Electronic Commerce System and Method using Credit Card
BACKGROUND OF THE INVENTION
(a) Field of the Invention
The present invention relates to an electronic commerce (EC)
system and method. More specifically, the present invention relates to an EC
system and method using a credit card for preventing credit card information
from being accessible to others during EC.
(b) Description of the Related Art
With the advent of the information age, the world has gradually come
to depend on network communication, and computer-based technologies for
network communication have a great influence on accessing, storing and
distributing information. Representative of these technologies is EC for
executing financial transactions by exchanges of electronic information on
the network.
FIG. 1 shows a general EC system.
As shown, when a consumer manipulates a user computer 10 and
transmits an order to a shopping mall merchant server 20 through the
Internet or VAN, the shopping mall merchant server 20 requests an
authentication of the corresponding buyer's payment method from an
authentication authority 30, and a payment gate 40 refers to an
authentication database secured by a banking agency 50 such as a bank, a
credit card company or an advance payment card company that issues the
payment method, and approves the corresponding transaction.
In this EC system, electronic money is used as a payment method,
and it is categorized as integrated circuit (IC) card-type electronic money for
inputting price information to a chargeable IC chip attached to the card, and
network-type electronic money storing the price information in a user's hard
disk drive.
However, in this kind of EC, the messages transmitted and received
on an open network such as the Internet may be illegally stolen or altered,
and accordingly, security problems such as the payer's privacy violation and
financial loss are becoming obstacles to EC, and hence, a more secure and
effective system is needed to activate EC.
In general, conventional Internet payment systems require users to
input bank accounts or passwords into a predetermined on-line form in the
case of bank account transfers, to input IDs and passwords into a
predetermined on-line form in the case of advance payment cards, and to
input personal credit information such as a credit card number and a validity
period in the case of credit cards.
However, the above-noted input methods may expose personal
information on the network or enable the credit information or bank
information to be hacked by careless management or crackers, thereby
becoming an obstacle to developments of conventional EC.
In particular, since a malicious hacker or cracker who uses a hacking
tool such as Back Orifice can hack all contents input by an ordinary user
through a keyboard, it is very dangerous for the user to input personal
information at a public place such as an office.
Also, it is burdensome and complicated for the user to input various
data and be authenticated.
SUMMARY OF THE INVENTION
It is an object of the present invention to provide an EC system using
a credit card for executing EC using a temporary credit card number and
validity period information.
It is another object of the present invention to provide an EC method
using the credit card.
In one aspect of the present invention, an EC system comprising a
shopping mall server and a credit card company's server comprises: an
authentication server for checking authentication states of a credit card; at
least one user PC of a client for executing electronic transactions using the
credit card; and a temporary credit card number generation server for
randomly generating a temporary credit card number when the user PC that
uses the authenticated credit card requests a temporary credit card number,
and providing the user PC with the generated temporary credit card number
and a lifetime of the corresponding temporary credit card number.
In another aspect of the present invention, an EC method using a
credit card comprises: switching a generation of the temporary credit card
number into a standby state in the case of a user who is authenticated to be
an actual holder of the credit card; and providing the user with the temporary
credit card number and a validity period when the user accesses a
predetermined shopping mall server and selects a credit card using
settlement method from among at least one settlement method, and a
screen for inputting the temporary credit card number and the validity period
is displayed to request the temporary credit card number and the validity
period.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are incorporated in and
constitute a part of the specification, illustrate an embodiment of the
invention, and, together with the description, serve to explain the principles
of the invention:
FIG. 1 shows a general EC system;
FIG. 2 shows, an EC system using a credit card according to a
preferred embodiment of the present invention;
FIG. 3 shows a flowchart of an EC system using a credit card
according to a preferred embodiment of the present invention;
FIG. 4 shows a flowchart of an operation of a user personal
computer (PC) according to a preferred embodiment of the present
invention; and
FIG. 5 shows a flowchart of an operation of a temporary credit card
number generation server according to a preferred embodiment of the
present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
In the following detailed description, only the preferred embodiment
of the invention has been shown and described, simply by way of illustration
of the best mode contemplated by the inventor(s) of carrying out the
invention. As will be realized, the invention is capable of modification in
various obvious respects, all without departing from the invention.
Accordingly, the drawings and description are to be regarded as illustrative in
nature, and not restrictive.
FIG. 2 shows an EC system using a credit card according to a
preferred embodiment of the present invention.
As shown, the EC system using a credit card comprises a client
system 100, an authentication server 200, a temporary credit card number
generation server 300, a shopping mall server 400 and a credit card
company's server 500.
