KR20080074844A - System for processing payment by using vpn to high-speed mobile internet lease - Google Patents

Abstract

A payment processing system using a VPN(Virtual Private Network) through the lease of an HPi(High-speed Portable Internet) network is provided to satisfy high-level end-to-end security through encoding and decoding between a member store's terminal and a VAN(Value-Added Network) provider's network. A payment processing system, which uses a VPN formed through the lease of an HPi network, comprises a payment terminal, the HPi network, a VPN server, and a payment processing server. The payment terminal creates payment-associated data and transmits one or more packets containing the created data to the HPi network. The HPi network transmits the packets, transmitted from the payment terminal, to the VPN server which is located in the VPN. The VPN server receives the packets, decodes the payment-associated data, and provides the decoded payment-associated data to the payment processing server. The payment processing server, linked with a payment approval server corresponding to the payment-associated data, executes an appointed payment processing procedure.

Description

System for Processing Payment by Using VPN to High-speed Mobile Internet Lease}

1 is a view showing a preferred system configuration according to the embodiment of the present invention.

2 is a diagram illustrating a subscriber profile information storing process for providing a high speed wireless internet based virtual payment communication network having a high speed wireless internet system as a network infrastructure according to an embodiment of the present invention.

3A and 3B are diagrams illustrating subscriber related information for a VPN generated and managed in a PAR 160 on a high speed wireless Internet according to an embodiment of the present invention.

4 is a view showing a preferred functional configuration for setting up a high-speed wireless Internet-based virtual payment communication network in the PAR 160 on the high-speed wireless Internet according to an embodiment of the present invention.

5 is a view showing a preferred process for implementing a high-speed wireless Internet-based virtual payment communication network in the network connection process of the VPN payment terminal 165 according to the embodiment of the present invention.

6 is a diagram illustrating a preferred embodiment of the high-speed wireless Internet-based virtual payment communication network corresponding to the VAN company network 100 according to the embodiment of the present invention.

7 is a diagram illustrating a preferred process of processing a traffic connection request of a VPN payment terminal 165 through a high-speed wireless Internet-based virtual payment communication network corresponding to a VAN company network 100 according to an embodiment of the present invention.

8A, 8B, and 8C illustrate a preferred functional configuration of a payment terminal 165 that automatically connects (or preferentially connects) to the VPN server 110 of a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention. Drawing.

9A, 9B, and 9C illustrate a preferred structure of a communication protocol stack of a payment terminal 165 connecting to a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention.

10 is a diagram showing a preferred structure of the wireless processing unit 880 of the payment terminal 165 according to the embodiment of the present invention.

11 is a view showing a preferred process for implementing a high-speed wireless Internet-based virtual payment communication network in the network access process of the VPN payment terminal 800 according to the embodiment of the present invention.

12 is a diagram illustrating a preferred process of processing a traffic connection request of a VPN payment terminal 800 through a high-speed wireless Internet-based virtual payment communication network corresponding to a VAN company network 100 according to an embodiment of the present invention.

13 is a view showing the functional configuration of the VAN company network 100 according to an embodiment of the present invention.

14 is a view showing a preferred operation method of the VPN payment terminal 800 for the electronic payment processing using a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention.

15A, 15B, and 15C illustrate a preferred operation method of the VAN company network 100 for electronic payment processing using a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention.

16A, 16B, 16C, and 16D are diagrams illustrating a symmetric key (secret key) based encryption / decryption procedure in a virtual payment network based payment process according to an embodiment of the present invention.

17A, 17B, 17C, and 17D illustrate public key-based encryption / decryption procedures in a virtual payment network-based payment process according to an embodiment of the present invention.

18A, 18B, 18C, and 18D illustrate an encryption / decryption procedure using an electronic bag in a virtual payment communication network-based payment process according to an embodiment of the present invention.

19A, 19B, 19C, 19D, 19E, 19F, and 19G illustrate an encryption / decryption procedure using digital signature and key exchange in a virtual payment network-based payment process according to an embodiment of the present invention. to be.

<Description of main parts of drawing>

100: VAN company network 105: VPN subscriber information D / B

110: VPN server 115: VAN server

120: security server 125: network operators network

130: DHCP 135: AAA

140: FA 145: DNS

150: HA 155: NMS

160: PAR 165: payment terminal

The present invention provides a payment processing system using a predetermined virtual private communication network formed by leasing a high-speed wireless Internet communication network, and after generating predetermined payment related data (or payment approval request specialized data), the payment related data (or payment approval). A payment terminal for transmitting at least one packet including request message data to the high-speed wireless Internet communication network, and at least one packet transmitted by the payment terminal to a virtual private network (VPN) server located in the virtual private communication network. After receiving the high-speed wireless Internet communication network and the at least one or more packets, restore the payment related data (or payment approval request specialized data), and restore the restored payment related data (or payment approval request specialized data). VPN server provided to the payment processing server and the payment related data (or payment To the request in conjunction with a payment authorization server corresponding to the specialized data) relating to the payment processing system using a virtual private network through a high-speed wireless Internet network rent comprising a payment processing server that performs predetermined settlement procedure.

Due to the rapid development of information and communication technology, certain payment means are provided in a media including an MS (Magnetic Stripe) card and / or an IC (Integrated Circuit) card and / or an IC chip mounted or detached from a predetermined wireless terminal. In the case of payment on and off-line, an electronic payment system for payment processing using a payment means provided in the medium has become popular.

 The electronic payment system is a user-owned medium having at least one valid payment means (e.g. MS card, IC card, IC chip, etc.), and recognizes the medium and reads the valid payment means information from the medium is predefined It comprises a merchant payment terminal for performing a payment processing procedure, a payment server for approving the payment processing for the payment means, and a payment network connecting the payment terminal and the payment server.

 The conventional payment network constituting the electronic payment system includes a value added network (VAN) that leases a wired backbone network and / or uses a high-cost leased line as a closed network. The payment network using the wired backbone network and / or the leased line may further include a circuit-switched mobile communication network and / or a packet-switched wireless data communication network, and the high-speed wireless Internet corresponding to the IEEE 802.16 series standard may also be included. It is expected to be included.

Referring to the IEEE 802.16 series standard, the high-speed wireless Internet system accesses the high-speed wireless Internet by using a privacy key manager (PKM) message in a medium access control (MAC) layer based on an X.509 certificate. Although the authority for the wireless terminal is verified and the verified wireless terminal can be initially connected to the high-speed wireless Internet system, the security system is only limited to the wireless section. As a result, the wired section of the high-speed wireless Internet has the characteristics of an open network that is directly connected to the conventional Internet (Internet), which includes a problem that violates the closure of the features of the payment network of the electronic payment system.

An object of the present invention, in the payment processing system using a predetermined virtual private communication network formed by leasing a high-speed wireless Internet communication network, after generating predetermined payment related data (or payment approval request specialized data), the payment related data ( Or a payment terminal for transmitting at least one packet including payment approval request specialized data to the high-speed wireless internet communication network, and a virtual private network (VPN) for placing at least one packet transmitted by the payment terminal in the virtual private communication network. A high-speed wireless Internet communication network transmitting to a server, and after receiving the at least one or more packets, restore the payment related data (or payment approval request specialized data), and restore the restored payment related data (or payment approval request full text). VPN server that provides data to the payment processing server and the payment related data (also It is a payment processing system in conjunction with payment authorization server corresponding to a payment authorization request specialized data) using a virtual private network through a high-speed wireless Internet network rent comprising a payment processing server that performs predetermined processing procedure to provide payment.

A payment processing system using a virtual private communication network through a lease of a high speed wireless internet communication network according to the present invention is a payment processing system using a predetermined virtual private communication network formed by leasing a high speed wireless internet communication network. A payment terminal for generating at least one packet including the payment related data (or payment approval request data) after generating the approval request specialized data, and at least one transmitted by the payment terminal; A high-speed wireless Internet communication network for transmitting the above packet to a virtual private network (VPN) server located in the virtual private network, and after receiving the at least one or more packets, the payment related data (or payment approval request specialized data) is received. Restore the payment data (or payment authorization) VPN payment server for providing the professional text data to the payment processing server and a payment processing server for performing a predetermined payment process in connection with the payment approval server corresponding to the payment related data (or payment approval request data). It is characterized by.

According to the present invention, the payment processing server, after receiving predetermined payment approval data corresponding to the payment related data (or payment approval request specialized data) from the payment approval server, the predetermined payment corresponding to the payment approval data Characterized in that the payment approval professional data provided to the VPN server, The VPN server, characterized in that for transmitting at least one or more packets containing the payment approval professional data to the high-speed wireless Internet communication network, The Internet communication network, characterized in that for transmitting at least one or more packets transmitted by the VPN server to the payment terminal, the payment terminal, after receiving the at least one or more packets, to restore the payment approval professional data, Outputting the payment approval data through a predetermined screen output device and / or printing device And that is characterized.

According to the present invention, the payment related data (or payment approval request specialized data) and / or payment approval specialized data are encrypted by a predetermined encryption algorithm.

The apparatus may further include a security server that decrypts the payment related data (or payment approval request specialized data) and encrypts the payment approval specialized data.

The apparatus may further include a security server for verifying the safety of the payment related data (or payment approval request specialized data) and / or payment approval specialized data.

According to the present invention, the VPN server and the payment processing server, characterized in that located in a value-added network (VAN).

According to the present invention, the VPN server, the security server and the payment processing server, characterized in that consisting of a single server or an independent server.

In addition, in a payment processing system using a predetermined virtual private communication network formed by leasing a high-speed wireless Internet communication network, after generating predetermined payment-related data (or payment approval request specialized data), and encrypts according to a predetermined encryption method, A payment terminal for transmitting at least one packet including the encrypted payment related data (or payment approval request specialized data) to the high speed wireless internet communication network, and at least one packet transmitted by the payment terminal to the virtual private communication network; A high-speed wireless Internet communication network transmitting to a VPN (Virtual Private Network) server located in the network, and receiving the at least one packet, restoring the encrypted payment related data (or payment approval request specialized data), and restoring the restored data. Settle billing-related data (or billing authorization request data) After decrypting in association with the server, at least one packet including the complexed payment related data (or payment approval request specialized data) or the complexed payment related data (or payment approval request specialized data) is processed for payment. And a payment processing server that performs a predetermined payment processing procedure in connection with a VPN server provided to a server and a payment approval server corresponding to the payment related data (or payment approval request specialized data).

According to the present invention, the payment processing server, after receiving predetermined payment approval data corresponding to the payment related data (or payment approval request specialized data) from the payment approval server, the predetermined payment corresponding to the payment approval data And providing at least one or more packets including payment approval specialized data or payment approval specialized data to the VPN server, wherein the VPN server encrypts the payment approval specialized data in association with the security server. And transmitting at least one packet including the encrypted payment approval specialized data to the high speed wireless internet communication network, wherein the high speed wireless internet communication network transmits the at least one packet transmitted by the VPN server. Characterized in that the transmission to the terminal, the payment terminal, the After receiving at least one packet, the encrypted payment approval professional data is restored, the encrypted payment approval professional data is decrypted, and then output through a predetermined screen output device and / or printing device .

According to the present invention, the security server, characterized in that further comprises the step of verifying the safety of the payment related data (or payment approval request specialized data) and / or payment approval specialized data.

According to the present invention, the VPN server, the security server and the payment processing server, characterized in that located in a value-added network (VAN).

According to the present invention, the VPN server, the security server and the payment processing server, characterized in that consisting of a single server or an independent server.

Further, a packet receiving means for receiving a predetermined payment related data (or payment approval request specialized data) packet transmitted from a payment terminal through a high-speed wireless internet communication network, and the payment related data (or payment approval request specialized data) is encrypted. The payment processing means for performing a predetermined payment processing procedure in connection with a payment approval server corresponding to the decrypted payment related data (or payment approval request specialized data). It features.

In addition, the payment processing means receives predetermined payment approval data corresponding to the payment related data (or payment approval request specialized data) from the payment approval server, and then predetermined payment approval specialized data corresponding to the payment approval data. And generating, when the security processing means encrypts the payment approval specialized data, the packet transmission means for transmitting the encrypted payment approval specialized data packet to the high speed wireless internet communication network. .

According to the present invention, each of the means is characterized in being located in a value-added network (VAN).

According to the invention, each said means is characterized in being located in a single server or in a plurality of servers.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be based on the contents throughout the present title.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a view showing a preferred system configuration according to the embodiment of the present invention.

More specifically, Figure 1 shows a payment terminal provided in a 2.3 GHz high-speed wireless Internet system based on HPi (High-speed Portable Internet) providing a wireless access technology including mobility of 60 km / h or more and a transmission speed of 1 Mbps. 165) A high-speed wireless Internet-based virtual payment network (VPN) using the high-speed wireless Internet system as a network infrastructure and using a VPN server 110 provided in the VAN company network 100 as a VAN access point. , Hereinafter referred to as a VPN.), When the payment terminal 165 connects to the high-speed wireless Internet, the payment terminal is provided in the VAN company network 100 through the virtual payment communication network. It is characterized in that the automatic connection (or prioritized connection) to the VPN server 110, and then at least one provided in the VAN company network 100 and / or the Internet at the payment terminal All traffic generated by the target server (or device) is directed to a system characterized in that the generation by the VPN server 110 to the gateway and / or a proxy server.

The high-speed wireless Internet system of the 2.3 GHz frequency band is a cellular network configuration using an Orthogonal Frequency Division Multiple Access (OFDMA) / Time Division Duplex (TDD) scheme and a network configuration of IP-based wireless data services. It can effectively adapt to the down-symmetric transmission characteristics, support handoff to ensure cell-to-cell mobility without interruption of service, dynamically or statically assign IP to handheld terminals, and more efficiently access system access by unauthorized users. It prevents authentication and guarantees quality of service against delay and packet loss for high speed transmission of various types of IP-based packet data such as streaming video, FTP, mail, chat, etc. It is made, including.

Referring to FIG. 1, the high-speed wireless Internet system includes at least one payment terminal 165 (eg, an access terminal (AT) or a portable subscriber station (PSS)) equipped with a function of processing a communication protocol stack defined in the high-speed wireless internet. ), A base station 165 (eg, an access point (AP) or a radio access station (RAS)), a packet access router (PAR 160), and at least one PAR 160 to connect. Characterized in that it consists of a carrier network, the operator network is also the HA 150 (Home Agent) for the mobility of IP to the payment terminal 165, and AAA 135 (for authentication and billing of the user) Authentication, Authorization and Accounting (Server), and a management server (Network Management System) and the FA (140) (Foreign Agent) for interworking with the external wireless network is made.

Referring to Figure 1 according to a preferred embodiment of the present invention, the high-speed wireless Internet system DHCP (130) (Dynamic Host Configuration Protocol) for allocating and registering a MIP to the payment terminal 165 accessing the high-speed wireless Internet It further comprises a server and DNS (145), it will be possible to further add at least one or more components according to the operator's intention and / or type of additional service.

The payment terminal 165 is an endpoint of a wireless channel in the high-speed wireless Internet system. The payment terminal 165 communicates with the base station 165 in an OFDMA manner, and transmits and receives a wireless channel, a MAC processing function, a handover function, a user authentication and encryption function, Performs radio link control management.

The base station 165 performs a wired / wireless channel conversion function to transfer information (or data) received from the payment terminal 165 to the PAR 160 or, conversely, various information (or data) received from the PAR 160. Converts the signals into OFDMA-based radio signals and delivers them to the payment terminal 165, and also provides packet retransmission for error-free packet transmission and reception, packet scheduling and radio bandwidth allocation for efficient operation of radio resources, and lanes. It performs connection control, handover control, and PAR 160 connection function related to a ranging function, packet call connection establishment, maintenance, and release.

The PAR 160 is connected to and manages a plurality of base stations 165 and performs a handover control function to ensure high mobility in the PAR 160. To this end, the base station 165 and the PAR 160 is connected based on the IP protocol, and is preferably configured based on a Gigabit Ethernet switch for high-speed packet transmission.

In addition, the high-speed wireless Internet system is Uh interface between the payment terminal 165 and the base station 165, Ah interface between the base station 165 and PAR 160, PAR 160 and PAR to provide high-speed wireless communication The Ph interface, the PAR 160, and the Ih interface, etc., are provided between the AAA 135 and the HA 150 of the operator network.

The Uh interface provided between the payment terminal 165 and the base station 165 conforms to HPi's physical layer (PHYsical) and media access control (MAC) standards, and the physical layer and MAC standards are LOS (Line Of Sight) is based on the 2.3GHz band having a non-guaranteed multipath channel environment, and provides mobility based on the wireless access standard of the IEEE 802.16 series.

According to an embodiment of the present invention, the physical layer standard of the Uh interface includes all items corresponding to OFDMA in the IEEE802.16 standard, and the changed parts of the IEEE 802.16 standard are OFDMA subcarriers for frame structure, uplink and downlink. Allocation method and channel encoding method. Additional additions include Transmit / Receive Transition Gap (TGT), Receive / Transmit Transition Gap (RTG), and RF parameters to accommodate a maximum radius of 1km. In addition, the MAC standard is optimized for the OFDMA PHY. The ranging and bandwidth request procedures are modified to fit the OFDMA PHY, and a handover function for mobility support is added. In addition, a sleep mode function for reducing power consumption of the terminal and a mechanism for checking a communication interruption state and recovering resources allocated in case of a disconnection have been added.

The Ah interface between the base station 165 and the PAR 160 uses an Access Network Application PAR (160) protocol (ANAP) that defines control messages for smooth communication between the base station 165 and the PAR 160. In addition, the Ph interface between the PAR 160 and the PAR 160 is a PPAP (PAR 160 -PAR 160 Application PAR 160) protocol defining control messages for smooth communication between the PAR 160. This is used.

The standard for the Ih interface between the PAR 160 and the AAA 135 is based on the IETF Diameter Base protocol, and also refers to the IETF Diameter MIP Application and the IETF Diameter Extensible Authentication Protocol (EAP). . In addition, the standard for the Ih interface between the PAR 160 and the HA 150 is based on MIP (Mobile IP) of IETF RFC 3344, MIP NAI (Network Access Identification) extension, MIP CHA (150) llenge / A response extension, an AAA 135 registration key extension, a MIP extension for the AAA 135 NAI, and a MIP extension for reverse tunneling are used.

According to an embodiment of the present invention, an integrated payment terminal 165 having a built-in OFDMA-based wireless access function in a predetermined card terminal to perform high-speed wireless Internet-based electronic payment processing, a predetermined card terminal and the OFDMA-based wireless access Modular payment terminal 165 that is connected to a wireless terminal having a function to perform high-speed wireless Internet-based electronic payment processing, and interlocked payment in which a predetermined card terminal and an OFDMA-based wireless terminal interoperate to perform electronic payment processing. It is preferable to include at least one terminal 165.

