KR101803786B1 - Pos terminal, card reader, system and method for distributing encrypt key thereof - Google Patents

Pos terminal, card reader, system and method for distributing encrypt key thereof Download PDF

Info

Publication number
KR101803786B1
KR101803786B1 KR1020150067881A KR20150067881A KR101803786B1 KR 101803786 B1 KR101803786 B1 KR 101803786B1 KR 1020150067881 A KR1020150067881 A KR 1020150067881A KR 20150067881 A KR20150067881 A KR 20150067881A KR 101803786 B1 KR101803786 B1 KR 101803786B1
Authority
KR
South Korea
Prior art keywords
key
van
server
encrypted
authentication
Prior art date
Application number
KR1020150067881A
Other languages
Korean (ko)
Other versions
KR20160071999A (en
Inventor
박용현
Original Assignee
한국정보통신주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국정보통신주식회사 filed Critical 한국정보통신주식회사
Publication of KR20160071999A publication Critical patent/KR20160071999A/en
Application granted granted Critical
Publication of KR101803786B1 publication Critical patent/KR101803786B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • G07G1/14Systems including one or more distant stations co-operating with a central processing unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Abstract

A POS terminal device, a card reader module, a cryptographic key distribution system using the same, and a method thereof are disclosed. The encryption system includes a VAN server for providing a public key for authentication, a private key for authentication corresponding to a public key for authentication, and a cryptographic key for encrypting card information; A key distribution server storing an authentication public key provided from one or more VAN servers; Card reader module; And the VAN code information to the key distribution server, receives the authentication public key of the VAN server corresponding to the transmitted VAN code information from the key distribution server, and transmits the authentication public key to the card reader module, and uses the authentication public key of the VAN server And a POS terminal that receives an encryption key from the VAN server and transmits the encryption key to the card reader module.

Description

TECHNICAL FIELD [0001] The present invention relates to a POS terminal device, a card reader module, a cipher key distribution system using the same, and a POS terminal device,

The present invention relates to a cryptographic key distribution system and a method thereof, and more particularly, to a cryptographic key distribution system and a method thereof capable of improving a processing speed and a transmission rate while minimizing the threat of hacking when encrypting and transmitting card information will be.

As card settlement becomes generalized, it is practically difficult to provide each terminal connected to each credit card in the position of a card merchant, so the settlement proxy server is used. The Value Added Network (VAN) server performs various roles, but typically receives the payment request from the merchant, transmits the request to the credit card company, receives the result of approval / inquiry, and transmits the result to the merchant do.

1 is a block diagram showing a general payment system.

1, the general payment system includes a POS (point of sale) terminal 200, a card reader module (also referred to as a MSR (magnetic stripe reader) 100), a VAN server 300, And a server (not shown).

The POS terminal 200 is provided with a point-of-sale management function and includes a card reader module 100 for encrypting card information read from a predetermined customer card for electronic settlement processing so that encrypted card information (and / Information) of the payment approval request.

In general, the card reader module 100 and the POS terminal 200 are often combined and are generally referred to as a POS terminal or a POS. However, in the present invention, the card reader module 100 and the POS terminal 200 are separately described for clarity of these terms, and the combined form is referred to as a POS system.

Although not specifically described in the present invention, the card reader module 100 may exist separately from the POS terminal 200 and may be a mobile computing device such as a PC, a smart phone, a personal digital assistant (PDA) It can also be used in combination through an interface suitable for each device.

In addition, the POS terminal 200 includes a POS module 210 and a gateway module 220.

The POS module 210 functions to generate an approval request message using the card information received from the card reader module 100. [ When the settlement action occurs at the merchant, the card information read by the card reader module 100 is input to the POS module 210 through the input interface (not shown) of the POS terminal 200, The POS module 210 performs a function of receiving payment information, payment history information, and signature information of a payer to generate payment approval telegrams. The generated payment approval text is transmitted to the gateway module 220.

The gateway module 220 sends an approval request to the VAN server 300 connected to the POS terminal 200 or instructed by the corresponding payment approval specialist. Then, the VAN server 300 relays and processes the approval request to the card company, and transmits the approval response to the gateway module 220 of the POS terminal 200 again. The gateway module 220 transfers the received approval response to the POS module 210, and the POS module 210 terminates the settlement process by outputting a receipt or the like.