The client system 100 comprises a user PC 110 capable of
accessing the Internet, a wire telephone 120 and a mobile communication
terminal 130. The client system 100 receives an authentication on whether a
credit card holder is a registered card holder from the authentication server
200, receives a temporary credit card number and a validity period for an
actual credit card number and a validity period, and performs EC through
them. For example, the user may type the credit card number used off line to
be authenticated by the authentication server 200, or may install a credit
card to be used on line in the user PC 110 to provide a credit card number
and a validity period stored by a predetermined key method to the
authentication server 200 and be authenticated. The credit card according to
the preferred embodiment of the present invention includes a direct-payment
type, advance-payment type, deferred-payment type and other types of
credit cards.
The authentication server 200 comprises a member database, and
when a credit card authentication is requested from the user PC 110, the
authentication server 200 performs an authentication according to member
information stored in the member database, and when the user PC 110 is
found to be an authenticated one, the authentication server 200 connects the
user PC 110 with the temporary credit card number generation server 300 on
the network.
The temporary credit card number generation server 300 comprises
a temporary credit card number generator 310 and a lifetime generator 320,
and when a request for a temporary credit card number and a validity period
is input from the authenticated user PC 1 10, the temporary credit card
number generation server 300 generates a temporary credit card number
and a validity period and provides them to the user PC 1 10 and the credit
card company's server 500.
In detail, the temporary credit card number generator 310 randomly
generates the temporary credit card number and the validity period, and
provides them to the user PC 1 10 and the credit card company's server 500,
and the lifetime generator 320 generates a lifetime of the temporary credit
card number and provides it to the user PC 1 10 and the credit card
company's server 500 through a predetermined path such as a wire or
wireless network set by the user.
When an order is provided by the user PC 1 10, the shopping mall
server 400 provides a settlement platform to the user PC 1 10, and inquires
of the credit card company's server 500 to check validity of the credit card
number and the validity period provided to the platform, and when they are
found to be valid, the shopping mall server provides an approval message of
the corresponding transaction to the user PC 1 10.
When a message for checking the validity of the credit card number
and the validity period is input from the shopping mall server, the credit card
company's server 500 checks their validity and provides a transaction-
valid/invalid message to the shopping mall server 400. In this instance, when
notified of the temporary credit card number, the validity period and the
lifetime from the temporary credit card number generation server 300, the
credit card company's server 500 stores them, and when a validity checking
message is input from the shopping mall server 400, the credit card
company's server 500 checks the lifetime and the corresponding temporary
credit card number and the validity period. Also, when another validity
checking message is input, the credit card company's server 500 checks the
validity of the corresponding information of the temporary credit card number
generation server 300, outputs information from the temporary credit card
number generation server 300, and provides information responsive to the
temporary credit card number generation server 300 to the shopping mall
server 400.
FIG. 3 shows a flowchart of an EC system using a credit card
according to a preferred embodiment of the present invention.
Referring to FIGs. 2 and 3, when the user PC 1 10 requests an
authentication from the authentication server 200, the authentication server
200 checks whether the credit card holder is a registered card holder, and
when the credit card holder is found to be a registered card holder, the
authentication server 200 transmits an authentication message to the user
PC 1 10, and establishes the temporary card number generation server 300
to be in the standby mode.
The user PC 1 10 authenticated by the authentication server 200
accesses the shopping mall server 400 and surfs so as to make a purchase,
and when the user PC finds a desired purchase, the user PC 1 10 informs of
a buying intention, optionally together with a settlement method.
When receiving the buying intention, the shopping mall server 400
provides a platform (commonly used in the Internet EC) for inputting a credit
card number and a validity period to the user PC 1 10.
Upon receipt of the platform, the user PC 1 10 requests a temporary
credit card number and a validity period from the temporary credit card
number generation server 300. In this instance, the user may provide a
receipt route to the temporary credit card number generation server 300
together with the above-noted information. For example, the user may
establish a route for receiving the information in a voice message format
through the wire telephone 120 on the public switched telephone network
(PSTN), or set another route for receiving it in a voice or short message (SM)
format through the mobile communication terminal 130 on the mobile
communication network so as to request the temporary credit card number
and the validity period from the temporary credit card number generation
server 300. The reason for setting the receipt route in the above-mentioned
manner is to prevent a problem that the temporary credit card number may
be exposed to a third person when the user is away from the user PC.
When receiving the request for the temporary credit card number
and the validity period, the temporary credit card number generation server
300 generates a temporary credit card number and a lifetime and provides
them to the user PC 1 10 and the credit card company's server 500.
The user PC 1 10 inputs the temporary credit card number to the
platform provided by the shopping mall server 400 to transmit it to the
shopping mall server 400. In this instance, the user can type the temporary
credit card number and the validity period provided by the temporary credit
card number generation server 300 into the predetermined blanks of the
platform provided by the shopping mall server 400 one by one, or drag and
drop them on the blanks.
Also, since the temporary credit card number and the validity period
has a form identical with that of the actual temporary credit card number and
the validity period, the conventional EC system and its format can be used
as they are.