The payment terminal 165 automatically connects (or preferentially connects to) a predetermined value added network (VAN) company network through a high-speed wireless Internet system including at least one predetermined base station 165 and at least one PAR 160. The payment terminal 165 and the VAN company network 100 may be directly connected to the high-speed wireless Internet through a predetermined dedicated line, and / or may be connected to the high-speed wireless internet and the Internet. The present invention is not limited thereby.

Referring to Figure 1, the VAN company network 100 is characterized in that the payment terminal 165 comprises a virtual payment network (VPN) server for the first access through the high-speed wireless Internet, the VAN company A predetermined payment processing server that performs a unique function (e.g., a payment terminal 165 that performs the function of a high-speed wireless credit inquiry terminal for electronic payment processing and a card broker / bank); The predetermined security server 120 that performs the security procedure for the payment terminal 165 may be linked with the VPN server 110. The VPN server 110 and the payment processing server may be implemented in different servers interoperating with each other on the VAN company network 100 as shown in FIG. 1, and / or may be implemented in one server. In addition, the VPN server 110 and the security server 120 may also be implemented in different servers and / or implemented in one server as interworking on the VAN company network 100 as shown in FIG.

According to the embodiment of the present invention, the VAN company network 100 is connected to the VPN server 110 via the high-speed wireless Internet of the VNA company network (or at least one connection) at least one VPN payment terminal ( 165) and / or VPN subscriber information D / B 105 which stores subscriber information for VPN, thereby automatically connecting (or) to the VPN server 110 in the VAN company network 100. Priority connection) may be performed at least one payment terminal 165 and / or subscriber authentication process.

According to the exemplary embodiment of the present invention, the VAN company network 100 may further include at least one terminal management server and / or a community server interworking with the VPN server 110, and the VAN company network ( According to the intention of the VAN operator operating 100) at least one server may be provided in conjunction with the VPN server 110, whereby the present invention is not limited.

* The VPN server 110 for the at least one payment terminal 165 of the payment terminal 165 on the high-speed wireless Internet automatically connected (or preferentially connected) with the VAN company network 100, the VAN company network It is characterized in that it performs the function of the VAN company network 100 connection point for automatic connection (or priority connection) with the 100, thereby making a payment terminal for automatic connection (or priority connection) with the VAN company network 100 165 connects a communication channel with at least one connection target server through the VPN server 110, and transmits and receives at least one packet with the at least one connection target server through the VPN server 110. It is done. For example, the VPN server 110 may include at least one server (or device) provided in an external network other than the high-speed wireless Internet in terms of a payment terminal 165 that automatically connects to (or preferentially connects to) the VAN company network 100. It is desirable to perform the function of a proxy server to communicate with.

According to the present invention, the VPN server 110 for the at least one payment terminal 165 of the payment terminal 165 on the high-speed wireless Internet automatically connected (or preferentially connected) with the VAN company network 100 A high-speed wireless Internet-based virtual payment communication network using a high-speed wireless Internet system as a network infrastructure is implemented.

According to an exemplary embodiment of the present invention, the payment terminal 165 which automatically connects (or preferentially connects) the VAN company network 100 is a predetermined credit inquiry terminal for the high-speed wireless Internet, and the credit inquiry for the high-speed wireless Internet. When a traffic connection with a predetermined payment processing server provided in the VAN company network 100 is requested from the terminal, the VPN server 110 establishes a communication channel between the credit inquiry terminal for the high-speed wireless Internet and the payment processing server. It is preferable to connect. In addition, when predetermined payment processing related data (or payment approval request specialized data) is received from the credit inquiry terminal for the high-speed wireless Internet, the VPN server 110 performs the payment processing through the communication channel. It is preferable to relay related data (or payment approval request specialized data) to the payment processing server. In addition, when predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is transmitted from the payment processing server through the communication channel, the VPN server ( 110 preferably relays the payment processing result data (or payment approval specialized data) to the credit inquiry terminal for high-speed wireless Internet through which the payment processing related data (or payment approval request specialized data) is transmitted through the communication channel. Do.

According to another exemplary embodiment of the present invention, at least one or more servers (eg, terminals) provided in the VAN company network 100 from a payment terminal 165 that automatically connects (or preferentially connects to) the VAN company network 100. When a traffic connection with a management server and / or a community server is requested, the VPN server 110 connects a communication channel with at least one server provided in the payment terminal 165 and the VAN company network 100. It is desirable to. In addition, when a packet receiving at least one or more servers provided in the VAN company network 100 as a receiving side is received from the payment terminal 165, the VPN server 110 transmits the packet to the VAN through the communication channel. It is preferable to relay transmission to the server provided in the corporate network (100). In addition, when a packet receiving the payment terminal 165 connected to the communication channel is received from a server provided in the VAN company network 100, the VPN server 110 receives the packet through the communication channel. It is preferable to relay transmission to the payment terminal 165 to which the communication channel is connected.

According to another embodiment of the present invention, at least the externally provided on the Internet connected to the VAN company network 100 from the payment terminal 165 that automatically connects (or preferentially connects) with the VAN company network 100. When a traffic connection is requested with one or more servers (or devices) (e.g., a web server provided on the Internet and / or at least one or more devices (or servers) connected to the Internet, etc.), the VPN server 110 determines the payment. It is preferable to connect a communication channel with the terminal 165 and at least one server (or device) provided on the Internet. In addition, when a packet for receiving at least one server (or device) provided on the Internet from the payment terminal 165 is received, the VPN server 110 transmits the packet to the Internet through the communication channel. It is preferable to relay transmission to the server (or apparatus). In addition, when a packet receiving the payment terminal 165 connected to the communication channel is received from a server provided on the Internet, the VPN server 110 transmits the packet to the communication channel through the communication channel. It is preferable to relay transmission to the connected payment terminal 165.

When the payment terminal 165 that automatically connects (or preferentially connects) the VAN company network 100 to a predetermined high speed wireless Internet credit inquiry terminal, the payment processing server may select a predetermined value from the high speed wireless internet credit inquiry terminal. Receive payment processing related data (or payment approval request specialized data), read the payment processing related data (or payment approval request specialized data), and perform electronic payment corresponding to the payment processing related data (or payment approval request specialized data). Identify the card company and / or bank that processes the data, provide the payment processing related data (or payment approval request specialized data) to the confirmed card company server and / or bank server, and the card company server and / or the bank server. Payment processing result data (or payment approval text) corresponding to payment processing related data (or payment approval request data) Data) and a server performing a series of procedures for transmitting the payment processing result data (or payment approval data) to the credit inquiry terminal for the high-speed wireless Internet, wherein the server is provided in the VAN company network 100. It features.

According to an embodiment of the present invention, the payment processing server and the credit inquiry terminal for the high-speed wireless Internet equipped with the electronic payment processing function of the payment terminal 165 provided in the high-speed wireless Internet system through the VPN server 110 and It is preferable to be connected, and / or it is preferable to be connected with the card company server and / or the bank server through a predetermined leased line (eg, a closed network).

The security server 120 may include a payment terminal 165 for automatically connecting (or first connecting) the VAN company network 100 to the VAN company network 100, and at least one server provided in the VAN company network 100. And / or a server that satisfies the security requirements required between at least one server (or device) provided on the Internet interworking with the VAN company network 100, and is provided in the VAN company network 100. It is done.

According to an embodiment of the present invention, the security server 120 is at least one provided in the VAN company network 100 from the payment terminal 165 that automatically connects (or preferentially connects) with the VAN company network 100. Data received by the VPN server 110 with at least one server (or device) provided on the Internet interoperating with the above server and / or the VAN company network 100 is encrypted by a predetermined encryption method. If present, it is preferable to include a function for decrypting the encrypted data by a predetermined decryption method corresponding to the encryption method. In addition, the VAN company network 100 from at least one server provided in the VAN company network 100 and / or at least one server (or device) provided on the Internet in conjunction with the VAN company network 100 If the data transmitted to the payment terminal 165 that is automatically connected (or preferentially connected) is encrypted by a predetermined encryption method and then transmitted, the transmitted data is encrypted by the defined encryption method so that the VAN company network ( It is preferable to transmit to the payment terminal 165 that automatically connects (or prioritizes) with 100). According to the intention of the person skilled in the art and / or the implementation method of the security server 120, the security server 120 function as described above may be provided in the VPN server 110, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, the security server 120 is at least one or more servers provided in the VAN company network 100 and / or at least provided on the Internet in conjunction with the VAN company network 100 The data received by the VPN server 110 is infected with a virus using a payment terminal 165 which automatically connects (or preferentially connects) the VAN company network 100 with one or more servers (or devices). And / or verify that it contains malicious code, warn and / or cure if the data is infected with a virus, and / or warn and / or remove it if the data contains malicious code. It is preferable. In addition, the security server 120 is at least one or more provided in the VAN company network 100 from a payment terminal 165 that automatically connects (or preferentially connects) to the VAN company network 100 according to a predetermined security policy. The data received by the VPN server 110 is infected with a virus using at least one or more servers (or devices) provided on the Internet interoperating with a server and / or the VAN company network 100, and / or Or verify that it contains malicious code, warn and / or clean if the data is infected with a virus, and / or warn and / or remove it if the data contains malicious code. Do. According to the intention of the person skilled in the art and / or the implementation method of the security server 120, the security server 120 function as described above may be provided in the VPN server 110, and thus the present invention is not limited thereto.