However, as described above, the card reader module 100 may be separated from the POS terminal 200 and used independently. The card reader module 100 is connected to the POS terminal 200 or another connection target terminal through a predetermined connection interface. Data (in particular, card information) received from the card reader module 100 to the POS terminal 200 is used by the POS module 210 to generate an approval request telegram.

The POS module 210 may be implemented in software or software to generate an authorization request telegram, and in view of the fact that the POS terminal 200 is operated using a computer-based operating system, The POS terminal 200 has a problem of hacking at a level of a connection interface (hardware) with the card reader module 100 and a software level inside the POS terminal 200. [

As a background art of the present invention, it is disclosed in "POS System and Card Information Encryption Payment Method Using It" of Korean Registered Patent Publication No. 10-1449644 (public announcement date: Oct. 15, 2014).

SUMMARY OF THE INVENTION The present invention has been made in order to solve the above-mentioned problems, and it is an object of the present invention to provide a cryptographic key distribution system capable of minimizing the threat of hacking when encrypting and transmitting card information, A key distribution system and a method thereof.

The POS terminal device according to an aspect of the present invention is connected to a card reader module and transmits VAN code information to a key distribution server and transmits a public key for authentication of a VAN server corresponding to the transmitted VAN code information to the key distribution server Receives the encryption key from the VAN server using the authentication public key of the VAN server and transmits the encryption key to the card reader module, and transmits the card information encrypted with the encryption key to the card reader module Lt; / RTI >

A card reader module according to an aspect of the present invention is connected to a POS terminal device and receives a public key for authentication of a VAN server corresponding to code information of a VAN to be used from the key distribution server through the POS terminal device, Receives the encryption key from the VAN server through the POS terminal device using the public key for authentication of the received VAN server, encrypts the read card information with the received encryption key, and transmits the encrypted card information to the POS terminal device.

A cryptographic key distribution system according to an aspect of the present invention includes: a VAN server for providing a public key for authentication, a private key for authentication corresponding to the public key for authentication, and a cryptographic key for encrypting card information; A key distribution server storing an authentication public key provided from at least one of the VAN servers; Card reader module; And transmits the VAN code information to the key distribution server, receives a public key for authentication of the VAN server corresponding to the transmitted VAN code information from the key distribution server, and transmits the authentication public key to the card reader module, And a POS terminal for receiving the encryption key from the VAN server using the public key for transmission to the card reader module.

According to an aspect of the present invention, there is provided a method for distributing cryptographic keys, the method comprising: transmitting VAN code information to a key distribution server, the POS terminal device being connected to a card reader module; Receiving a public key for authentication of the VAN server corresponding to the transmitted VAN code information from the key distribution server; Transmitting a public key for authentication of the VAN server received from the key distribution server to the card reader module; Receiving an encryption key for encrypting card information from the VAN server using a public key for authentication of the VAN server; And transmitting the encryption key received from the VAN server to the card reader module.

A cipher key distribution method according to another aspect of the present invention is a method for distributing cipher keys in a card reader module that is connected to a POS terminal device and includes a public key for authentication of a VAN server corresponding to code information of a VAN to be used, Receiving from the key distribution server through the key distribution server; Receiving an encryption key for encrypting card information from the VAN server via the POS terminal device using the public key for authentication of the received VAN server; And storing the received encryption key.

Meanwhile, the cipher key distribution method may be implemented by a computer-readable recording medium on which a program for execution by a computer is recorded.

The cryptographic key distribution system and method according to the present invention are characterized by receiving the authentication public key of the VAN server corresponding to the code information of the VAN to be used from the key distribution server and using the authentication public key of the VAN server received from the key distribution server By receiving the encryption key for encrypting the card information from the VAN server, the processing speed and transmission speed can be improved while minimizing the threat of hacking.

1 is a block diagram showing a general payment system.
2 is a block diagram illustrating an encryption key distribution system according to an embodiment of the present invention.
3 is a flowchart illustrating an encryption key distribution method according to an embodiment of the present invention.

Hereinafter, an encryption key distribution system and method according to the present invention will be described with reference to the accompanying drawings. In this process, the thicknesses of the lines and the sizes of the components shown in the drawings may be exaggerated for clarity and convenience of explanation. In addition, the terms described below are defined in consideration of the functions of the present invention, which may vary depending on the intention or custom of the user, the operator. Therefore, definitions of these terms should be made based on the contents throughout this specification.

