-16
JP2020004436A (en) 2020-01-09
SG10201800375TA (en) 2019-03-28

Similar Documents

Publication Publication Date Title
US20200134610A1 (en) Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code
US10417542B2 (en) Mobile device with scannable image including dynamic data
CN109074582B (en) System and method for generating sub-tokens using a master token
JP6381833B2 (en) Authentication in the ubiquitous environment
RU2648944C2 (en) Methods, devices, and systems for secure provisioning, transmission and authentication of payment data
US11176536B2 (en) Token generating component
EP3499795A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
CN111742314B (en) Biometric sensor on portable device
CN113344570A (en) Method for transmitting and processing transaction message and data processing device
US9973926B2 (en) Secure multi-channel communication system and method
JP2019004475A (en) Authentication under ubiquitous environment
EP3576034A1 (en) Merchant transaction mirroring for personal point of sale (ppos) for card present e-commerce and in vehicle transaction
US11423403B2 (en) Systems, methods, and computer program products for authorizing a transaction
CN118103860A (en) Systems, methods, and computer program products for dynamic cryptographic communication
CN112352237A (en) System and method for authentication code entry
EP4002256A1 (en) Secure processing of payment transactions
Salman et al. Dynamic Offline TrustZone Virtual Credit Card Generator for Financial Transactions
CN113014400B (en) Secure authentication of users and mobile devices
Gabhane et al. Generation Of Two Level QR Code For Banking Systems
KR20230045875A (en) User authenitication system using real card and the method

Legal Events

Date Code Title Description
AS Assignment

Owner name: SSENSTONE INC., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:YOO, CHANG HUN;REEL/FRAME:051378/0638

Effective date: 20190620

STPP Information on status: patent application and granting procedure in general

Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION