KR101289545B1 - Method for Processing Payment of Electronic Cash by using Near Field Communication and Handheld Device - Google Patents

Abstract

The present invention provides a mobile terminal having a Near Field Communication (NFC) module and an electronic money medium, the electronic device being reflected on the electronic money medium through an NFC module activated by a user selecting the electronic money payment menu in the mobile terminal. Recognizing a payment device capable of processing money payment in a forward direction and agreeing a proximity communication channel connection unit for connecting a proximity communication channel and a one-time security key for converting the payment device and the proximity communication channel into a proximity security channel through the proximity communication channel. Proximity secure channel agreement unit and the NFC through the NFC module mutually recognizes the payment device in both directions by connecting the proximity security channel encrypted and decrypted through the agreed disposable security key and the payment through the proximity security channel Encrypting information about the value of electronic money to be reflected in the electronic money media from the device Electronic money payment authentication for authenticating whether the electronic device includes information about the value of electronic money to be reflected in the electronic money medium after decrypting the encrypted payment transaction information through the proximity transaction processing unit receiving the transaction information and the agreed one-time security key. And an electronic money settlement processing unit for subtracting the electronic money value of the electronic money medium through the authenticated electronic money value.

Description

Electronic money payment method using near field communication and a mobile terminal for the same {Method for Processing Payment of Electronic Cash by using Near Field Communication and Handheld Device}

An object of the present invention, in a mobile terminal having a Near Field Communication (NFC) module and an electronic money medium, is reflected on the electronic money medium through an NFC module activated by a user selecting the electronic money payment menu in the mobile terminal. A one-time security key for recognizing a payment device capable of processing electronic money payment to be forward and connecting a proximity communication channel and a one-time security key for converting the payment device and the proximity communication channel into a proximity security channel through the proximity communication channel. Proximity security channel through the agreement and the NFC module through the mutual recognition of the payment device in both directions through the proximity security channel connecting unit for connecting the proximity security channel that is encrypted and decrypted through the agreed disposable security key through the proximity security channel Encrypt information about the value of electronic money to be reflected in the electronic money medium from the payment device The electronic money payment authenticating that the proximity transaction processing unit for receiving the payment payment information and decrypted the encrypted payment transaction information through the agreed one-time security key and includes information about the electronic money value to be reflected on the electronic money media. A mobile terminal comprising an authentication unit and an electronic money settlement processing unit for subtracting the electronic money value of the electronic money medium through the authenticated electronic money value.

After having an NFC module for supporting proximity communication with an electronic money medium recording electronic money value in a portable terminal that can be connected to an open data network, such as a smart phone, the NFC using the electronic money value charged in the electronic money medium A service for providing a payment using a module may be provided. Security of payment using the NFC module as described above will be ensured by the SAM (Secure Application Module) provided in the payment device in close communication with the NFC module of the mobile terminal.

However, the SAM provides a security function only in the field of balancing the value of electronic money with respect to electronic money payment, and does not provide security functions to fields such as application services related to the electronic money payment, for example, coupon use. It has Of course, if the mobile terminal equipped with the NFC module is used only for simple payment purposes, such as a conventional NFC card, the SAM alone has a sufficient security function, but has a difficult problem to provide a payment related service that the SAM does not provide.

An object of the present invention, in a mobile terminal having a Near Field Communication (NFC) module and an electronic money medium, is reflected on the electronic money medium through an NFC module activated by a user selecting the electronic money payment menu in the mobile terminal. A one-time security key for recognizing a payment device capable of processing electronic money payment to be forward and connecting a proximity communication channel and a one-time security key for converting the payment device and the proximity communication channel into a proximity security channel through the proximity communication channel. Proximity security channel through the agreement and the NFC module through the mutual recognition of the payment device in both directions through the proximity security channel connecting unit for connecting the proximity security channel that is encrypted and decrypted through the agreed disposable security key through the proximity security channel Encrypt information about the value of electronic money to be reflected in the electronic money medium from the payment device The electronic money payment authenticating that the proximity transaction processing unit for receiving the payment payment information and decrypted the encrypted payment transaction information through the agreed one-time security key and includes information about the electronic money value to be reflected on the electronic money media. According to an aspect of the present invention, there is provided a mobile terminal including an authentication unit and an electronic money settlement processing unit that subtracts the electronic money value of the electronic money medium through the authenticated electronic money value.

The mobile terminal according to the present invention, in a mobile terminal having a NFC (Near Field Communication) module and an electronic money medium, the electronic money medium through an NFC module activated by the user selects the electronic money payment menu in the mobile terminal. A one-time security for recognizing a payment device capable of processing electronic money payment to be reflected in the forward direction and converting the payment device and the proximity communication channel into a proximity security channel through the proximity communication channel connection unit connecting the proximity communication channel and the proximity communication channel. Proximity security channel consensus unit for agreeing a key and the proximity security channel through the NFC module and mutually recognizes the proximity security channel connection unit for connecting the proximity security channel that is encrypted and decrypted through the agreed disposable security key and the proximity security channel The electronic money value to be reflected in the electronic money medium from the payment device through An electronic transaction that verifies that the electronic transaction value includes information about the value of the electronic money to be reflected in the electronic money medium after decrypting the encrypted payment transaction information through the proximity transaction processing unit that receives the payment transaction information encrypted with the security information and the agreed one-time security key. And a electronic money payment processing unit for subtracting the electronic money value of the electronic money medium through the certified money payment authentication unit and the authenticated electronic money value.

In a mobile terminal according to the present invention, the mobile terminal further comprises a key generation unit for generating a public key and a private key, wherein the proximity secure channel agreement unit transmits the public key and terminal identification information to the payment device through the proximity communication channel. After receiving and decrypting the encrypted disposable security key through the public key from the payment device and obtaining and maintaining device identification information for automatically identifying the payment device, the device identification information connects the proximity communication channel. The method may be obtained by reading a proximity communication protocol or encrypted with the disposable security key and received from the payment device.

In the mobile terminal according to the present invention, the proximity secure channel agreement unit uses the public key and the terminal through a temporary key determined through device identification information (or a part of the device identification information) obtained in the process of connecting the proximity communication channel. Characterized by transmitting the identification information.

In the mobile terminal according to the present invention, after confirming the device identification information of the payment device connected to the proximity communication channel and receiving the device authentication information mapped with the device identification information from the authentication server through the data network connectable to the mobile terminal The apparatus further includes a device authentication information receiving unit, wherein the proximity security channel agreement unit exchanges the disposable security key according to a key agreement protocol previously agreed with the payment device by using the device authentication information as a key generation value. The terminal identification information for automatically identifying the mobile terminal and the electronic money medium is delivered, and the device identification information for automatically identifying the payment device is obtained and maintained.

In the portable terminal according to the present invention, the proximity security channel agreement unit is further configured to exchange the disposable security key with the payment device by using at least one of the terminal identification information and the device identification information as a key generation value. .

In the mobile terminal according to the present invention, the proximity transaction processing unit encrypts the coupon information through the one-time security key when the coupon information associated with the electronic money medium and available in the payment device is determined through a proximity security channel. After providing to the payment device receives payment transaction information that encrypts the information about the electronic money value including the payment amount discounted by the coupon information from the payment device through the proximity secure channel, or the coupon information is If it is not determined, the payment transaction information is encrypted from the payment device via the proximity secure channel by encrypting the information about the electronic money value including the payment amount allocated to the mobile terminal.

In the portable terminal according to the present invention, the processing result transmission unit for generating the result information for the electronic money payment to the payment device through the proximity security channel and the disposable security key when the electronic money payment is normally processed. It further comprises a proximity secure channel release unit for extinguishing.