According to another exemplary embodiment of the present invention, the security server 120 has a payment terminal 165 that automatically connects (or preferentially connects) with the VAN company network 100 on the high-speed wireless Internet system. In case of automatically connecting (or prioritizing) a communication path for traffic connection, the authority for the payment terminal 165 in association with the VPN subscriber information D / B 105 provided in the VAN company network 100 It is preferable to perform authentication and / or subscriber authentication for the user of the payment terminal 165, and according to the intention of the person skilled in the art and / or the implementation method of the security server 120, the function of the security server 120 is The VPN server 110 may be provided, and the present invention is not limited thereto.

Hereinafter, the high-speed wireless Internet system between the payment terminal 165 on the high-speed wireless Internet that automatically connects to (or preferentially connects to) the VAN company network 100 and the VAN company network 100 including the VPN server 110. The process to be performed between the VAN company and the network provider providing the high-speed wireless Internet system to implement a high-speed wireless Internet-based virtual payment communication network having a network infrastructure.

2 is a diagram illustrating a subscriber profile information storing process for providing a high speed wireless internet based virtual payment communication network having a high speed wireless internet system as a network infrastructure according to an embodiment of the present invention.

In more detail, FIG. 2 shows a connection between the VAN company network 100 having the VPN server 110 and a payment terminal 165 on the high-speed wireless Internet that automatically connects to (or preferentially connects to) the VAN company network 100. The present invention relates to a preferred embodiment of a process of storing subscriber profile information for a VPN in the high speed wireless internet system to implement a high speed wireless internet based virtual payment communication network having the high speed wireless internet system as a network infrastructure. Those skilled in the art, with reference to FIG. 2, various embodiments of storing subscriber profile information for a VPN in the high-speed wireless Internet system without departing from the essential technical features of the present invention. It will be inferred that the present invention is not limited thereby.

Referring to FIG. 2, the payment terminal 165 on the high-speed wireless Internet that automatically connects to (or preferentially connects to) the VAN company network 100 and the VAN company network 100 having the VPN server 110. In order to implement a high-speed wireless Internet-based virtual payment communication network having a high-speed wireless Internet system as a network infrastructure, the network operator providing the high-speed wireless Internet system with the VAN company has a high-speed wireless Internet-based network as the network infrastructure. A business partnership for supplying and / or using a virtual payment network is concluded (200).

According to an embodiment of the present invention, the business cooperation contents are automatically connected (or preferentially connected) with the VAN company network 100 to be implemented in the payment terminal 165 constituting a high-speed wireless Internet-based virtual payment communication network. Component and at least one functional component for supplying a VPN to be provided to at least one or more network components provided in the high-speed wireless Internet system in order to provide a high-speed wireless Internet-based virtual payment communication network to the payment terminal 165. It is preferred to be defined.

In addition, the business cooperation content is preferably defined security requirements to be provided to a high-speed wireless Internet-based virtual payment communication network having the high-speed wireless Internet system as a network infrastructure.

In particular, since the basic business area of the VAN company network 100 corresponds to the electronic payment processing, the security requirements to be provided to the high-speed wireless Internet-based virtual payment communication network having the high-speed wireless Internet system as a network infrastructure must be high. do.

To this end, the VAN company for the high-speed wireless Internet-based virtual payment communication network having the high-speed wireless Internet system as a network infrastructure end-to-end (for example, the automatic connection (or preferential connection) with the VAN company network 100) ( 165) between the VPN server 110 (or the security server 120) to realize an encryption / decryption function, and the network operator automatically connects (or prioritizes) the connection with the VAN company network 100. It is preferable to realize a function of preventing an external intrusion into the communication path connecting the terminal 165 and the VPN server 110 (or the security server 120) provided in the network on the VAN.

When a business alliance for supplying and / or using a high-speed wireless Internet-based virtual payment communication network having the high-speed wireless internet system as a network infrastructure is concluded, the network operator provides the service to a network component constituting the high-speed wireless internet system. A function configuration for VPN supply corresponding to the contents of the cooperation is implemented (205).

If a business alliance is concluded between the VAN company and the network operator as described above, and a VPN supply function configuration corresponding to the business alliance is implemented in the high-speed wireless Internet system, the VAN company uses a predetermined VPN for a predetermined VPN. In operation 210, predetermined VPN subscriber information corresponding to the contents of the business cooperation with the network operator is obtained from the subscriber.

According to an embodiment of the present invention, the VPN subscriber may be a merchant using a credit inquiry terminal for high-speed wireless Internet equipped with a predetermined electronic payment processing function through the VAN company, wherein the subscriber information for the VPN is the It is preferable to include affiliated store information.

According to another exemplary embodiment of the present invention, the VPN subscriber may be at least one individual subscriber who wants to be provided with a high-speed wireless Internet service requiring high security through the VAN company network 100. Subscriber information for the VPN is preferably made to include the personal information for the individual subscriber.

When the subscriber information is obtained as described above, the VAN company stores the obtained subscriber information in the subscriber subscriber information D / B for the VPN (215), and the VPN subscriber for the VPN corresponding to the business alliance with the network operator. The payment terminal 165 is provided (or rented) or sold.

According to the present invention, the VPN payment terminal 165 automatically connects the communication path for the traffic connection with the VAN company network 100 in which the traffic connection is connected to the high-speed wireless Internet system when a predetermined traffic connection request is made. It is characterized in that it comprises a functional configuration to (or preferentially connect).

In addition, the VAN company is a predetermined VPN subscriber profile including the subscriber registration information for the VPN and the payment terminal 165 registration information provided (or rented) or sold to the VPN subscriber in response to the business alliance with the network operator. Information is generated (225), and provides the subscriber profile information for the VPN to the network operator (230).

According to an embodiment of the present invention, the subscriber profile information for the VPN includes the VPN server 110 address information provided in the VAN company network 100 of the high-speed wireless Internet-based virtual payment communication network, and the payment terminal 165 is a VPN. Preferably, the server 110 further includes VPN connection information including communication port information for connecting to the server 110.

* The network operator receiving the VPN subscriber profile information from the VAN company associates the VPN subscriber profile information with the VAN company information to store a predetermined subscriber profile information storage medium 235 (eg, high-speed wireless Internet). Storage medium for storing the subscriber profile information provided in the AAA 135 server).

According to another exemplary embodiment of the present invention, the network operator determines whether the payment terminal 165 is a payment terminal 165 that automatically connects (or preferentially connects) the VAN company network 100 with only the subscriber profile information for the VPN. If possible, the network operator may store only the subscriber profile information for the VPN in the storage medium for storing the subscriber profile information.

After the subscriber profile information for the VPN is stored as described above, the network service provider provides a high speed wireless network access service to the payment terminal 165 for VPN through the high speed wireless Internet system (240).

Hereinafter, the subscriber profile information managed by the PAR 160 among the network components provided in the high-speed wireless Internet, based on the high-speed wireless Internet network configuration and the VAN company network 100 configuration shown in FIG. By controlling the service flow information, a preferred embodiment for implementing a high-speed wireless Internet-based virtual payment communication network having the high-speed wireless Internet system as a network infrastructure will be described.

However, the technical features of the virtual payment communication network is not limited to this embodiment, and those skilled in the art to which the present invention pertains, the core technical features of the present invention through the drawings and descriptions shown below It is possible to easily infer various implementation methods for configuring a virtual payment communication network by changing at least one or more components included in the high-speed wireless Internet system without violating characteristics, and thus, the present invention is not limited thereto. It is obvious.

3A and 3B are diagrams illustrating subscriber related information for a VPN generated and managed in a PAR 160 on a high-speed wireless Internet according to an embodiment of the present invention.

3A and 3B illustrate a VAN company network 100 including a payment terminal 165 and a VPN server 110 on a high-speed wireless Internet that is automatically connected (or first connected) to the VAN company network 100. The preferred embodiment of the preferred subscriber related information stored and managed in the PAR 160 to implement a high-speed wireless Internet-based virtual payment communication network having the high-speed wireless Internet system as a network infrastructure.

In general, the subscriber related information includes predetermined subscriber profile information and at least one service flow information. When the payment terminal 165 accesses the high-speed wireless Internet, a storage medium for storing predetermined subscriber profile information (generally, It is provided in the AAA (135) server on the high-speed wireless Internet, it is obtained from the "AAA (135) server" for convenience), the service flow information when the service request through the high-speed wireless Internet in the payment terminal 165 It is generated by the PAR 160.

The subscriber profile item includes a context ID which is a unique identifier between the base station 165 and the PAR 160, IP address information indicating an internet address of the payment terminal 165, and hardware recognition of the payment terminal 165. A Message Authentication Code (MAC) address, which is an address, the number of flows serviced by the payment terminal 165, the current service status of the payment terminal 165, and the service level provided to the payment terminal 165. The number, service class name, subscriber name, address type serviced by the payment terminal 165, and a cell ID of a place where the payment terminal 165 is preferably included are included.

In addition, the service flow information is information required to provide at least one or more services to a predetermined payment terminal 165, wherein the service flow item is a context ID, a service that is a unique identifier between the base station 165 and the PAR 160. It is desirable to include a flow ID, service class name, quality of service (QoS) type, maximum sustained traffic rate, maximum traffic burst, minimum reserved traffic rate, flow schedule type, and allowable jitter that uniquely distinguish the flow.

In general, the subscriber profile information may be obtained after authentication of a subscriber (or payment terminal 165) accessing the high speed wireless Internet from the AAA 135 server when the payment terminal 165 accesses the high speed wireless Internet. It is preferably provided to the PAR 160 from the AAA 135 server, and then managed by the PAR 160 until the service for the subscriber (or payment terminal 165) is released. In addition, when a predetermined service request is made by the payment terminal 165 through the high-speed wireless internet, the PAR 160 is generated based on the service request information, session information and / or connection information, and when a new service is requested. It is generated and managed for each time, and thereby it is possible to provide at least one or more services to the payment terminal 165. When the service for the subscriber (or payment terminal 165) is released and the subscriber profile information is deleted in the PAR 160, the service flow information associated with the subscriber profile information is also deleted.