2 is a block diagram illustrating an encryption key distribution system according to an embodiment of the present invention.

2, the cryptographic key distribution system according to an embodiment of the present invention includes a gateway module 220, a key distribution server 400, and a card reader module 100. As shown in FIG.

In this embodiment, the gateway module 220 is provided in the POS terminal 200 and serves as a gateway for distributing data. Accordingly, the gateway module 220 may be installed in a mobile computing device such as a PC or a smart phone, a personal digital assistant (PDA), or a tablet, The cryptographic key distribution system according to the embodiment of the present invention may be configured.

The gateway module 220 receives the VAN code information for the VAN server 300 to be used from the POS module 210 and transmits the VAN code information to the key distribution server 400. The gateway module 220 encrypts Receives the public key for authentication of the VAN server 300 and transmits it to the card reader module 100.

As shown in FIG. 2, the card reader module 100 and the key distribution server 400 store the public key for distribution and the private key for distribution corresponding to each other, and the authentication of the VAN server 300 The public key for public key may be obtained using a public key for distribution previously stored in the card reader module 100. [

The gateway module 220 receives the random key encrypted with the public key for authentication of the VAN server 300 from the card reader module 100 and transmits the encrypted random key to the VAN server 300 according to the VAN code information, Receives the symmetric encryption key of the VAN server 300 encrypted with the random key, and transmits the symmetric encryption key to the card reader module 100.

Since the gateway module 220 is installed at the general application level in the POS terminal 200 and merely serves as a gateway for distributing data, the probability of causing a collision with another security module such as an operating system or a driver is considerably low, The probability is low and the encryption logic is kept secret even if it is hacked, so the stability can be maintained.

The key distribution server 400 stores a public key for authentication of the VAN server 300 provided from at least one VAN server 300. The VAN server 300 corresponding to the VAN code information received from the gateway module 220 ) With the distribution private key and transmits the encrypted public key to the gateway module 220. [

The public key for authentication of the VAN server 300 to be distributed by the key distribution server 400 is used in the asymmetric encryption / decryption method and is used for the authentication private key corresponding to the authentication public key And a key capable of decrypting the data) are held in the VAN server 300. More specifically, the VAN server 300 has a unique public key for authentication and a private key for authentication, and provides the public key for authentication to the key distribution server 400, and the private key for authentication is transmitted to the VAN server 300). Therefore, when decrypting the data encrypted with the public key for authentication of the disclosed VAN server 300, it can not be decrypted with the private key for authentication of the other VAN server 300 and only the private key for authentication of the corresponding VAN server 300 It can be decrypted so that it can prevent hacking damage.

The key distribution server 400 in this embodiment can enhance security by encrypting and transmitting the public key for authentication of the VAN server 300 through its own private key for distribution.

The card reader module 100 decrypts the public key for authentication of the VAN server 300 received from the gateway module 220 using a public key for distribution, which is connected to the POS terminal 200 using a serial interface such as USB or RS232 Generates a random key, encrypts the authentication public key of the VAN server 300 through the random key, and transmits the encrypted public key to the gateway module 220.

The card reader module 100 decrypts the symmetric encryption key of the VAN server 300, which is encrypted with the random key received from the gateway module 220, with a random key, and then stores the encrypted card information so that the card information can be encrypted with the symmetric encryption key.

Here, the symmetric encryption key is a cryptographic key used for encryption and decryption of card information in the VAN server 300 and the card reader module 220 through a symmetric encryption algorithm, and the VAN server 300 generates and provides a new key every time .

The symmetric cryptographic key has an advantage that the processing speed and the transmission speed in the card reader module 100 and the like are remarkably improved as compared with the case of using the asymmetric cryptographic key of the public key / private key scheme. This is because asymmetric encryption algorithms are complicated and have limited processing speed, whereas symmetric encryption algorithms are much simpler than asymmetric encryption algorithms, and data processing speed is much faster.

In this embodiment, the encryption algorithm using the same symmetric encryption key is used for encryption and decryption in the VAN server 300 and the card reader module 100. However, in order to provide the symmetric encryption key, the public key for authentication and the random key The asymmetric encryption algorithm of the public key / private key scheme is used.