Electronic money payment method according to the present invention, in the electronic money payment method using the near field communication of the mobile terminal having a NFC (Near Field Communication) module and the electronic money medium, the user selects the electronic money payment menu in the mobile terminal; Recognizing, in the forward direction, a payment device capable of processing electronic money payment to be reflected in the electronic money medium through an NFC module activated by the NFC module; and connecting the payment device and the proximity communication channel through the proximity communication channel. Agreeing a one-time security key for switching to a proximity security channel; connecting the proximity security channel encrypted and decrypted through the agreed one-time security key by mutually recognizing the payment device through the NFC module; The value of the electronic money to be reflected in the electronic money medium from the payment device through a secure channel Receiving payment transaction information encrypted with the security information and verifying that the information includes the information about the electronic money value to be reflected on the electronic money medium after decrypting the encrypted payment transaction information through the agreed one-time security key; and And subtracting the electronic money value of the electronic money medium through the authenticated electronic money value.

According to the present invention, a mobile terminal having an NFC module and an electronic money medium closes to a payment device without using a separate physical security module, and safely and conveniently the electronic money value charged in the electronic money medium. There is an advantage in providing monetary settlement.

1 is a diagram illustrating a configuration of an electronic money payment system using proximity communication according to the present invention.
2 is a diagram illustrating a payment device function configuration according to an embodiment of the present invention.
3 is a diagram illustrating a mobile terminal function configuration according to an embodiment of the present invention.
4 is a diagram illustrating a process of contiguous secure channel agreement according to an embodiment of the present invention.
5 is a diagram illustrating a process of contiguous secure channel agreement according to another embodiment of the present invention.
6 is a diagram illustrating an electronic money settlement process using proximity communication according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram illustrating the configuration of an electronic money payment system using proximity communication according to the present invention.

In more detail, FIG. 1 illustrates a system configuration for processing electronic money payment through Near Field Communication (NFC) between a mobile terminal 300 having an electronic money medium 310 and a payment device 200. As those skilled in the art to which the present invention pertains, various methods of implementing the electronic money payment system (e.g., some components may be omitted or subdivided) by referring to and / or modifying the drawing of FIG. Or combined implementation method), but the present invention includes all the implementation methods inferred above, and the technical features are not limited to the implementation method shown in FIG.

Electronic money payment system of the present invention, the NFC terminal 315 and the electronic money medium 310 is provided with a portable terminal 300, and the NFC module 315 of the mobile terminal 300 can be connected to a close communication channel. It consists of a payment device 200 having an NFC module 205, the portable terminal 300 is equipped with an application including the application function shown in Figure 3, the payment device 200 is an electronic money system The electronic money value of the electronic money value provided in the electronic money medium 310 is settled.

The mobile terminal 300 is a generic term for a user portable terminal having an NFC module 315 and an electronic money medium 310, and may preferably include a smartphone, a mobile phone, a tablet PC, a PDA, and an NFC device. have.

According to the present invention, the application of the mobile terminal 300 and the program module of the payment device 200 connects the proximity communication channel through the NFC module 315, and through the key exchange channel including the connected proximity communication channel. By agreeing a one-time security key, the proximity communication channel is switched to a proximity security channel, and the proximity security channel is the mobile terminal 300 and the payment device in the proximity wireless section between the mobile terminal 300 and the payment device 200. The 200 recognizes each other to form an end-to-end proximity secure channel that blocks the RF dump.

According to the first secure channel consensus method of the present invention, the application of the mobile terminal 300 recognizes the payment device 200 in the forward direction to form the end-to-end proximity secure channel, the recognized payment device ( The public key and the private key for exchanging the disposable security key with the 200) are generated in the mobile terminal 300, and the public key is distributed so that the public key can be identified only by the payment device 200 recognized in the forward direction. By doing so, the RF dump device except for the mobile terminal 300 and the payment device 200 cannot access the proximity secure channel.

According to the second secure channel consensus method of the present invention, in order to form the end-to-end proximity secure channel, the payment device 200 registers the device identification information identifying itself with the authentication server 100 on the communication network, and then the authentication. The device authentication information assigned to the server 100 may be downloaded from the server 100, and the authentication server 100 maps and maintains the device identification information and the device authentication information. In the state where the device identification information and the device authentication information of the payment device 200 are mapped to the authentication server 100, the mobile terminal 300 checks in the process of connecting the proximity device with the payment device 200. By transmitting the device identification information of the payment device 200 to the authentication server 100 can receive the device authentication information assigned to the payment device 200 from the authentication server 100, the received device authentication information Using as a key generation value it is possible to agree the one-time security key without the exchange of the one-time security key through the proximity communication channel with the payment device 200. Such a proximity security channel, in addition to the proximity communication channel using the NFC module 315 through the data network connected to the mobile terminal 300 to agree the one-time security key, of course, the agreed one-time security key is the NFC module ( Since it is not transmitted / received through the proximity communication channel using 315, the RF dump device except for the mobile terminal 300 and the payment device 200 may not access the proximity security channel.

2 is a diagram illustrating a functional configuration of a payment device 200 according to an embodiment of the present invention.

In more detail, FIG. 2 illustrates a program module function configuration of a payment device 200 that processes electronic money payment through the value of electronic money provided in the mobile terminal 300 through proximity communication (NFC). Those skilled in the art will be able to infer various implementation methods for the function of the payment device 200 by referring to and / or modifying the drawing 2, but the present invention is all inferred It is made, including the implementation method, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 2, the payment device 200 includes a control unit 201, a memory unit 207, a screen output unit 203, a key input unit 204, a communication processing unit 206, an NFC module 205, and the like. Security application module 208 and a power supply for supplying power.

The control unit 201 is a generic term for a configuration for controlling the operation of the payment device 200, and includes at least one processor and an execution memory, and each of the components and the bus provided in the payment device 200 may include: BUS). According to the present invention, the control unit 201 loads and computes at least one program code included in the payment device 200 through the processor into the execution memory, and calculates at least one result through the bus. By transmitting to the negative control the operation of the payment device 200. Hereinafter, for convenience, a functional component of a program module for processing electronic money payment through the value of electronic money provided in the mobile terminal 300 through NFC is illustrated in the control unit 201 of FIG. 2. Let's do it.

The memory unit 207 is a generic term for a nonvolatile memory included in the payment device 200 and includes at least one program code executed through the control unit 201 and at least one data set used by the program code. Program code and data sets for storing and maintaining the present invention are also stored in the memory unit 207.

The screen output unit 203 includes a screen output device (for example, a liquid crystal display (LCD) device) and an output module for driving the same, and is connected to the control unit 201 by a bus to perform various operations of the control unit 201. The calculation result corresponding to the screen output is output to the screen output device.

The key input unit 204 is composed of a key input device (or a touch screen device interlocked with the screen output unit 203) having at least one key button and an input module for driving the key input device. Connected by a bus to input a command to command the various operations of the control unit 201, or input data required for the operation of the control unit 201.

The card reader unit 202 is an MS reader interface for an MS (Magnetic Stripe) card based on the ISO / IEC 7810 standard, a contact type interface for interfacing a contact IC (Integrated Circuit) card based on the ISO / IEC 7816 standard The IC reader unit includes a contactless IC reader unit for interfacing a contactless IC card based on the ISO / IEC 14443 standard.

* The communication processing unit 206 is a generic term for a communication configuration for connecting the payment device 200 to a communication network, and includes a network interface card (NIC) according to a location where the payment device 200 is installed, or a communication modem. It may include, and may include a communication module for connecting to the wireless network according to the intention of the skilled person.

The NFC module 205 is a communication module for transmitting data between terminals at a close distance of about 10 cm according to a non-contact short range wireless communication standard using the 13.56 Mz frequency band of the ISO 18000 series wireless communication standard. Connect the NFC module 205 and the adjacent communication channel. According to the embodiment, the NFC module 205 may be integrally implemented with the contactless IC reader of the card reader 202. According to the embodiment of the present invention, the NFC module 205 may be implemented in the form of an NFC chip having a processor and a memory.