Referring to Figure 3a, the subscriber profile information for VPN is fixed in the subscriber profile information defined in the high-speed wireless Internet as described above, the number of the service flow is fixed to one and / or the service name class is the VAN company network 100 The VPN server 110 and the communication path provided in the) is characterized in that it is set to automatically connect (or prior connection).

In the implementation method as shown in FIG. 3A, an initial access process and basic capability capability negotiation performed by a predetermined VPN payment terminal 165 (eg, an initial access process performed in a network access process of the payment terminal 165). ), And a payment terminal 165 identified as a payment terminal 165 that is automatically connected (or preferentially connected) with the VAN company network 100 in an authentication process and a registration process for a user or a wireless terminal. When a traffic connection request is made, the PAR 160 determines whether any traffic connection request is required in the VPN payment terminal 165 based on the VPN profile information, and establishes a communication path for the corresponding traffic connection in the VAN company network 100. Only one service flow information for forcibly connecting to the VPN server 110 provided in the) is characterized in that, after the traffic connection request required by the VPN payment terminal 165 is the VAN Processing in the VPN server 110 provided in the corporate network (100).

Referring to FIG. 3B, the subscriber profile information for the VPN is to generate the number of the service flows as required by the VPN payment terminal 165 in the subscriber profile information defined in the high-speed wireless Internet as described above. After connecting the traffic connection request required by the payment terminal 165 for VPN with the VPN server 110 provided in the VAN company network 100 automatically (or first), and then to the VPN server 110. It further comprises a VPN connection information to be controlled and managed by.

In the implementation method as shown in FIG. 3B, when a traffic connection request is made at a predetermined VPN payment terminal 165, the PAR 160 is requested by the VPN payment terminal 165 based on the VPN profile information. Service flow information for changing the traffic connection request to be made through the VPN server 110 provided in the VAN company network 100, characterized in that the registration, and then the traffic required by the VPN payment terminal 165 The connection request is processed by the VPN server 110 provided in the VAN company network 100.

Those skilled in the art to which the present invention pertains, with reference to the embodiment shown in Figures 3a and 3b, when requesting a traffic connection in a predetermined VPN payment terminal 165, to the network operator As described above, the traffic request of the VPN payment terminal 165 to the at least one network component (eg, AAA 135 server, HA 150 server, etc. other than the PAR 160) is applied to the VAN company network 100. After the VPN server 110 and the communication path are automatically connected (or prioritized) provided in the), various embodiments for processing can be easily inferred, and the present invention is not limited thereto. For example, in the implementation method as shown in FIG. 3B, VPN connection information additionally included in the subscriber profile information may be stored in a storage medium provided in the AAA 135 server.

4 is a view showing a preferred functional configuration for setting up a high-speed wireless Internet-based virtual payment communication network in the PAR 160 on the high-speed wireless Internet according to an embodiment of the present invention.

In more detail, FIG. 4 illustrates at least one payment terminal 165 connected to the high-speed wireless Internet based on subscriber profile information for VPN shown in FIGS. 3A and / or 3B in the PAR 160 on the high-speed wireless Internet. Implementing a virtual payment communication network for automatically connecting (or prioritizing) a communication path for traffic connection between the VPN payment terminal 165 of the VPN and the VPN server 110 provided in the VAN company network 100 It's about how.

4, between the VPN payment terminal 165 and the VPN server 110 provided in the VAN company network 100 based on the subscriber profile information for the VPN in the PAR 160 on the high-speed wireless Internet. The functional configuration for implementing the virtual payment communication network so that the communication path for the traffic connection is automatically connected (or preferentially connected) receives the predetermined traffic connection request information requested from the predetermined payment terminal 165 from the predetermined base station 165. The traffic connection request receiver 405 and the traffic connection request information are read, and the communication request is communicated with the VPN server 110 provided in the VAN company network 100 in association with the VPN subscriber profile information. Determination unit 415 for determining whether to process through a virtual payment communication network that is automatically connected (or preferentially connected) or according to a conventional procedure provided in a high-speed wireless Internet system. In response to the determination result, when the traffic connection request is processed through the virtual payment communication network to which the communication path is automatically connected (or prioritized) to the VPN server 110 provided in the VAN company network 100, the payment terminal 165 Traffic connection for automatically processing (or prioritizing) a communication path for processing the traffic connection request between the VPN and the VPN, and providing the traffic connection request to the VPN server 110 through the communication path for processing. It is implemented through the traffic connection means having a request processing unit 410.

According to an embodiment of the present invention, the traffic connecting means is provided in the form of at least one device (or server) interworking with the PAR 160, and / or is recorded on a recording medium provided in the PAR 160. It is possible to provide all of them by the program, by which the present invention is not limited.

Hereinafter, the VPN payment terminal 165 interoperates with the network components on the high-speed wireless Internet as described above, and the high-speed wireless internet-based virtual network uses the high-speed wireless internet system as a network infrastructure between the VAN company networks 100. An operation process for implementing a payment communication network will be described with reference to a preferred embodiment. However, an operation process for implementing the virtual payment communication network is not limited to the following embodiments, and those skilled in the art to which the present invention pertains are provided in the high-speed wireless Internet system according to the intention of those skilled in the art. Various implementation methods for implementing the virtual payment communication network may be easily inferred according to various implementation methods of a functional component, thereby clearly indicating that the present invention is not limited.

5 is a view showing a preferred process for implementing a high-speed wireless Internet-based virtual payment communication network in the network connection process of the VPN payment terminal 165 according to the embodiment of the present invention.

In more detail, in FIG. 5, at least one or more network components provided on the high-speed wireless Internet are included in the process of accessing the high-speed wireless internet by the payment terminal 165 having a function of wirelessly connecting to a predetermined high-speed wireless internet. When a predetermined traffic connection request is made from the payment terminal 165 by interworking with each other, the payment terminal 165 is automatically connected (or preferentially connected) with the VPN server 110 provided in the VAN company network 100. If it is confirmed that the payment terminal 165, and the payment terminal 165 for the VPN, the VPN payment terminal 165 for automatic connection with the VPN server 110 provided in the VAN company network 100 ( Or preferred connection).

Referring to FIG. 5, when a predetermined power is supplied to a payment terminal 165 having a function of wirelessly accessing a predetermined high-speed wireless Internet and the system is booted, the payment terminal 165 is a downlink of the base station 165. After synchronizing with the downlink through channel search and acquiring channel control parameters for the uplink, synchronizing the uplink through initial ranging and informing the base station 165 of information of the payment terminal 165. An initial access procedure is performed (500).

When the initial access process is performed, a Basic Capability Negotiation is performed between the payment terminal 165 and the base station 165 of the high-speed wireless Internet to determine basic capability. When negotiated, the base station 165 extends the radio access connection between the payment terminal 165 and the base station 165 to a wired section and passes the PAR 160 from the AAA 135 server to the payment terminal 165 and / Or perform an authentication process for verifying the subscriber's authentication and service authority (505).

According to an embodiment of the present invention, the authentication process may be performed by the AAA 135 on the high-speed wireless Internet by sending a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) in the PAR 160. When provided to the server, the AAA 135 server receiving the request determines whether the user is a legitimate subscriber and transmits a Diametric EAP Answer (DEA) / TLS (Transport Layer Security) start message to the PAR 160. Thereafter, the PAR 160 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA 135 server, and the AAA 135 server responds to the PAR 160. Send DEA / Server-Hello. Next, the PAR 160 and the AAA 135 server provide a DER / TLS certificate from the PAR 160 to the AAA 135 server for mutual certificate exchange, and the AAA 135 server provides the PAR. Recall that the use of the new encryption algorithm and the handshaking (HA (150) nd-sHA (150) king) procedure is completed by sending a DEA / TLS cHA (150) nge cipher spec, TLS finished message to (160). Deliver to PAR 160. The PAR 160 transmits a DER / Ack to the AAA 135 server and receives a DEA / Success from the AAA 135 server, thereby completing a subscriber authentication process by completing a certificate exchange between them.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 165 is performed, network components managing the MIP for the payment terminal 165 interoperate with each other to determine the payment terminal 165. The process of assigning and registering an IP address is performed (510).

According to an embodiment of the present invention, a method of allocating and registering a MIP address to the payment terminal 165 may include: performing authentication on the payment terminal 165 on the high-speed wireless Internet, and then performing the authentication on the AAA 135 server. Receives a MIP registration request message from the payment terminal 165 that performed the subscriber authentication, performs a MIP subscriber authentication with respect to the payment terminal 165, and then sends a dynamic HA 150 request message to the HA 150. Send it. Accordingly, the HA 150 transmits an address assignment request message for allocating a dynamic IP address to the payment terminal 165 in the AAA 135 server (for example, the AAA 135 server). Omitting)), the address assignment request message preferably includes the domain name of the MIP subscriber and the PAR 160 address to which the payment terminal 165 is connected.