The shopping mall server 400 requests the credit card company's
server 500 to authenticate the corresponding temporary credit card number
and the validity period.
The credit card company's server 500 inquires of the temporary
credit card number generation server 300 the corresponding number's
validity, and the temporary credit card number generation server 300 asks
the user PC 1 10 to check the corresponding validity.
When determining that the corresponding temporary credit card
number and the validity period are correct, the user provides the
corresponding information's valid message to the credit card company's
server 500 through the temporary credit card number generation server 300.
The credit card company's server 500 provides a transaction-valid
message to the shopping mall server 400 according to the valid message
provided by the user, and the shopping mall server 400 provides a
transaction-approval message to the user PC 1 10.
If a temporary credit card invalid message is output from the user PC
1 10 and provided to the credit card company's server 500 through the
temporary credit card number generation server 300, the credit card
company's server 500 provides a transaction-invalid message to the
shopping mall server 400, and the shopping mall server 400 provides a
transaction-preventing message to the user PC 1 10 according to the
transaction-invalid message.
In the above, the credit card company's server 500 receives
temporary credit card numbers and lifetimes from the temporary credit card
number generation server 300, stores them and requests the temporary
credit card number generation server 300 to check the validity of the
corresponding information, and since the credit card company's server 500
has already received information on the temporary credit card numbers and
validity periods, the credit card company's server 500 may provide the
corresponding transaction's validity states to the shopping mall server 400
based on the received information.
An EC system using a credit card according to a preferred
embodiment of the present invention will now be described.
FIG. 4 shows a flowchart of an operation of the user PC according to
a preferred embodiment of the present invention.
Referring to FIGs. 2 to 4, when a user desires to execute an
electronic transaction using a credit card, the user's credit card registration is
authenticated in step S110.
When the credit card is authenticated as registered, the temporary
credit card number generator 310 is activated to be connected to the network
and maintains a standby mode in step S120, and the user accesses an on¬
line shopping mall to shop around in step S130.
When finding a desired product, the user performs a buying process
such as selecting a settlement method in step S140.
When a predetermined platform screen for inputting information such
as a credit card number and a validity period is provided by the shopping
mall server 400, the temporary credit card number. generation server 300 is
requested to provide a temporary credit card number and a validity period in
step S160. In this instance, the user can set the receipt route of information
such as the temporary credit card number and the validity period input
through the user PC 110. Also, the user PC 110 can previously set the
lifetime of the temporary credit card number and request it from the
temporary credit card number generation server 300.
A temporary credit card number and a validity period are input from
the temporary credit card number generation server 300 in step S170, and it
is checked whether an approval message of the corresponding transaction is
received in step S180.
When the transaction-approval message is received in the previous
step S180, the transaction is determined to be executed and is terminated,
but when the transaction approval message is not received, it returns to the
previous step S160. For example, when a transaction-preventing message is
input because of a reason such as an expiration of the lifetime of the
temporary credit card number, it goes back to the step S160 to again request
the temporary credit card number and the validity period and re-execute the
corresponding transaction.
FIG. 5 shows a flowchart of an operation of the temporary credit card
number generation server according to the preferred embodiment of the
present invention.
Referring to FIGs. 2, 3 and 5, it is checked whether the credit card
holder is a registered card-holder and is authenticated in step S210, and
when the holder is found to be authenticated, a connection standby state is
maintained in step S220.
It is checked whether the user PC 1 10 requests a temporary credit
card number and a validity period in step S230, and when the request is not
provided, it returns to the previous step S220, and when the request is input,
a temporary credit card number and a validity period are generated and
provided to the user and the corresponding credit card company's server
500 in step S240. Here, a route can be provided to the user PC using an on¬
line network according to the user's setting, or corresponding information
can be provided to the user PC via the wire or wireless telephone set by the
user.
When an approval request for checking the validity of the
corresponding credit card number and the validity period is input from the
credit card company's server 500, a message that an approval request of
the corresponding information is input is provided to the user PC 110 in step
S260, and approval states are transmitted to the credit card company's
server 500.
As described, since the temporary credit card number and the
validity period have a form identical with that of the actual temporary credit
card number and the validity period, the conventional EC system and its
format can be used as they are.
Also, since the temporary credit card numbers and the validity
periods have restricted usability such as a one- to five-minute lifespan after
its generation or one to five uses after its generation, even when they are
unwillingly exposed against the user's intention, corresponding probable
problems can be prevented. That is, since the actual credit card is not used
for EC, the actual credit card number and the actual validity period are not
exposed, and the actual settlement process is executed using the actual
credit card via mutual information exchange between the temporary credit
card number generation server and the credit card company's server.
While this invention has been described in connection with what is
presently considered to be the most practical and preferred embodiment, it is
to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications
and equivalent arrangements included within the spirit and scope of the appended claims.