The secure application module (SAM) 208 is a confidentiality (Authentication), Integrity and Nonrepudiation required for the electronic payment or electronic payment process of the payment device (200) A general term for a module that controls and manages security requirements of the payment device 200 internally, storing and maintaining various key values, control protocols, and commands, and using the key values and commands according to the control protocol. Control electronic payment or electronic payment of the payment device 200. The security application module 208 is manufactured in the form of an IC chip mounted on a PCB, a custom semiconductor, or a SIM type inserted into a SIM slot. According to the embodiment of the present invention, the security application module 208 stores and maintains various key values, control protocols and commands for processing electronic money settlement, and the security application module 208 according to the intention of those skilled in the art. It can be omitted.

According to the present invention, the payment device 200 reads the card information from the at least one card of the MS card, contact IC card, contactless IC card through the card reader unit 202 to the screen output unit 203. And a payment device operating module 210 for processing payment by default, and the program module of the present invention is included in the payment device operating module 210 or in the form of a program interworking with the payment device operating module 210. Is implemented.

Referring to FIG. 2, the program module of the payment device 200 is in proximity to the one or more mobile terminals 300 based on the recognition of the forward payment device 200 of the mobile terminal 300 through the NFC module 205. N having a proximity communication channel connection unit 215 for connecting a communication channel and an electronic money medium 310 capable of payment by dividing a payment amount among one or more target devices capable of connecting a proximity communication channel through the NFC module 205. An electronic money medium recognition unit 220 for recognizing (N≥1) portable terminals 300 is provided.

When the user operates the mobile terminal 300 to activate the NFC module 315, the mobile terminal 300 is provided in the mobile terminal 300 of one or more target devices that can communicate through the NFC module 315 Recognizing any one payment device 200 capable of processing electronic money transactions to be reflected in the electronic money medium 310 in the forward direction and requests the proximity communication channel, the proximity communication channel connection unit 215 is the portable terminal 300 Accept the recognition of the forward payment device 200 through the NFC module 205 of the) connects the mobile terminal 300 and the proximity communication channel. In this case, the mobile terminal 300 recognizes the payment device 200 in the forward direction, so that the application is the subject and the target device to which the proximity communication channel is connected by selecting the payment mode of the application as the payment mode. Means.

The proximity communication channel connector 215 connects a proximity communication channel with one or more target devices including the NFC module 205 within a designated time, and the target device to which the proximity communication channel is connected recognizes the forward payment device 200. One or more adjacent communication channels that are accepted and connected are included. The electronic money medium recognition unit 220 recognizes N mobile terminals 300 including the electronic money medium 310 that can divide and settle a payment amount among one or more target devices connected to the proximity communication channel.

Referring to FIG. 2, the program module of the payment apparatus 200 may include n (1 ≦ n) corresponding to the electronic money medium 310 to be divided and settled among the recognized N mobile terminals 300. Payment target medium determination unit 225 for determining ≤N) payment target mobile terminals 300 and payment amount division allocation for allocating n divided amounts obtained by dividing the payment amount to the n portable terminals 300 The portion 230 and the divided amount of the mobile terminal 300 having at least one coupon available among the n mobile terminals 300 are selectively discounted according to the discount rate of the coupon to individually divide the mobile terminal 300. An individual payment amount determination unit 245 for calculating a payment amount and determining the payment amount of the mobile terminal 300 by maintaining the divided amount of the mobile terminal 300 without the coupon as it is, and the n portable devices. Electronic money of the electronic money medium 310 provided in the terminal 300 The individual payment amount payment unit 250 is provided to process the payment of the individual payment amount for each of the mobile terminal 300 determined through, and, if the SAM is provided in the payment device 200, the individual payment amount payment unit ( 250 provides an individual payment amount to the n mobile terminals 300 according to the SAM electronic money payment protocol to balance the electronic money values provided in the n electronic money media 310.

The payment target medium determination unit 225 divides the payment amount determined by the payment device operation module 210 among the N mobile terminals 300 recognized by the electronic money medium recognition unit 220 to make payment. Determine n payment target mobile terminals 300 corresponding to the currency medium 310, and the payment amount division allocating unit 230 divides the payment amount and assigns n payment terminals to the n mobile terminals 300. The divided amount is calculated, and the calculated n divided amounts are allocated to each of the mobile terminals 300. For example, if the payment amount is 100,000 won and n = 5, each of the five mobile terminals 300 may be allocated a divided amount of 20,000 won. Or the customer is to pay the payment amount is 100,000 won and the payment amount divided by the n = 4 through the payment means (for example, cash, credit card, etc.) other than the electronic money of the mobile terminal 300 1 In the case of four persons, each of the four mobile terminals 300 may be allocated a divided amount of 20,000 won and the other payment means may be allocated a divided amount of 20,000 won.

When the divided amount is allocated to the n portable terminals 300, the individual payment amount determining unit 245 uses the payment among the n portable terminals 300 through the proximity communication through the NFC module 205. N '(0≤n'≤n) discount target mobile terminals 300 having at least one coupon available, and n' coupon information available for the payment from the n 'portable terminals 300 Check it. When the n 'coupon information is confirmed, the individual payment amount determining unit 245 selectively selects the divided amount allocated to the n' mobile terminals 300 according to a discount rate corresponding to the n 'coupon information. By discounting, the n mobile terminals 300 calculate n 'individual payment amounts to be paid individually.

On the other hand, when the (n-n ') of the mobile terminal 300 that does not have a coupon available for the payment of the n mobile terminal 300 through the proximity communication is confirmed, the individual payment amount determination unit 245 Is determined as an individual payment amount of the mobile terminal 300 by maintaining the divided amount of the mobile terminal 300 having no coupon as it is.

When the individual payment amount for the n mobile terminals 300 is determined, the individual payment amount payment unit 250 is determined through the electronic money value of the electronic money medium 310 provided in the n mobile terminals 300. The payment of the individual payment amount for each of the determined mobile terminals 300 is processed, whereby the electronic money values included in the electronic money media 310 of the n mobile terminals 300 are balanced and deducted by the respective payment amounts. .

On the other hand, when the security application module 208 (SAM) is provided in the payment device 200, the individual payment amount payment unit 250 is n portable terminals according to the electronic money payment protocol of the security application module 208 An individual payment amount may be provided to 300 to balance electronic money values provided in the n electronic money media 310.

Referring to FIG. 2, the program module of the payment device 200 includes the n portable terminals through a key exchange channel including at least one communication using a proximity communication channel connected to the n portable terminals 300. 300 and the one-time security key is exchanged and the device identification information for automatically identifying the payment device 200 to the n mobile terminals 300, and the electronic money medium 310 of the n mobile terminals (300) The n secure terminals 300 through the NFC module 205 based on the proximity secure channel agreement unit 235 for acquiring and maintaining the terminal identification information for automatically identifying the terminal, and on the basis of the terminal identification information and the device identification information. And a mutual security channel connection unit 240 for connecting the adjacent security channel that is encrypted and decrypted through the one-time security key by mutual recognition in both directions, and the individual payment amount determining unit 245 uses the one-time security key. Decrypt Identifies n '(0≤n'≤n) discount target mobile terminals 300 having at least one coupon through a proximity secure channel, and discounts n' according to the discount rates of the identified n 'coupons. Selecting and discounting the target divided amount to calculate the individual payment amount of the n 'mobile terminal 300, the individual payment amount payment unit 250 is n through a proximity security channel that is encrypted and decrypted through the one-time security key The individual payment amount is provided to the two mobile terminals 300 to balance the electronic money values provided in the n electronic money media 310.