Therefore, in the present embodiment, since both the symmetric encryption algorithm and the asymmetric encryption algorithm are used, it is practically impossible to attempt to hack it from the outside without understanding the entire encryption process. In addition, since the card information is encrypted in the card reader module 100, security is enhanced as compared with a configuration in which unencrypted information is received and encrypted at the POS terminal 200. [ Since the gateway module 220 performs only a simple function of distributing data, the possibility of settlement failure due to a collision with other programs / operating systems is significantly lowered.

As described above, according to the cipher key distribution system according to the embodiment of the present invention, in order to distribute the symmetric cipher key of the VAN server, the key distribution server distributes the public key for authentication of the VAN server with the distribution private key, In order to allow the module to encrypt and receive symmetric cryptographic keys directly from the VAN server through the public and random keys for authentication, it is possible to minimize the threat of hacking and to improve the processing speed and transmission speed by using symmetric cryptographic keys do.

3 is a flowchart illustrating an encryption key distribution method according to an embodiment of the present invention.

3, in the cipher key distribution method according to an embodiment of the present invention, the gateway module 220 receives the VAN code information for the VAN server 300 to be used from the POS module 210 To the key distribution server 400 (S12).

In this embodiment, the gateway module 220 is provided in the POS terminal 210 and serves as a gateway for distributing data.

Then, the key distribution server 400 encrypts the authentication public key of the VAN server 300 corresponding to the VAN code information received from the gateway module 220 using the distribution private key (S14).

Then, the key distribution server 400 transmits the authentication public key (private key for authentication public key distribution) of the encrypted VAN server 300 to the gateway module 220 (S16).

In this way, the key distribution server 400 stores the public key for authentication of the VAN server 300 provided from at least one or more VAN servers 300, and the VAN server 300 corresponding to the VAN code information received from the gateway module 220 Encrypts the authentication public key of the public key management module 300 with the distribution private key, and transmits the encryption key to the gateway module 220.

The public key for authentication of the VAN server 300 to be distributed by the key distribution server 400 is used in the asymmetric encryption / decryption method and is used for the authentication private key corresponding to the authentication public key And a key capable of decrypting the data) are held in the VAN server 300.

The gateway module 220 receives the public key for authentication (the private key for [authentication public key] distribution) of the VAN server 300 encrypted with the private key for distribution from the key distribution server 400 and transmits it to the card reader module 100 (S18).

Then, the card reader module 100 decrypts the public key for authentication of the received VAN server 300 using the public key for distribution (S20).

The key distribution server 400 encrypts the public key for authentication of the VAN server 300 with the distribution private key in steps S14 to S20 and then transmits the public key to the card reader module 100, and the card reader module 100 is decrypted using the public key for distribution. However, the present invention is not limited to this, Various methods for obtaining the public key for authentication of the server 300 can be used.

According to another embodiment of the present invention, similarly to the encryption key transfer method between the VAN server 300 and the card reader module 100, the card reader module 100 generates an arbitrary random key, And transmits the encrypted random key to the key distribution server 400 through the gateway module 220 of the POS terminal 200. The key distribution server 400 decrypts the random key with the private key for distribution, The authentication public key may be encrypted with the decrypted random key and transmitted to the gateway module 220. [ In this case, the card reader module 100 receives the authentication public key of the VAN server 300 encrypted with the random key from the gateway module 220, and transmits the public key for authentication of the received encrypted VAN server 300 It can be decoded with a random key.

The card reader module 100 then generates an arbitrary random key (S22). Then, the card reader module 100 encrypts the random key using the public key for authentication of the decrypted VAN server 300 (S24).

After the random key is encrypted using the authentication public key of the VAN server 300, the card reader module 100 transmits a random key (a public key for [random key] authentication) encrypted with the authentication public key to the gateway module 220 (S26).

The gateway module 220 receives the random key (a public key for [random key] authentication) encrypted by the authentication public key of the VAN server 300 received from the card reader module 100 from the POS module 210 To the corresponding VAN server 300 according to the VAN code information of the VAN server 300 (S28).

In the VAN server 300 receiving the random key (random key) authentication public key encrypted with the public key for authentication of the VAN server 300 from the card reader module 100 in the VAN server 300, The random key is decrypted through the authentication private key (authentication private key corresponding to the authentication public key) capable of decrypting the data encrypted by the key (S30). Then, the VAN server 300 encrypts the symmetric encryption key stored in the VAN server 300 through the decrypted random key (S32).