In addition, the AAA (135) server is interlocked with a predetermined DHCP (130) server to process the address assignment request message received from the HA (150), the payment terminal 165 from the DHCP (130) server Dynamic IP addresses belonging to the subnet of the accessed PAR 160 area are allocated. Thereafter, the AAA 135 registers the newly allocated dynamic IP address and the domain name of the MIP service subscriber to the DNS 145 server on the high-speed wireless Internet. When the dynamic IP address allocation and the dynamic DNS 145 update for the payment terminal 165 are successfully performed, the AAA 135 server transmits an address assignment response message to the HA 150, and thus the HA 150 generates binding information for the payment terminal 165. Thereafter, the HA 150 transmits the dynamic HA 150 response message back to the AAA 135 server, and the AAA 135 server pays the received MIP registration response message through the PAR 160. The terminal 165 transmits to the terminal 165, whereby the payment terminal 165 can receive a MIP service through the high-speed wireless Internet.

According to another exemplary embodiment of the present invention, the payment terminal 165 and the high-speed wireless Internet network interoperate with each other to encrypt traffic for maintaining security for traffic connection between the payment terminal 165 and the base station 165. The key generation and distribution process can be further performed (not shown).

When the initial access process, the basic capability negotiation process, the authentication process for the user or payment terminal 165, and the MIP registration process as described above (and / or while the processes are performed), the PAR on the high-speed wireless Internet The 160 (or AAA 135 server) reads the subscriber profile information so that the payment terminal 165 automatically connects a predetermined communication path with the VPN server 110 provided in the VAN company network 100. Check whether or not performing the function of the payment terminal 165 for VPN (or priority connection) (515). For example, if the payment terminal 165 is a VPN payment terminal 165, when the traffic connection request from the payment terminal 165, the traffic connection request to the payment terminal 165 and the VAN company network 100 The predetermined communication path between the predetermined VPN server 110 should be processed after the automatic connection (or first connection).

According to an embodiment of the present invention, the VPN payment terminal 165 confirmation process is related to the payment terminal 165 information (eg, payment terminal 165) included in the subscriber profile information stored in the AAA (135) server The payment terminal 165 is automatically connected (or preferentially connected) with the VAN company network 100 through the process of reading the corresponding payment terminal 165 function through the information). 165) and the VPN payment terminal 165 implementing the high-speed wireless Internet-based virtual payment communication network between the VAN company network 100 is preferable.

According to another exemplary embodiment of the present invention, the payment terminal 165 confirmation process for the VPN is connected to the VAN company information of the subscriber profile information stored in the AAA 135 server through the payment terminal 165 ) Is a VPN payment terminal 165 that automatically connects (or prioritizes) the VAN company network 100 to implement a high-speed wireless Internet-based virtual payment communication network between the payment terminal 165 and the VAN company network 100. It is desirable to confirm.

According to another exemplary embodiment of the present invention, the checking process for the payment terminal 165 for VPN may be performed based on the subscriber profile information obtained by the PAR 160 and / or the subscriber profile information stored in the AAA 135 server. Through the process of checking whether the VPN connection information as shown in Figure 3b is included, the payment terminal 165 is automatically connected (or preferentially connected) with the VAN company network 100 so that the payment terminal 165 and the VAN company network ( It is preferable to check whether the VPN payment terminal 165 that implements the high-speed wireless Internet-based virtual payment communication network between 100).

If the payment terminal 165 does not perform the function of the payment terminal 165 for the VPN (520), the PAR 160 (or AAA 135 server) on the high-speed wireless Internet communication of the payment terminal 165 The path is set to prevent connection to the VPN server 110 provided in the VAN company network 100 (545).

On the other hand, if the payment terminal 165 performs the VPN payment terminal 165 function (520), the PAR 160 (or AAA 135 server) on the high-speed wireless Internet is provided in the VAN company network 100 The VPN server 110 (or the security server 120) provides the payment terminal 165 registration information that performs the VPN payment terminal 165 function, and requests authentication thereof (525).

The VPN server 110 (or the security server 120) provided in the VAN company network 100 receives the subscriber information D / V for VPN provided in the VAN company network 100 through the payment terminal 165 registration information. By searching for B, it is checked whether the payment terminal 165 corresponds to the VPN payment terminal 165 (530).

If the validity of the VPN payment terminal 165 for the payment terminal 165 registration information is not authenticated (535), the VPN server 110 (or security server 120) is the PAR (160) on the high-speed wireless Internet (Or AAA 135 server) generates and transmits a result of a validation terminal 165 validity authentication error for the VPN (540), and the PAR 160 (or AAA 135 server) on the high-speed wireless Internet The communication path of the payment terminal 165 is set not to be connected to the VPN server 110 provided in the VAN company network 100 (545).

On the other hand, if the validity of the payment terminal 165 for VPN to the payment terminal 165 registration information is authenticated (535), the VPN server 110 (or secure server 120) is the PAR 160 on the high-speed wireless Internet (Or an AAA 135 server) generates and transmits a validity approval result of a predetermined payment terminal 165 for the VPN (550), and the PAR 160 (or AAA 135 server) on the high-speed wireless Internet is the VPN. When a traffic connection request is made from the payment terminal 165 for payment, the communication path between the predetermined VPN server 110 provided in the VAN company network 100 and the VPN payment terminal 165 is automatically connected. The virtual payment communication network including a communication path connected between the VPN payment terminal 165 and the VPN server 110 is set to be processed (or first connected) and then processed (555).

6 is a diagram illustrating a preferred embodiment of the high-speed wireless Internet-based virtual payment communication network corresponding to the VAN company network 100 according to the embodiment of the present invention.

In more detail, FIG. 6 illustrates a connection between a VPN payment terminal 165 and a VAN company network 100 among payment terminals 165 equipped with a function of wirelessly accessing the high-speed wireless Internet through the same procedure as in FIG. 5. The preferred high-speed wireless Internet-based virtual payment network is implemented, and the VPN payment terminal 165 of the payment terminal 165 having a function of wireless access to the high-speed wireless Internet for the understanding of those skilled in the art is shown in a square. The virtual payment communication network between the VPN payment terminal 165 for VPN and the VPN server 110 provided in the VAN company network 100 is illustrated by a thick solid line, and the high-speed wireless Internet provided by the network operator is represented by a thin solid line. Shown.

Referring to Figure 6 according to a preferred embodiment of the present invention, a VPN payment terminal 165 connected to a high-speed wireless Internet-based virtual payment communication network provided by the VAN company and a high-speed wireless Internet network provider is provided with an electronic payment processing function. It is not limited to the provided credit inquiry terminal for the high-speed wireless Internet, and includes at least one or more wireless terminals to receive a high-speed wireless Internet service using the high security provided in the virtual payment communication network according to the intention of the VAN company. The present invention is not limited thereto.

7 is a diagram illustrating a preferred process of processing a traffic connection request of a VPN payment terminal 165 through a high-speed wireless Internet-based virtual payment communication network corresponding to a VAN company network 100 according to an embodiment of the present invention.

In more detail, in FIG. 7, when a predetermined payment terminal 165 having a function of wirelessly accessing the high-speed wireless Internet requests traffic connection to the high-speed wireless internet, at least one or more network components provided in the high-speed wireless internet are shown. Interoperate with each other to determine whether the payment terminal 165 is a VPN payment terminal 165 connected to a high-speed wireless Internet-based virtual payment communication network corresponding to the VAN company network 100, and according to the verification result, the payment terminal A preferred implementation method of handling the traffic connection request of 165. Specifically, FIG. 7 relates to an implementation method of processing the traffic connection request in the PAR 160 having the same functional configuration as that of FIG. 4. A network component other than the PAR 160 processes the traffic connection request according to a function of a network component provided in the high speed wireless internet for a high speed wireless internet based virtual payment communication network corresponding to the VAN company network 100. Various implementation methods that can be easily inferred, whereby the present invention is not limited.

Referring to FIG. 7, a predetermined payment terminal 165 having a function of wirelessly accessing the high-speed wireless Internet may be connected to the base station through a communication protocol stack structure defined between the payment terminal 165 and the base station 165. In operation 165, a traffic connection for at least one connection target server (or device) is requested (700).

According to the exemplary embodiment of the present invention, the payment terminal 165 for the traffic connection request includes a predetermined traffic connection request including the connection target server (or device) address information and / or registration information of the payment terminal 165. It is preferable to transmit information to the base station 165.

When the traffic connection request is received from the payment terminal 165 to the base station 165 on the high-speed wireless Internet, the base station 165 includes the registration information of the payment terminal 165 in the CREG_req message to display the PAR ( 160, and the PAR 160 searches for the subscriber profile based on the payment terminal 165 registration information included in the received CREG_req message, and determines whether to accept the subscriber profile. Is included in the CREG_rsp message to perform an authentication procedure for transmission to the base station 165 (705).

If the CREG_rsp message received from the PAR 160 to the base station 165 is set to be rejected for the subscriber profile (710), the base station 165 requests the traffic requested by the payment terminal 165. Reject and terminate the connection request.

On the other hand, if the CREG_rsp message received from the PAR 160 to the base station 165 is set to be accepted for the subscriber profile (710), the base station 165 is the traffic requested by the payment terminal 165 A service flow information for determining whether to accept the request through a call admission control mechanism by transmitting a connection establishment request to the PAR 160 in a predetermined DSA_req message and receiving the DSA_req message. By authenticating, the traffic connection request is authenticated (715). In this case, the PAR 160 negotiates a quality of service (QoS) value and / or a service level that can be provided in response to the requested new traffic, and then DSA_rsp determines whether to accept the negotiation values and the traffic connection establishment request. Included in the message and transmitted to the base station 165.