In a state where the n number of mobile terminals 300 and the proximity communication channel are connected, the proximity secure channel agreement unit 235 exchanges a key including at least one communication using a proximity communication channel connected with the n number of mobile terminals 300. It exchanges the disposable security key with the portable terminal 300 through a channel, and transmits device identification information for automatically identifying the payment device 200 to the portable terminal 300 in the process of exchanging the disposable security key. At the same time, the terminal identification information for automatically identifying the electronic money medium 310 of the mobile terminal 300 is obtained and maintained while the electronic money payment is processed.

According to the first secure channel agreement method of the present invention, the proximity secure channel agreement unit 235 is a public key generated by the mobile terminal 300 through the NFC module 205 and the electronic money of the mobile terminal 300. Terminal identification information for automatically identifying the medium 310 is received. The public key and the terminal identification information may be encrypted and received through a temporary key generated through the device identification information (or a part of the device identification information) of the payment device 200, in which case the proximity secure channel agreement unit 235 ) May decrypt the encrypted public key and the terminal identification information by generating a temporary key according to the same key generation rule through the device identification information (or a part of the device identification information) assigned thereto.

When the public key and the terminal identification information are received (or decrypted), the proximity security channel agreement unit 235 generates a one-time security key while maintaining the received terminal identification information, and generates the one-time security key. Encrypted through the received public key and transmitted over the proximity communication channel.

According to the second secure channel agreement method of the present invention, the proximity secure channel agreement unit 235 maintains device authentication information assigned to itself in the authentication server 100, and uses the device authentication information as a key generation value. Exchange the disposable security key according to the key agreement protocol previously agreed with the mobile terminal 300 and transmit the device identification information for automatically identifying the payment device 200 to the mobile terminal 300 and the mobile terminal 300 ) Can obtain and maintain device identification information for automatically identifying the electronic money media 310. Here, the key agreement protocol is a protocol for agreeing the one-time security key without directly transmitting and receiving the one-time security key to be agreed through the proximity communication channel, and preferably, may include a Secure Remote Password (SRP) protocol. In this case, at least two pieces of information of the device authentication information, the terminal identification information, and the device identification information may be used as I-Value and B-Value of the SRP protocol.

The proximity security channel connection unit 240 is a portable terminal exchanged with the disposable security key through the NFC module 205 on the basis of the terminal identification information of the mobile terminal 300 and the device identification information of the payment device 200 ( Recognizing 300 in both directions and connecting the proximity security channel through which the information transmitted and received between the mobile terminal 300 and the payment device 200 is encrypted and decrypted through the disposable security key. Here, the mutual recognition of the mobile terminal 300 in both directions means that the payment device 200 recognizes the payment device 200 in which the disposable security key is exchanged through the terminal identification information, and simultaneously, the portable device. This means that the application of the terminal 300 recognizes the payment device 200 in which the disposable security key is exchanged through the device identification information.

When the proximity security channel is connected, the individual payment amount determining unit 245 is n '(0≤n'≤n) having at least one coupon through a proximity security channel that is encrypted and decrypted through the disposable security key. Identify the discount target mobile terminals 300 and select and discount the n 'discount target divided amounts according to the confirmed discount rates of the n' coupons to calculate individual payment amounts of the n 'portable terminals 300. . Of course, the individual payment amount of the (n-n ') portable terminals 300 for which the coupon is not confirmed may use the divided amount allocated by the payment amount division allocating unit 230 as it is.

In addition, when the proximity security channel is connected, the individual payment amount payment unit 250 provides an individual payment amount to n mobile terminals 300 through the proximity security channel that is encrypted and decrypted through the one-time security key, n number of The electronic money value provided in the electronic money medium 310 is balanced.

Referring to FIG. 2, the program module of the payment device 200 includes a processing result receiving unit 255 for receiving balancing result information from the mobile terminal 300 through the proximity secure channel, and reading the balancing result information. As a result, the electronic money balancing is provided with a proximity security channel release unit 260 for extinguishing the disposable security key.

The mobile terminal 300 generates the balancing result information by balancing the electronic money value charged in the electronic money medium 310 for the electronic money payment, and then encrypts it through the one-time security key through the proximity security channel. When transmitting, the processing result receiving unit 255 receives and decrypts balancing result information from the mobile terminal 300 through the proximity secure channel. The proximity security channel release unit 260 reads the balancing result information to check whether the electronic money balancing is normally processed. If the electronic money balancing is normally processed, the proximity security channel is destroyed by erasing the disposable security key. Release it.

3 is a diagram illustrating a functional configuration of a portable terminal 300 according to an embodiment of the present invention.

In more detail, Figure 3 illustrates an application function configuration for processing electronic money payment through the value of the electronic money provided in the mobile terminal 300 through a near field communication (NFC), which is generally known in the art. Those skilled in the art will be able to infer various implementation methods for the function of the mobile terminal 300 by referring to and / or modifying the drawing 3, but the present invention includes all the implementation methods inferred However, the technical features are not limited only to the implementation method shown in FIG. 3 for convenience, the mobile terminal 300 is regarded as a smart phone equipped with an NFC module 315 by multiple access to a voice network and a data network.

Referring to FIG. 3, the mobile terminal 300 includes a control unit 301, a memory unit 311, a screen output unit 302, a key input unit 303, a sound output unit 304, and a sound input unit 305. And a wireless network communication module 308, a short range wireless communication module 307, a USIM reader unit 309, a USIM and NFC module 315, and a battery 306 for power supply.

The controller 301 is a generic term for controlling the operation of the portable terminal 300. The controller 301 includes at least one processor and an execution memory, and includes components and buses provided in the portable terminal 300. BUS). According to the present invention, the control unit 301 loads at least one program code included in the mobile terminal 300 through the processor into the execution memory, and calculates at least one result through the bus. By transmitting to the negative to control the operation of the mobile terminal (300). Hereinafter, for convenience, an application function component implemented in program code form will be described in the control unit 301 of FIG. 3 to implement the present invention.

The memory unit 311 is a general term for a nonvolatile memory included in the mobile terminal 300. The memory unit 311 may include at least one program code executed through the controller 301 and at least one data set used by the program code. Program code and data sets for storing and maintaining the application of the present invention are also stored in the memory unit 311. According to the method of the present invention, the memory unit 311 may be set to the electronic money medium 310 in which the electronic money value is recorded in the form of a data set of the application.

The screen output unit 302 includes a screen output device (for example, a liquid crystal display (LCD) device) and an output module for driving the same, and is connected to the control unit 301 by a bus to perform various operations of the control unit 301. The calculation result corresponding to the screen output is output to the screen output device.

The key input unit 303 is composed of a key input device (or a touch screen device interlocked with the screen output unit 302) having at least one key button, and an input module for driving the key input device. A command connected to a bus to command various operations of the controller 301 may be input, or data required for calculation of the controller 301 may be input.

The sound output unit 304 includes a speaker for outputting a sound signal and a sound module for driving the speaker. The sound output unit 304 is connected to the control unit 301 by a bus to correspond to the sound output among various calculation results of the control unit 301. The calculation result is output through the speaker. The sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.

The sound input unit 305 includes a microphone for receiving a sound signal and a sound module for driving the microphone, and transmits sound data input through the microphone to the controller 301. The sound module encodes and encodes a sound signal input through the microphone.

The wireless network communication module 308 is a generic term for a communication configuration for connecting wireless communication, and includes at least one antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving radio frequency signals of a specific frequency band. It is connected to the control unit 301 by a bus and transmits a calculation result corresponding to wireless communication among various calculation results of the control unit 301 through wireless communication, or receives data through wireless communication to the control unit 301. At the same time as the transmission, it maintains the procedure of connection, registration, communication, handoff of the wireless communication. According to the present invention, the wireless network communication module 308 may connect the mobile terminal 300 to a circuit switched voice network via a switch, or to a packet communication data network.