Here, the symmetric encryption key is a cryptographic key used for encryption and decryption of card information in the VAN server 300 and the card reader module 220 through a symmetric encryption algorithm, and the VAN server 300 generates and provides a new key every time .

The gateway module 220 receives the symmetric encryption key ([symmetric encryption key] random key) encrypted using the random key from the VAN server 300 (S34). Then, the gateway module 220 transmits the encrypted symmetric encryption key ([symmetric encryption key] random key) to the card reader module 100 (S36)

The card reader module 100 receives the symmetric encryption key encrypted with the random key, and decrypts the encrypted symmetric encryption key using the random key generated in step S22 (S38). Then, the card reader module 100 stores the decrypted symmetric encryption key, encrypts the encrypted card information with the symmetric encryption key, and proceeds with the settlement (S40).

The symmetric cryptographic key has an advantage that the processing speed and the transmission speed in the card reader module 100 and the like are remarkably improved as compared with the case of using the asymmetric cryptographic key of the public key / private key scheme. This is because asymmetric encryption algorithms are complicated and have limited processing speed, whereas symmetric encryption algorithms are much simpler than asymmetric encryption algorithms and thus the data processing speed is much faster.

In this embodiment, the encryption algorithm using the same symmetric encryption key is used for encryption and decryption in the VAN server 300 and the card reader module 100. However, in order to provide the symmetric encryption key, the public key for authentication and the random key The asymmetric encryption algorithm of the public key / private key scheme is used.

As described above, according to the encryption key distribution method according to the embodiment of the present invention, in order to distribute the symmetric encryption key of the VAN server, after distributing the public key for authentication of the VAN server with the distribution private key at the key distribution server, The module can receive the symmetric encryption key directly from the VAN server through the authentication public key and the random key, thereby minimizing the threat of hacking and improving the processing speed and transmission speed by using the symmetric encryption key .

In the above description, the card reader module receives the symmetric encryption key from the VAN server and encrypts the encryption key. However, the present invention is not limited thereto.

For example, according to another embodiment of the present invention, an asymmetric encryption algorithm of a public key / private key scheme may be used in the card reader module and the VAN server to encrypt card information.

Meanwhile, the cipher key distribution method according to various embodiments of the present invention described above can be implemented in the form of program code and provided to each server or devices in a state stored in various non-transitory computer readable media. have.

A non-transitory readable medium is a medium that stores data for a short period of time, such as a register, cache, memory, etc., but semi-permanently stores data and is readable by the apparatus. In particular, the various applications or programs described above may be stored on non-volatile readable media such as CD, DVD, hard disk, Blu-ray disk, USB, memory card, ROM,

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. I will understand.

Accordingly, the true scope of the present invention should be determined by the following claims.

100: card reader module 200: POS terminal
210: POS module 220: Gateway module
300: VAN server 400: key distribution server

Claims (22)