If the traffic connection configuration is set to be accepted in the DSA_rsp message received from the PAR 160 to the base station 165 (720), the base station 165 and the PAR 160 on the high-speed wireless Internet interoperate with each other. The payment terminal 165 requesting the traffic connection is connected to a high-speed wireless Internet-based virtual payment communication network corresponding to the VAN company network 100 (for example, a VPN server provided in the VAN company network 100 for traffic connection). Check whether the terminal 110 performs a function of automatically connecting (or first connecting) the payment terminal for VPN 165 (725).

According to an embodiment of the present invention, in the VPN payment terminal 165 confirmation process, the number of service flows of subscriber profile information stored and managed in the PAR 160 is fixed to one as shown in FIG. The flow information includes a process of checking whether a predetermined communication path is set to be automatically connected (or preferentially connected) to the VPN server 110 provided in the VAN company network 100 through the procedure of FIG. 5. desirable.

According to another exemplary embodiment of the present invention, the verification process for the VPN payment terminal 165 checks whether the predetermined VPN connection information includes subscriber profile information stored and managed in the PAR 160 as shown in FIG. 3B. It is preferable to include the process.

If the check result that the payment terminal 165 does not perform the VPN payment terminal 165 function (730), the base station 165 is the PAR (160) in the traffic connection configuration information (for example, the base station 165) ) Transmits a DSA_ack message including information corresponding to the traffic connection establishment request included in the DSA_req) to the PAR 160, and the PAR 160 reads the DSA_ack message to read the service flow information. Change to the traffic connection setting or register new service flow information including the traffic connection setting (735). After the change or new registration for the service flow information is performed as described above, the PAR 160 on the high-speed wireless Internet determines that the connection target server (or device) and the payment terminal 165 are based on the service flow information. The communication channel is connected (740), and the payment terminal 165 can transmit and receive predetermined information or data with at least one server (or device) according to a procedure provided in the high-speed wireless Internet through the communication channel. Will be.

On the contrary, if the check terminal 165 performs the VPN payment terminal 165 function (730), the base station 165 and the PAR 160 interoperate with the traffic requested from the payment terminal 165. The connection request is forcibly set to the VPN server 110 provided in the VAN company network 100 (745), and is predetermined between the VPN payment terminal 165 and the VPN server 110 on the VAN company network 100. Connect the communication path for the VPN as shown in Figure 6 of the (750).

According to an embodiment of the present invention, the process of connecting a communication path for VPN between the VPN payment terminal 165 and the VPN server 110 on the VAN company network 100 is provided in the PAR 160. When the service flow information is fixed as one as shown in FIG. 3A, a communication channel connection for a VPN is established between the PAR 160 (or the AAA 135 server) and the VPN server 110 based on the service flow information. It is preferred to include a communication path for the connection.

According to another exemplary embodiment of the present invention, a process of connecting a communication path for VPN between the VPN payment terminal 165 and the VPN server 110 on the VAN company network 100 may be performed as shown in FIG. 3A. If the subscriber profile information provided in the PAR 160 is provided with predetermined VPN connection information and a plurality of service flow information may exist, the service flow information is changed to the traffic connection setting by reading or the traffic connection is established. Register new service flow information including a setting, and a communication path for connecting a communication channel for a VPN between the PAR 160 (or AAA 135 server) and the VPN server 110 based on the service flow information. It is preferable to include comprising a.

When the VPN communication path is connected between the VPN payment terminal 165 and the VPN server 110 on the VAN company network 100 as described above, the PAR 160 (or AAA 135) server on the high-speed wireless Internet. ) Transmits the requested traffic connection request information from the payment terminal 165 to the VPN server 110 (755), and the VPN server 110 reads the traffic connection request information, thereby connecting the target object. A server (or device) and the payment terminal 165 connect a communication channel (760), and the VPN payment terminal 165 is provided in a high-speed wireless Internet-based virtual payment communication network corresponding to the VAN company network 100. It is possible to transmit and receive predetermined information or data with at least one server (or device) through the communication channel.

Hereinafter, the VPN server 110 address information provided in the VAN company network 100 and the payment terminal 165 based on the high speed wireless Internet network configuration and the VAN company network 100 configuration shown in FIG. By providing the VPN connection information including the communication port information for connecting to the VPN server 110, by setting the VPN server 110 as a proxy server for the payment terminal 165 through the VPN connection information, A preferred embodiment for implementing a high-speed wireless Internet-based virtual payment communication network having a high-speed wireless Internet system as a network infrastructure will be described. However, the technical features of the virtual payment communication network is not limited to this embodiment, and those skilled in the art to which the present invention pertains, the core technical features of the present invention through the drawings and descriptions shown below Various implementation methods for constructing a virtual payment communication network may be easily inferred by changing at least one or more components provided in the payment terminal 165 without violating characteristics, and thus, the present invention is not limited thereto. Is to be made clear.

8A, 8B, and 8C illustrate a preferred functional configuration of a payment terminal 165 that automatically connects (or preferentially connects) to the VPN server 110 of a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention. Drawing.

In more detail, FIGS. 8A, 8B, and 8C illustrate a payment terminal 165 for wirelessly connecting to the high-speed wireless Internet system shown in FIG. 1 when a predetermined traffic connection request is made from the payment terminal 165. Payment terminals 800 and 165 for automatically connecting (or prioritizing) a communication path so that traffic connection is made through a VPN server 110 provided in the VAN company network 100 connected to the high-speed wireless Internet system. 8A, 8B, and 8C illustrate a high-speed wireless Internet-based virtual payment communication network having the high-speed wireless Internet system connected to the VAN company network 100 as a network infrastructure. The VPN payment terminals 800 and 165 will be described as a credit inquiry terminal for a high-speed wireless Internet equipped with an electronic payment processing function. However, the VPN payment terminals 800 and 165 are not limited to the credit inquiry terminals for the high-speed wireless Internet, and the VPN payment terminals 800 and 165 have all kinds of high-speed OFDMA-based wireless access functions. Wireless Internet terminal.

FIG. 8A illustrates a preferred functional configuration of the integrated payment terminal 165 in which the OFDMA-based radio access function is embedded in a predetermined card terminal. FIG. 8B includes the predetermined card terminal and the OFDMA-based radio access function. FIG. 8C illustrates a preferred functional configuration of a modular payment terminal 165 to which one wireless terminal is connected, and FIG. 8C illustrates a preferred payment terminal 165 linked to a predetermined card terminal and the OFDMA-based wireless terminal. The functional configuration is shown. Those skilled in the art to which the present invention pertains, various of the payment terminal 800, 165 for VPN connected to the high-speed wireless Internet-based virtual payment communication network with reference to Figures 8a, 8b and 8c. The examples can be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 8A illustrating a functional configuration of an integrated payment terminal 165 in which a predetermined card terminal includes the OFDMA-based wireless access function, the payment terminal 165 is a function defined in the payment terminal 165. For example, the controller 805, the card interface 810, the security application module 825, the memory unit 845, the screen output unit 815, and the key input unit 820 for realizing a high-speed wireless Internet-based electronic payment processing function. ) And a power source required to perform a function defined in the printing unit 830, the wireless processing unit 880, and the payment terminal 165 (eg, a high-speed wireless Internet-based electronic payment processing function) to the payment terminal 165. It is provided with a power supply unit 840 for supplying.

The control unit 805 controls the overall operation of the payment terminal 165, manages the flow of information or data between each component, and controls and manages at least one component provided in the payment terminal 165. A functional configuration, comprising: at least one processor including a Central Processing Unit (CPU) / Micro Processing Unit (MPU) and execution memory (eg, a register and / or at least one memory loading data) loaded in hardware; RAM (Random Access Memory) and a bus (BUS) for inputting and outputting at least one or more data into the processor and the memory, and also a function (for example, defined in the payment terminal 165 by software) To the execution memory from a predetermined recording medium to perform the electronic payment process. A predetermined program routine (Routine) and / or program data which are processed by a parser (hence, upon requesting a predetermined traffic connection from the payment terminal 165, the VAN connected to the high speed wireless Internet system. The payment terminal 165 is provided in the payment terminal 165 to realize a function of the VPN payment terminal 800 that automatically connects (or preferentially connects) a communication path to be made through the VPN server 110 provided in the corporate network 100. In the functional configuration, a component that can be processed by software is illustrated as being provided in the controller 805.).

The card interface 810 may be a medium (eg, an MS card and / or an IC card and / or a carrier) having at least one payment means in the payment terminal 165 that performs a function of a credit inquiry terminal for high-speed wireless Internet. And an interface for reading predetermined payment means information for electronic payment processing from an IC chip, etc., wherein the information or data read out from a predetermined user-owned medium through the card interface 810 is controlled by the controller. 805 is entered.

According to an embodiment of the present invention, the card interface 810 may be connected to an MS interface that provides an interface to an MS card based on the ISO / IEC 7810 standard, and / or a contact IC card based on the ISO / IEC 7816 standard. And at least one contact IC interface providing an interface to the contactless IC card and / or a contact IC interface based on the ISO / IEC 14443 standard.

The MS interface is a card interface 810 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil, and includes predetermined information (eg, magnetized binary ( When the MS card on which the data is recorded is moved in close contact with the magnetic head (or the magnetic head moves in close contact with the MS card in which predetermined information is recorded), a predetermined electrical signal is applied to the magnetic head. It is characterized in that the predetermined information or data is read from at least one or more tracks provided in the MS of the MS card by using the loaded device.

The contact IC interface is a card interface 810 based on ISO / IEC 7816. The contact IC interface includes at least one contact point that makes electrical contact with a chip on board (COB) provided in a contact IC card. It supplies power to the IC chip of the IC card through the contact point, and the predetermined information or from the IC chip through the transaction of the half-duplex (HA (150) lf Duplex) method using an APDU (Application Protocol Data Unit) The data is read out.