The short range wireless communication module 307 is configured as a short range communication module for connecting a communication session using a radio frequency signal as a communication medium within a predetermined distance, and may include at least one of Bluetooth communication, Wi-Fi communication, and public wireless communication. have. According to an embodiment, the short range wireless communication module 307 may be integrated with the wireless network communication module 308. According to the present invention, the short range wireless communication module 307 connects the portable terminal 300 to a packet communication data network.

The USIM reader unit 309 is a generic term for a configuration for exchanging at least one data set with a Universal Subscriber Identity Module mounted on or detached from the portable terminal 300 based on ISO / IEC 7816 standard. As an example, the data sets are exchanged in a half-duplex communication through an APDU (Application Protocol Data Unit).

The USIM is a SIM type card having an IC chip according to the ISO / IEC 7816 standard, an input / output interface including at least one contact point connected to the USIM reader unit 309, and at least one IC chip program code. And an IC chip memory for storing a data set, and a program code for the IC chip or extracting (or processing) the data set according to at least one command transmitted from the mobile terminal 300 connected to the input / output interface. It includes a processor for transmitting to the input and output interface. The USIM and USIM reader unit 309 may be replaced with an IC card and an IC card reader unit according to whether the portable terminal 300 is wirelessly communicated and the purpose of the terminal. According to an embodiment of the present invention, the memory of the USIM may be set in the electronic money medium 310 in which the electronic money value is recorded, and the processor of the USIM inquires, charges, refunds, and pays the electronic money value. Run

The NFC module 315 is a communication module for transmitting data between terminals at a close distance of about 10 cm according to a non-contact short range wireless communication standard using the 13.56Mz frequency band of the ISO 18000 series wireless communication standard. Connect the NFC module 315 and the adjacent communication channel. According to an embodiment, the NFC module 315 may be embodied integrally with the short range wireless communication module 307 or may be implemented as a separate communication module. According to the embodiment of the present invention, the NFC module 315 may be implemented in the form of an NFC chip having a processor and a memory, in which case the memory of the NFC chip is an electronic money medium 310 in which an electronic money value is recorded. It may be set, the processor of the USIM executes an applet to query, charge, refund and settle the value of the electronic money.

Referring to FIG. 3, the application of the mobile terminal 300 inquires, charges, refunds, and displays the electronic money value provided in the electronic money medium 310 by a user's key manipulation through the key input unit 303. Transaction screen display unit 320 for displaying a menu screen for payment, a charging mode for charging the value of the electronic money provided in the electronic money medium 310 in the transaction mode of the application according to the user's menu selection, the electronic money And a transaction mode setting unit 325 which sets a transaction mode of any one of the refund modes for refunding the electronic money value provided in the medium 310, wherein the charging mode, the refund mode, and the electronic money medium 310 The NFC module 315 is activated by setting a transaction mode of any one of the payment modes for processing the electronic money payment through the provided electronic money value, and the transaction screen display unit 320 displays the electronic money. Recognizing the payment device 200 capable of processing electronic money payment through the closed value in the forward direction and displays the NFC communication connection screen connecting the adjacent communication channel.

The transaction screen display unit 320 is provided in at least one electronic money medium 310 of the memory unit 311, the USIM memory, and the NFC chip memory by a user's key manipulation through the key input unit 303. Print menu to search, recharge, refund and settle the value of electronic money.

When the electronic money settlement menu is selected by a user's key operation while the menu is output, the transaction mode setting unit 325 sets the transaction mode of the application to the value of the electronic money provided in the electronic money medium 310. Set the payment mode to pay through.

If the transaction mode of the application is set to the payment mode, the transaction mode setting unit 325 activates the NFC module 315, the transaction screen display unit 320 through the activated NFC module 315 Recognizing the payment device 200 capable of electronic money payment through the electronic money value in the forward direction and displays the NFC communication connection screen for connecting the adjacent communication channel. Here, to recognize the payment device 200 in the forward direction means that the application is the subject to determine the target device to connect the proximity communication channel by selecting the transaction mode of the application as the payment mode.

Referring to FIG. 3, the application of the mobile terminal 300 corresponds to the electronic money medium 310 corresponding to the selected menu among one or more target devices that can communicate through the NFC module 315 activated by the user's menu selection. A proximity communication channel connection unit 330 for connecting a proximity communication channel by recognizing any one payment device 200 capable of processing electronic money payment to be reflected in the forward direction, and a proximity communication channel connected to the payment device 200. Exchanging a disposable security key with the payment device 200 through a key exchange channel including at least one communication using the electronic device, and automatically converts the electronic money medium 310 of the mobile terminal 300 to the payment device 200. Proximity secure channel agreement unit 345 for transmitting and identifying the terminal identification information to identify and obtain the device identification information for automatically identifying the payment device 200.

When the NFC module 315 is activated by setting the transaction mode of the application to the payment mode by the user's menu selection, the proximity communication channel connection unit 330 is capable of communicating through the activated NFC module 315. Check M (M≥1) target devices. Typically, the NFC module 315 is capable of communicating with the NFC module 205 in proximity of about 10cm, this close distance is within 10cm of the NFC module 205 of the target device to which the user connects the proximity communication channel to the mobile terminal ( 300) is close, and there are rarely two or more target devices capable of connecting a proximity communication channel at this close range. However, it is possible that there is more than one target device capable of connecting a proximity communication channel at a close distance within 10 cm in a space where the target device is dense, and the two or more target devices capable of connecting the proximity communication channel make payment of the electronic money. For example, the mobile terminal 300 may include a mobile terminal 300 held by a third party standing next to the user, as well as a communication connection target payment device 200 in which the user approaches the mobile terminal 300. In particular, other target devices other than the communication connection target payment device 200 in which the user moves the mobile terminal 300 out of two or more target devices located in the proximity to the RF dump device to hack the electronic money payment at any time. It is okay to see.

Accordingly, the proximity communication channel connection unit 330 excludes the target device that cannot process the electronic money payment corresponding to the selected menu among the M target devices that can communicate through the NFC module 315. M (1 ≦ m ≦ M) target devices corresponding to the payment device 200 capable of processing the electronic money payment are determined. If the m target devices are determined to be the only target device, the proximity communication channel connection unit 330 is connected to the payment device 200 corresponding to the only target device through the NFC module 315 and the proximity communication channel. Connect On the other hand, if the m target devices are more than one, the proximity communication channel connection unit 330 detects and displays the device identification information of the two or more target devices on the screen and corresponds to any one device identification information selected by the user. Connect the proximity communication channel with the payment device 200 corresponding to the only target device. Here, the proximity communication channel refers to an NFC communication channel equipped with basic security functions provided by the NFC module 315 and an NFC communication protocol.

When the proximity communication channel is connected to the payment device 200 capable of processing the electronic money payment, the proximity secure channel agreement unit 345 includes a key including at least one communication using the proximity communication channel connected to the payment device 200. The one-time security key is exchanged with the payment device 200 through an exchange channel, and the electronic money medium 310 of the mobile terminal 300 is automatically transferred to the payment device 200 in the process of exchanging the one-time security key. Simultaneously with the identification terminal identification information is transmitted, the device identification information for automatically identifying the payment device 200 is obtained and maintained while the electronic money payment is processed.

According to the first secure channel agreement method of the present invention, the application of the mobile terminal 300 further includes a key generation unit 335 for generating a public key and a private key for agreeing the secure channel, and the proximity of the mobile terminal 300. The secure channel agreement unit 345 transmits the public key and the terminal identification information to the payment device 200 through the proximity communication channel, and then receives the disposable security key encrypted through the public key from the payment device 200. And obtain and maintain device identification information for decrypting and automatically identifying the payment device 200, wherein the device identification information is obtained by reading a proximity communication protocol in a process of connecting the proximity communication channel or the disposable security key. It may be encrypted with and received from the payment device 200.

The key generation unit 335 generates a public key and a private key for agreeing a secure channel with the payment device 200 according to a designated key generation rule, and maintains the generated private key.