A POS terminal device connected to a card reader module,
Receives the arbitrary key encrypted with the distribution private key received from the card reader module, transmits the arbitrary key and the VAN code information encrypted with the distribution private key to the key distribution server, and corresponds to the transmitted VAN code information Receiving a public key for authentication of the VAN server encrypted with the arbitrary key from the key distribution server and transmitting the encrypted public key to the card reader module and transmitting an arbitrary key encrypted using the authentication public key of the VAN server to the VAN server And receives an encryption key for encrypting the card information according to an encryption and decryption algorithm for VAN company card information corresponding to the VAN code information, and transmits the encrypted key to the card reader module And receives the card information encrypted with the encryption key from the card reader module. The method according to claim 1,
A gateway module for performing data transmission and reception with the key distribution server, the VAN server, and the card reader module; And
And a POS module for generating an approval request telegram using the encrypted card information received from the card reader module. The method of claim 1, wherein the public key for authentication of the VAN server
And a public key for distribution stored in the card reader module. The method according to claim 1,
A random key encrypted with a public key for authentication of the VAN server is received from the card reader module and is transmitted to the VAN server, and the random key received from the VAN server encrypted with the random key is transmitted to the card reader module Terminal device. The method according to claim 1,
Wherein the cryptographic key received from the VAN server is a symmetric cryptographic key that is different from the authentication public key method and is also used to decrypt the card information in the VAN server. A card reader module connected to a POS terminal device,
The public key for authentication of the VAN server corresponding to the code information of the VAN to be used and encrypted with the arbitrary key is transmitted through the POS terminal device to the POS terminal device, And transmits the decrypted key to the VAN server using the public key for authentication of the decrypted VAN server to the VAN server through the POS terminal device and is encrypted with the arbitrary key from the VAN server, A card receiving encrypted key information for encrypting card information according to an encryption and decryption algorithm for VAN card information corresponding to VAN code information, encrypting the read card information with the received encryption key, and transmitting the encrypted card information to the POS terminal device Reader module. The method of claim 6, wherein the public key for authentication of the VAN server
And a card reader module which is obtained by using a distribution public key stored in the card reader module. The method according to claim 6,
Generating a random key corresponding to the arbitrary key, encrypting the generated random key with a public key for authentication of the VAN server, and transmitting the encrypted random key to the VAN server through the POS terminal device,
Wherein the encryption key received from the VAN server is encrypted with the random key. The method according to claim 6,
Wherein the cryptographic key received from the VAN server is a symmetric cryptographic key that is different from the public key scheme for authentication and is also used to decrypt the card information in the VAN server. A VAN server for providing a public key for authentication, a private key for authentication corresponding to the public key for authentication, and an encryption key for encrypting the card information;
A key distribution server storing an authentication public key provided from at least one of the VAN servers;
Card reader module; And
Receiving a key encrypted with the distribution private key received from the card reader module, transmitting the arbitrary key and VAN code information encrypted with the distribution private key to the key distribution server, and transmitting the key corresponding to the transmitted VAN code information Receiving a public key for authentication of the VAN server encrypted with the arbitrary key from the key distribution server and transmitting the encrypted public key to the card reader module and transmitting an arbitrary key encrypted using the authentication public key of the VAN server to the VAN server And receives an encryption key for encrypting card information according to an encryption and decryption algorithm for VAN's card information corresponding to the VAN code information, and transmits the encrypted key to the card reader module And a cipher key including a POS terminal for receiving card information encrypted with the cipher key from the card reader module Distribution system. 11. The method of claim 10,
The card reader module and the key distribution server store a public key for distribution and a private key for distribution corresponding to each other,
Wherein the authentication public key of the VAN server is obtained using a public key for distribution stored in the card reader module. 11. The system according to claim 10, wherein the VAN server
A random key encrypted with a public key for authentication of the VAN server from the POS terminal, decrypting the received random key with a private key for authentication of the VAN server, encrypting the encryption key with the decrypted random key, To the POS terminal. 13. The method of claim 12,
Wherein the random key is generated in the card reader module. 11. The method of claim 10,
Wherein the encryption key for encrypting the card information is a symmetric encryption key. A cipher key distribution method performed by a POS terminal device connected to a card reader module,
Receiving an arbitrary key encrypted with a distribution private key received from the card reader module;
Transmitting the encrypted arbitrary key and VAN code information to a key distribution server;
Receiving from the key distribution server a public key for authentication of the VAN server corresponding to the transmitted VAN code information and encrypted with the arbitrary key;
Transmitting a public key for authentication of the VAN server encrypted with the arbitrary key received from the key distribution server to the card reader module;
Encrypts the card information according to the encryption and decryption algorithm for the card information of the VAN company, transmits the encrypted card information to the VAN server, encrypts the card information using the public key for authentication of the VAN server, Receiving an encryption key for encrypting the encryption key; And
And transmitting the encryption key encrypted with the arbitrary key received from the VAN server to the card reader module. 16. The method of claim 15, wherein receiving the encryption key further comprises:
Receiving a random key encrypted with a public key for authentication of the VAN server from the card reader module;
Transmitting the encrypted random key received from the card reader module to the VAN server; And
And receiving the encryption key encrypted with the random key from the VAN server. 16. The method of claim 15,
Wherein the encryption key received from the VAN server is a symmetric encryption key. A cipher key distribution method performed by a card reader module connected to a POS terminal device,
Forwarding any key encrypted with the distribution private key to the POS terminal device,
Receiving and decoding the public key for authentication of the VAN server encrypted with the arbitrary key, from the key distribution server through the POS terminal device, the code corresponding to the code information of the VAN to be used; Transmitting the decrypted key to the VAN server using the public key for authentication of the decrypted VAN server using the public key for authentication of the decrypted VAN server through the POS terminal device, Receiving an encryption key encrypted with an arbitrary key and encrypting card information according to an encryption and decryption algorithm for VAN's card information corresponding to the VAN code information; And
And storing the received encryption key. The method of claim 18, wherein the public key for authentication of the VAN server
And a public key for distribution stored in the card reader module. 19. The method of claim 18,
Generating a random key; And
Further comprising encrypting the generated random key with a public key for authentication of the VAN server and transmitting the encrypted random key to the VAN server through the POS terminal,
Wherein the encryption key received from the VAN server is encrypted with the random key. 19. The method of claim 18,
Wherein the encryption key received from the VAN server is a symmetric encryption key. delete
KR1020150067881A 2014-12-12 2015-05-15 Pos terminal, card reader, system and method for distributing encrypt key thereof KR101803786B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020140179729 2014-12-12
KR20140179729 2014-12-12