The proximity secure channel agreement unit 345 checks terminal identification information for automatically identifying the electronic money medium 310 of the mobile terminal 300. The terminal identification information is NFC chip information provided in the NFC module 315, portable terminal 300 information (eg, device serial number, telephone number, etc.), electronic money identification managed through the electronic money medium 310 Information, electronic money value information filled in the electronic money medium 310, and key information for injecting or subtracting the value into the electronic money.

When the terminal identification information is confirmed, the proximity secure channel agreement unit 345 transmits the generated public key and terminal identification information to the payment device 200 through the proximity communication channel. Thereafter, the payment device 200 generates a one-time security key while maintaining the received terminal identification information, encrypts the generated one-time security key through the received public key, and transmits it through the proximity communication channel. .

Meanwhile, the proximity secure channel settlement unit 345 is provided in the payment device 200 information or the payment device 200 in the process of connecting the proximity communication channel with the payment device 200 by the proximity communication channel connector 330. Acquiring device identification information including at least one NFC chip information of the NFC module 205, and a temporary key for encrypting the public key and the terminal identification information through the obtained device identification information (or a part of the device identification information). Can be generated. When the temporary key is generated, the proximity secure channel agreement unit 345 may encrypt the public key and the terminal identification information through the temporary key and transmit the encrypted encryption key to the payment device 200 through the proximity communication channel. The payment device 200 generates the temporary key through the device identification information (or a part of the device identification information) assigned to the device, decrypts the encrypted public key and the terminal identification information, and then decrypts the decrypted terminal identification information. A one-time security key is generated in the state of maintaining and the generated one-time security key is encrypted through the decrypted public key and transmitted through the proximity communication channel.

According to the second secure channel consensus method of the present invention, the application of the mobile terminal 300, the mobile terminal after confirming the device identification information (or a part of the device identification information) of the payment device 200 is connected to the portable communication channel And a device authentication information receiver 340 for receiving device authentication information mapped to the device identification information (or a part of the device identification information) from the authentication server 100 through a connectable data network of the terminal 300. The proximity secure channel agreement unit 345 exchanges the disposable security key according to a key agreement protocol previously agreed with the payment device 200 using the device authentication information as a key generation value, and the payment device 200 exchanges the disposable security key. The terminal identification information for automatically identifying the electronic money medium 310 of the mobile terminal 300 may be transmitted, and the device identification information for automatically identifying the payment device 200 may be obtained and maintained.

When the device identification information for identifying the payment device 200 is registered in the authentication server 100 on the network by the terminal or server of the payment device 200 or the terminal operating the payment device 200, the authentication server The device 100 generates device authentication information including a key value for authenticating the payment device 200, maps the device authentication information to the device identification information, stores the device authentication information, and downloads the generated device authentication information to the payment device 200.

When the device identification information and the device authentication information of the payment device 200 are mapped to the authentication server 100, the device authentication information receiver 340 may identify the device identification information of the payment device 200 connected to the proximity communication channel. Or a part of the device identification information), the authentication server 100 through the data network using any one of the short-range wireless communication module 307 or the wireless network communication module 308 of the mobile terminal (300). The device identification information (or a part of the device identification information) is confirmed to receive the device authentication information mapped to the device identification information (or a part of the device identification information) from the authentication server 100.

The proximity security channel agreement unit 345 exchanges the disposable security key according to a key agreement protocol previously agreed with the payment device 200 through the proximity communication channel using the device authentication information as a key generation value. In the process of agreeing the one-time security key, the terminal 200 transmits the terminal identification information for automatically identifying the electronic money medium 310 of the portable terminal 300 to the payment device 200.

Meanwhile, the proximity security channel agreement unit 345 may exchange the disposable security key with the payment device 200 by using at least one of the terminal authentication information and the device identification information as well as the device authentication information. have. Here, the key agreement protocol is a protocol for agreeing the one-time security key without directly transmitting and receiving the one-time security key to be agreed through the proximity communication channel, and preferably, may include a Secure Remote Password (SRP) protocol. In this case, at least two pieces of information of the device authentication information, the terminal identification information, and the device identification information may be used as I-Value and B-Value of the SRP protocol.

Referring to FIG. 3, the application of the portable terminal 300 recognizes the payment device 200 in both directions through the NFC module 315 based on the terminal identification information and the device identification information. Balancing the electronic money value provided in the electronic money medium 310 from the payment device 200 through the proximity security channel connection unit 355 for connecting a proximity security channel that is encrypted and decrypted through a key. The proximity transaction processing unit 360 which receives payment transaction information that encrypts the electronic money balancing information, and decrypts the encrypted payment transaction information through the agreed one-time security key, and then determines the electronic money value corresponding to the selected menu. The electronic money settlement authentication unit 365 for authenticating whether the balance information includes balance information, and the electronic money balance information of the authenticated electronic money balancing information. Reflecting, and having an electronic money settlement processing unit 370, which subtracts the value in the electronic money, and further comprising a coupon information determination unit 350 to determine the coupon information associated with the electronic money medium 310.

The transaction screen display unit 320 outputs an interface screen associated with the electronic money and determines a coupon available through the payment device 200, and the coupon information determiner 350 is connected to the key input unit 303. In conjunction with the interface screen to determine the coupon information available through the payment device 200. If the coupon information is automatically determined, the coupon information determining unit 350 may automatically determine coupon information available through the payment device 200 based on the device identification information identified through the proximity communication channel. have. On the other hand, if the payment device 200 does not discount the divided amount allocated to each mobile terminal 300 by using the coupon information, the coupon information determination unit 350 may be omitted.

At some point before, during, or after the coupon information is configured, the proximity security channel connection unit 355 exchanges the disposable security key through the NFC module 315 based on the terminal identification information and the device identification information. The payment device 200 recognizes each other in both directions and connects a proximity security channel through which the information transmitted and received through the disposable security key is encrypted and decrypted. Here, the mutual recognition of the payment device 200 in both directions means that the application recognizes the payment device 200 in which the disposable security key is exchanged through the device identification information, and the payment device 200. Also, it means that the mobile terminal 300 recognizes the disposable security key exchanged through the terminal identification information.

According to an embodiment of the present invention, when the coupon information is determined by the coupon information determining unit 350 associated with the electronic money medium 310 and available in the payment device 200, the proximity transaction processing unit 360 is Individual payment amount discounted by the coupon information from the payment device 200 through the proximity security channel after encrypting the coupon information through the one-time security key provided to the payment device 200 through the proximity security channel Receives payment transaction information encrypted with electronic money balancing information, including.

According to another exemplary embodiment of the present invention, coupon information associated with the electronic money medium 310 by the coupon information determining unit 350 and available in the payment device 200 is not determined, or the payment device 200 is determined. ) Does not discount the divided amount allocated to each mobile terminal 300 by using the coupon information, the proximity transaction processing unit 360 from the payment device 200 through the proximity secure channel to the mobile terminal (). Receive payment transaction information encrypted with electronic money balancing information including an individual payment amount corresponding to the divided amount allocated to 300.

Meanwhile, when the security application module 208 is provided in the payment device 200, the process of balancing the electronic money value provided in the electronic money medium 310 by receiving the electronic money balancing information may be performed in the payment device 200. Can be controlled by the security application module 208, and in this case, the proximity transaction processor 360 interoperates with the payment protocol of the security application module 208 to store the electronic money value provided in the electronic money medium 310. Can be balanced.

When the encrypted electronic money balancing information is received through the one-time security key through the proximity security channel, the electronic money settlement authentication unit 365 decrypts the encrypted electronic money balancing information through the agreed one-time security key. Verify that the decrypted electronic money balancing information includes information for balancing an electronic money value corresponding to a menu selected by the user.

If the electronic money balancing information is authenticated, the electronic money payment processing unit 370 reflects the authenticated electronic money balancing information on the electronic money medium 310 to balance the electronic money by subtracting the value.

Referring to FIG. 3, the application of the mobile terminal 300 generates a balancing result information for the electronic money payment and transmits the result of the processing to the payment device 200 through the proximity secure channel 375. And a proximity security channel releasing unit 380 for extinguishing the disposable security key when the electronic money balancing is normally processed.

The processing result transmitter 375 generates the balancing result information of the balance value of the electronic money, encrypts it through the disposable security key, and transmits the balance result information to the payment apparatus 200 through the proximity security channel. The channel release unit 380 releases the proximity security channel by extinguishing the disposable security key when the electronic money balancing is normally processed.

4 is a diagram illustrating a process for contiguous secure channel agreement according to an embodiment of the present invention.

In more detail, Figure 4 shows that after the application of the mobile terminal 300 recognizes the payment device 200 to process the electronic money payment in the forward direction according to the first secure channel agreement method of the present invention, the recognized payment device The public key and the private key for exchanging a one-time security key with the (200) is generated inside the mobile terminal (300) so that the public key can be identified only by the payment device (200) recognized in the forward direction. As a process of agreeing a one-time security key for connecting a proximity security channel between the mobile terminal 300 and the payment device 200 by distributing, the person having ordinary knowledge in the technical field to which the present invention belongs, By referring to and / or modifying FIG. 4, various implementation methods (e.g., some steps may be omitted or reordered) may be inferred for the proximity secure channel agreement process. However, the present invention includes all the implementation methods inferred, and the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 4, when a menu for processing payment is selected through the electronic money value of the electronic money medium 310 provided in the mobile terminal 300 by a user's manipulation (400), the mobile terminal 300 is selected. Set the transaction mode of the application to the payment mode corresponding to the selected menu and activate the NFC module 315 provided in the mobile terminal 300 (405).

* The mobile terminal 300 recognizes in advance the payment device 200 corresponding to the target device capable of processing the electronic money payment through the activated NFC module 315 (410), the NFC module 315 A proximity communication channel is connected to the forward recognized payment device 200 through 415.

The payment device 200 determines the payment amount by the user's operation (420), the mobile terminal 300 through the NFC module 205 on the basis of the recognition of the forward payment device 200 of the mobile terminal 300. And a proximity communication channel (425).

The mobile terminal 300 generates a public key and a private key for exchanging the disposable security key and the terminal identification information with the forward-recognized payment device 200 (430), and only in the forward-recognized payment device 200. The generated public key, the mobile terminal 300 and the electronic money through a decipherable temporary key (eg, an encryption key generated based on the device identification information of the payment device 200 recognized in the forward communication channel connection process). Encrypting terminal identification information for automatically identifying the medium 310 is transmitted to the payment device 200 through the proximity communication channel (435), the payment device 200 is encrypted through the proximity communication channel The public key and the terminal identification information are received and decrypted (440).

The payment device 200 generates a disposable security key for connecting the mobile terminal 300 and the proximity security channel (445), while maintaining the generated disposable security key and terminal identification information (450), The one-time security key is encrypted through the public key (or the device identification information of the payment device 200 can be encrypted together with the one-time security key) (455), and the encryption is performed by the mobile terminal 300 through the proximity communication channel. The disposable security key is transmitted (460).

The mobile terminal 300 receives the encrypted disposable security key through the proximity communication channel (465), and decrypts the encrypted disposable security key through the private key (or decrypts device identification information together). After 470, the one-time security key and device identification information is maintained (475).

5 is a diagram illustrating a process of contiguous secure channel agreement according to another embodiment of the present invention.

In more detail, FIG. 5 illustrates an application of the mobile terminal 300 in a state in which device identification information and device authentication information of the payment device 200 are mapped to the authentication server 100 according to the second secure channel agreement method of the present invention. After receiving the device authentication information of the payment device 200 by transmitting the device identification information of the payment device 200 confirmed in the process of connecting the payment device 200 and the proximity communication channel to the authentication server 100, A process of agreeing a one-time security key for connecting the payment device 200 and the proximity security channel without substantially exchanging a one-time security key through the proximity communication channel using the device authentication information as a key generation value. As one skilled in the art to which the present invention pertains, various implementation methods (e.g., some steps) for the proximity secure channel agreement process may be made by referring to and / or modifying the present invention. That would be able to infer the exemplary method), or, or a sequence that is changed is omitted, the present invention is made, including any exemplary way in which the inference, to which the the technical features are not limited to the exemplary method shown in the figure 5.

Referring to FIG. 5, the payment device 200 registers device identification information that can be automatically identified by an application of the mobile terminal 300 in a process of connecting a proximity communication channel with the mobile terminal 300 through the authentication server 100. In operation 500, the authentication server 100 generates device authentication information to be assigned to the payment device 200 (505), and stores the device identification information and the device authentication information by mapping them (510). The device authentication information is transmitted to the payment device 200 (515), and the payment device 200 downloads and maintains the device authentication information (520).

Subsequently, when a menu for processing payment is selected by processing payment through the electronic money value of the electronic money medium 310 provided in the mobile terminal 300 (525), the mobile terminal 300 of the application The transaction mode is set to the payment mode corresponding to the selected menu and the NFC module 315 provided in the mobile terminal 300 is activated (530).

The mobile terminal 300 recognizes the payment device 200 corresponding to the target device capable of processing the electronic money payment through the activated NFC module 315 in the forward direction (535), and recognizes the NFC module 315. A proximity communication channel is connected to the forward recognized payment device 200 through 540.

The payment device 200 determines the payment amount by the user's operation (545), the mobile terminal 300 through the NFC module 205 on the basis of the recognition of the forward payment device 200 of the mobile terminal (300). And the proximity communication channel (550).

The mobile terminal 300 checks the device identification information of the payment device 200 in the process of connecting the proximity communication channel, and to the authentication server 100 through a data network to which the mobile terminal 300 is accessible. The device identification information is transmitted by requesting device authentication information mapped with the device identification information (555), and the authentication server 100 authenticates the validity of the mobile terminal 300 that transmits the device identification information (eg, When the application is downloaded to the mobile terminal 300, information for authenticating the validity of the application is stored in a storage medium associated with the authentication server 100, and the application is authenticated based on the stored information (560). In operation 565, the device authentication information mapped to the device identification information is extracted and transmitted to the authenticated mobile terminal 300.

The mobile terminal 300 uses the received device authentication information as the key generation value (or further uses the device identification information and the terminal identification information as the key generation value) to agree the key agreement protocol agreed with the payment device 200 ( In accordance with the SRP protocol), the one-time security key is agreed (570), and the agreed one-time security key and the device identification information are connected and maintained (575).

Meanwhile, the payment device 200 also uses the device authentication information downloaded from the authentication server 100 as a key generation value (or further uses the device identification information and terminal identification information as key generation values) and the portable terminal 300. The one-time security key is agreed according to the application of the agreement and the key agreement protocol (SRP protocol) (570), and the connection with the agreed one-time security key and the terminal identification information is maintained (580).

6 is a diagram illustrating an electronic money settlement process using proximity communication according to an embodiment of the present invention.

In more detail, FIG. 6 illustrates a process of dividing a payment amount for each of n mobile terminals 300 in close communication with the payment device 200, and has a general knowledge in the technical field to which the present invention belongs. However, various implementation methods (for example, some steps may be omitted or the order may be changed) of the electronic money settlement process may be inferred by referring to and / or modifying the present invention, but the present invention may infer the above-mentioned. It is made to include all the implementation methods, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 6, the payment apparatus 200 recognizes N mobile terminals 300 with electronic money through the process illustrated in FIG. 4 or FIG. 5 (600), and the N mobile terminals 300. And then determine n payment target mobile terminals 300 corresponding to the electronic money medium 310 to be paid by dividing the payment amount (605), and n payment amounts divided by the payment amount are n mobile terminals. Assigned to 300 (610).