Related Child Applications (1)

Application Number Title Priority Date Filing Date
KR1020170136591A Division KR101849209B1 (en) 2017-10-20 2017-10-20 Pos terminal, card reader, system and method for distributing encrypt key thereof

Publications (2)

Publication Number Publication Date
KR20160071999A KR20160071999A (en) 2016-06-22
KR101803786B1 true KR101803786B1 (en) 2017-12-01

Family

ID=56365164

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150067881A KR101803786B1 (en) 2014-12-12 2015-05-15 Pos terminal, card reader, system and method for distributing encrypt key thereof

Country Status (1)

Country Link
KR (1) KR101803786B1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102036739B1 (en) * 2017-12-29 2019-10-25 한국정보통신주식회사 A server for precessing approvals of payments, a payment terminal apparatus and a method of operating it
KR102336324B1 (en) * 2020-01-03 2021-12-06 고한솔 System for providing internet of things based saving service using smart money box
CN113285950B (en) * 2021-05-21 2023-02-24 清创网御(合肥)科技有限公司 Encryption card-based key transmission and storage method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101449644B1 (en) * 2013-05-22 2014-10-15 한국정보통신주식회사 POS System and Method for Payment using Encrypted Card Information

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101449644B1 (en) * 2013-05-22 2014-10-15 한국정보통신주식회사 POS System and Method for Payment using Encrypted Card Information

Also Published As

Publication number Publication date
KR20160071999A (en) 2016-06-22

Similar Documents

Publication Publication Date Title
US11877213B2 (en) Methods and systems for asset obfuscation
EP2695148B1 (en) Payment system
EP3324322B1 (en) Secure mobile device transactions
KR20210061426A (en) Double-encrypted secret portion allowing assembly of the secret using a subset of the double-encrypted secret portion
WO2012136987A1 (en) Payment system for authorising a transaction between a user device and a terminal
KR101449644B1 (en) POS System and Method for Payment using Encrypted Card Information
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN105046489A (en) Mobile payment method, mobile payment device and mobile payment
CN101140610A (en) Contents decryption method using DRM card
KR101803786B1 (en) Pos terminal, card reader, system and method for distributing encrypt key thereof
KR101401675B1 (en) System and method for providing public key for encrypting card information
CN103973698A (en) User access right revoking method in cloud storage environment
KR20140137223A (en) System and Method for Payment using Encrypted Card Information
KR101517914B1 (en) Pos system and managing method for public key of the same
US9559840B2 (en) Low-bandwidth time-embargoed content disclosure
KR101849209B1 (en) Pos terminal, card reader, system and method for distributing encrypt key thereof
US20200160333A1 (en) System and method for the protection of consumer financial data utilizing dynamic content shredding
US9038194B2 (en) Client-side encryption in a distributed environment
JP4918133B2 (en) Data storage method, client device, data storage system, and program
US20160224979A1 (en) System and Method for Encryption of Financial Transactions Using One-Time Keys (Transaction Pad Encryption)
KR101837144B1 (en) Method of payment processing and payment processing system performing the same
JP7385025B2 (en) Execution of Entity-Specific Cryptographic Code in a Cryptographic Coprocessor
KR101957885B1 (en) Method of payment processing and security card reader device performing the same
US11652630B2 (en) Managing access to data
JP2008306685A (en) Security information setting system, master terminal thereof, general terminal, and program

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E90F Notification of reason for final refusal
E701 Decision to grant or registration of patent right
A107 Divisional application of patent
GRNT Written decision to grant