At some point before, during, or after the n payment amounts are allocated to the n mobile terminals 300, the payment device 200 is connected with the proximity secure channel connection of the mobile terminal 300 to the terminal identification information. And mutually recognizing the mobile terminal 300 through the NFC module 205 based on the device identification information to connect the proximity security channel that is encrypted and decrypted through the agreed disposable security key (615), the mobile terminal 300 ) Also recognizes the payment device 200 through the NFC module 315 based on the terminal identification information and the device identification information, and connects a proximity security channel that is encrypted and decrypted through the agreed one-time security key (615). .

The mobile terminal 300 is associated with the electronic money medium 310 at some point before, during, and after the proximity security channel is connected, and checks coupon information available in the payment device 200 (620). When the coupon information is confirmed, the coupon information is encrypted with the disposable security key through the proximity security channel and transmitted to the payment device 200 (625), the payment device 200 is the n mobile terminals (300) Selectively discount the divided amount of the mobile terminal 300 having at least one coupon available for the payment according to the discount rate of the coupon to calculate the individual payment amount of the mobile terminal 300, but does not have a coupon The divided amount of the mobile terminal 300 is maintained as it is and determined as an individual payment amount of the mobile terminal 300 (630).

The payment device 200 configures electronic money balancing information for balancing the respective individual payments in the electronic money value of the electronic money medium 310 provided in the n mobile terminals 300 (635). After encrypting the electronic money balancing information through a disposable security key to configure payment transaction information (640), the payment transaction information is transmitted to the mobile terminal (300) through the proximity security channel (645). On the other hand, if the security application module 208 is provided in the payment device 200, the electronic money balancing information can be provided to the mobile terminal 300 according to the payment protocol of the security application module 208.

The mobile terminal 300 receives the payment transaction information through the proximity secure channel (650), and then decrypts the payment transaction information through the agreed disposable security key to process shown in FIG. 4 or FIG. Through the authentication of the electronic money balance corresponding to the electronic money payment corresponding to the selected menu through the electronic money balancing is authenticated (655).

If the validity of the electronic money payment through the payment transaction information is authenticated, the mobile terminal 300 reflects the electronic money balancing information included in the payment transaction information to the electronic money medium 310 to subtract the electronic money value. Balancing (660), and generates the balancing result information corresponding to the result of balancing the electronic money value, encrypted through the one-time security key and transmitted through the proximity secure channel (665), the figure 4 or 5 Through the process shown in Figure 1, the disposable security key agreed with the payment device 200 is extinguished (670).

The payment device 200 receives the balancing result information, decrypts it through the one-time security key 675, and reads the balancing result information to check whether the electronic money balancing is normally processed (680). If the electronic money balancing is normally processed, the payment device 200 destroys the disposable security key agreed with the mobile terminal 300 through the process illustrated in FIG. 4 or 5 (685).

100: authentication server 200: payment device
205: NFC module 215: proximity communication channel connection
220: electronic money medium recognition unit 225: payment target medium determination unit
230: payment amount division allocator 235: proximity secure channel agreement unit
240: Proximity secure channel connection unit 245: Individual payment amount determination unit
250: individual payment amount payment unit 255: processing result receiving unit
260: proximity security channel release unit 300: mobile terminal
310: electronic money media 315: NFC module
320: transaction screen display unit 325: transaction mode setting unit
330: proximity communication channel connection unit 335: key generation unit
340: device authentication information receiving unit 345: proximity security channel agreement unit
350: coupon information determining unit 355: proximity security channel connection unit
360: proximity transaction processing unit 365: electronic money payment authentication unit
370: electronic money payment processing unit 375: processing result transmission unit
380: proximity security channel release unit

Claims (8)

In a mobile terminal having a Near Field Communication (NFC) module and an electronic money medium,
A proximity communication channel connection unit for connecting a proximity communication channel by recognizing a payment device capable of processing electronic money payment to be reflected on the electronic money medium through an NFC module activated by a user selecting the electronic money payment menu in the portable terminal;
A proximity security channel agreement unit for agreeing a one-time security key for switching the proximity communication channel and the proximity communication channel to a proximity security channel through the proximity communication channel;
Proximity security channel connecting unit for connecting the proximity security channel that is encrypted and decrypted through the agreed disposable security key by mutually recognizing the payment device in both directions through the NFC module;
A proximity transaction processing unit receiving payment transaction information that encrypts information on an electronic money value to be reflected in the electronic money medium from the payment device through the proximity security channel;
An electronic money payment authentication unit for authenticating whether the encrypted payment transaction information is decrypted through the agreed one-time security key and including information on the electronic money value to be reflected in the electronic money medium; And
And a digital money settlement processing unit for subtracting the electronic money value of the electronic money medium through the authenticated electronic money value.
The method of claim 1,
Further comprising a key generation unit for generating a public key and a private key,
The proximity secure channel agreement unit,
Device identification for transmitting and receiving the public key and terminal identification information to the payment device through the proximity communication channel, receiving and decrypting the encrypted disposable security key through the public key from the payment device, and automatically identifying the payment device. Obtain and retain information,
The device identification information,
And a mobile terminal obtained by reading a proximity communication protocol in the process of connecting the proximity communication channel or encrypted with the disposable security key and received from the payment device.
The method of claim 2, wherein the proximity secure channel agreement unit,
And encrypting and transmitting the public key and the terminal identification information through a temporary key determined through the device identification information (or a part of the device identification information) obtained in the process of connecting the proximity communication channel.
The method of claim 1,
After checking the device identification information of the payment device connected to the proximity communication channel is further provided with a device authentication information receiving unit for receiving the device authentication information mapped with the device identification information from the authentication server through a data network connectable to the mobile terminal,
The proximity secure channel agreement unit,
By using the device authentication information as a key generation value, the terminal identification information for exchanging the disposable security key according to a key agreement protocol previously agreed with the payment device and automatically identifying the mobile terminal and the electronic money medium with the payment device. And a terminal for acquiring and maintaining device identification information for automatically identifying the payment device.
5. The method of claim 4,
The proximity secure channel agreement unit,
And at least one of the terminal identification information and the device identification information as a key generation value to exchange the disposable security key with the payment device.
The method of claim 1, wherein the proximity transaction processing unit,
When coupon information associated with the electronic money medium and available in the payment device is determined, the coupon information is encrypted through the disposable security key and provided to the payment device through the proximity security channel, and then the payment is performed through the proximity security channel. Receive payment transaction information encrypted with information on electronic money value including payment amount discounted by the coupon information from the device, or
And when the coupon information is not determined, receiving payment transaction information that encrypts information on an electronic money value including a payment amount allocated to the mobile terminal from the payment device through the proximity secure channel. Terminal.
The method of claim 1,
A processing result transmitter configured to generate result information of the electronic money settlement and transmit the result information to the payment apparatus through the proximity secure channel;
And a proximity security channel release unit for extinguishing the disposable security key when the electronic money payment is successfully processed.
In the electronic money payment method using a near field communication of a mobile terminal having a NFC (Near Field Communication) module and an electronic money medium,
Connecting a proximity communication channel by recognizing a payment device capable of processing electronic money payment to be reflected on the electronic money media through an NFC module activated by a user selecting the electronic money payment menu in the portable terminal;
Negotiating a disposable security key for switching the proximity communication channel to a proximity security channel through the proximity communication channel;
Connecting the proximity security channel encrypted and decrypted through the agreed disposable security key by mutually recognizing the payment device in both directions through the NFC module;
Receiving payment transaction information encrypting information on an electronic money value to be reflected in the electronic money medium from the payment device through the proximity secure channel;
Decrypting the encrypted payment transaction information through the agreed one-time security key and then authenticating whether the electronic payment value includes information about an electronic money value to be reflected; And
Subtracting the electronic money value of the electronic money medium through the authenticated electronic money value.

Images