The contactless IC interface is a card interface 810 based on ISO / IEC 14443, and includes at least one or more contactless electrical contacts with a contactless IC card using capacitive coupling and / or inductive coupling. It includes an antenna, supplies power to the IC chip of the IC card through the antenna, and reads predetermined information or data from the IC chip through a non-contact half-duplex (HA (150) lf Duplex) transaction It is characterized by shipping.

The card terminal security application module 825 (Secure Application Module (SAM)) is a confidentiality (confidentiality) required in the process of the payment terminal 165 to perform the electronic payment and / or electronic payment using the payment means provided in the medium And / or security requirements including authentication and / or integrity and / or nonrepudiation, etc. without using an authentication server (or payment server) on the network. As a safety device for performing a safe and reliable structure within, a predetermined message that is processed in the process of the payment terminal 165 performing a predetermined security request function (e.g., electronic payment and / or electronic payment function) Information or data), add an authenticator that prevents forgery (or tampering) of the message, or perform the security request function. It is characterized by performing a function of storing important key information.

In general, the security application module 825 is preferably composed of a predetermined security application module 825 inserter and a security application module 825 chip, the security application module 825 chip is a chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It is preferable to comprise a.

In addition, the security application module 825 is at least one or more security application data (eg, at least one identifier, version, expiration date, issue date, code value, etc.) required for the payment terminal 165 to perform a predetermined security request function. ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, privilege acquisition protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / delete / discard / initialization / Reprocessing / cancellation command).

The memory unit 845 inputs when a predetermined program routine (or code) and / or program data (eg, program routine (or code)) for controlling the overall operation of the payment terminal 165 is performed. Or a general term of non-volatile memory for storing at least one output information or data), which is hardware-based electrically erasable and programmable read only memory (EEPROM) and / or flash memory (FM) and / or HDD (HA 150). and at least one or more storage means including; rd Disk Drive).

According to an embodiment of the present invention, the memory unit 845 is connected to the payment terminal 165 network components of the high-speed wireless Internet traffic connection request of the payment terminal 165 based on the high-speed wireless Internet And the VPN setting information 850 configured to be automatically connected (or prioritized) to the VPN server 110 provided in the VAN company network 100 of the virtual payment communication network, and the VPN setting information ( 850 is VPN connection information including VPN server 110 address information provided in the VAN company network 100 of the high-speed wireless Internet-based virtual payment communication network and communication port information for accessing the VPN server 110; At least one high-speed wireless Internet network component (eg, base station 165, PAR 160, AAA 135 server, HA 150, etc.) provided between the VPN server 110 in the payment terminal 165. ) The payment terminal (165) It includes at least one parameter value to automatically connect (or prioritize) the connection to the VPN server 110 based on the VPN connection information. For example, the parameter value may be a Uh interface between the payment terminal 165 and the base station 165 and / or an Ah interface between the base station 165 and the PAR 160 (eg, ANAP protocol) and / or the PAR ( At a Ph interface (eg, PPAP protocol) between 160 and PAR 160.

The screen output unit 815 is at least one or more information (or data) defined to be exposed to the user in the process of performing a function (eg, high-speed wireless Internet-based electronic payment processing function) defined in the payment terminal 165. And at least one output device including a liquid crystal display (LCD) and / or a cathode ray tube (CRT), and a driver managing the output device and interworking with the control unit 805. It is preferable to make it.

The key input unit 820 selects at least one or more information (or data) defined to be input from a user in the process of performing a function defined in the payment terminal 165 (for example, a high-speed wireless Internet-based electronic payment processing function). Characterized in that in the form of key data, and comprises at least one input device including a keypad and / or keyboard, and a driver for managing the input device and interworking with the control unit 805. .

The printing unit 830 performs a process (eg, a fast wireless Internet-based electronic payment processing function) defined in the payment terminal 165 and / or predetermined information or data (eg, payment) generated as a result. Process receipt) by printing (or outputting) through a predetermined printing device 835 (for example, a receipt printing machine), and printing the print information or data in accordance with a predefined printing form. It includes a print protocol and a driver for printing through).

The wireless processing unit 880 is a network component of the high-speed wireless Internet system (for example, the base station 165) to perform a function defined in the payment terminal 165 (for example, high-speed wireless Internet-based electronic payment processing function). , PAR (160), AAA (135) server, HA (150) server, NMS (155, etc.) in connection with the payment terminal 165 to the high-speed wireless Internet, characterized in that the high-speed VPN server connected through the high-speed wireless Internet and a TCP / IP-based network and / or a dedicated line to perform a function defined in the payment terminal 165 (for example, a high-speed wireless Internet-based electronic payment processing function) through the wireless Internet ( 110 and a high-speed wireless Internet-based communication channel, and generate traffic for performing a function (eg, a high-speed wireless Internet-based electronic payment processing function) defined in the payment terminal 165 through the communication channel. And it characterized by. A preferred embodiment of the wireless processing unit 880 will be described in detail with reference to FIG.

According to the present invention, the wireless processing unit 880 is a media control layer (MAC) and a physical layer corresponding to a lower layer on a communication protocol stack defined between the payment terminal 165 and the base station 165 on the high-speed wireless Internet. Perform communication processing for the (PHY).

FIG. 8B illustrates a functional configuration of a modular payment terminal 165 in which a predetermined card terminal and a wireless terminal having the OFDMA-based wireless access function are connected. FIG. 8B illustrates a card interface with the controller 805 shown in FIG. 8A. 810, a security application module 825, a memory unit 845, a screen output unit 815, a key input unit 820, a print unit 830, and a power supply unit 840 are defined in the payment terminal 165. Payment processing defined to request high-speed wireless Internet-based electronic payment processing, including predetermined transaction data (e.g., payment means information read from a customer-owned medium) for realizing a predetermined function (e.g., high-speed wireless Internet-based electronic payment processing function). The card terminal to generate related data (or payment approval request specialized data) and the transaction data generated from the card terminal to the VPN server 110 through the high-speed wireless Internet system. For the sending and receiving communication module is characterized in that comprises a wireless terminal stage.

In FIG. 8B, the control unit 805, the card interface 810, the security application module 825, the memory unit 845, the screen output unit 815, and the key input unit 820 constituting the card terminal terminal. The basic functions of the printing unit 830 and the power supply unit 840 are the same as those described with reference to the payment terminal 165 of FIG. 8A. The wireless processing unit 880 constituting the wireless terminal is also described with reference to FIG. 8A. As described and illustrated in the payment terminal 165.

Referring to FIG. 8B, the card terminal interface exchanges predetermined transaction data with the wireless terminal terminal for realizing a function defined in the payment terminal 165 (for example, a high-speed wireless Internet-based electronic payment processing function). It is characterized in that it further comprises a predetermined card terminal end interface 885 for.

According to an embodiment of the present invention, the card terminal end may transmit predetermined transaction data (eg, payment means information read from a customer-owned medium) generated inside the card terminal end through the card terminal end interface 885. Payment processing-related data (or payment approval request specialized data) defined to request high-speed wireless Internet-based electronic payment processing, including an interface, is provided to the wireless terminal, and / or the card terminal-side interface 885 is provided. Payment processing result data (or payment approval message) received from the VPN server 110 in response to predetermined transaction data (eg, the payment processing related data (or payment approval request specialized data)) from the wireless terminal. Data)) is preferably provided by interfacing.

According to an embodiment of the present invention, the card terminal end interface 885 may include a wired communication interface including at least one of USB, RS-232c, or RS-485, and / or infrared ray communication, RF, or the like. A near field communication interface including at least one or more of Radio Frequency communication, Bluetooth, Wi-Fi, Ultra Wide Band system (UWB), and / or a Personal Computer Memory Card International Association (PCMCIA). It is preferred to include at least one or more interface means of at least one or more mating interfaces to include.

Referring to FIG. 8B, the wireless terminal end includes a predetermined wireless terminal end side interface 890 that matches the card terminal end side interface 885 provided in the card terminal end, and the wireless terminal end defined in the wireless terminal end. A control unit 891 and a memory unit 892 for realizing a function (e.g., a communication module function for high-speed wireless Internet-based electronic payment processing) and a function (e.g., high-speed wireless Internet-based electronic payment processing) Communication module function) is configured to include a power supply unit 833 for supplying the power required to perform.

The controller 891 of the wireless terminal end may include at least one or more processors including a CPU / MPU in hardware, a memory into which at least one program code and / or data is loaded to realize a function defined in the wireless terminal end; And a bus BUS for inputting and outputting predetermined data to the processor and / or memory.

The memory unit 892 of the wireless terminal end is a generic term for storage means for storing a predetermined program routine (or code) and / or program data for controlling the overall operation of the wireless terminal end, and corresponds to a read-only memory. And a Read Only Memory (ROM), a Flash Memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory).

Those skilled in the art (e.g., device characteristics of the wireless terminal end (for example, device characteristics in which the wireless terminal end is implemented as an external wireless modem, or the wireless terminal end in the form of a PCMCIA card) Those skilled in the art will appreciate the functional configurations of the control unit 891 and the memory unit 892 of the wireless terminal, so a detailed description thereof will be omitted.

8c illustrates a functional configuration of an interlocked payment terminal 165 in which a predetermined card terminal and the OFDMA-based wireless terminal work together. The control unit 805, the card interface 810, and the security application module shown in FIG. 825, a memory unit 845, a screen output unit 815, a key input unit 820, a printing unit 830, and a power supply unit 840 define functions (eg, high-speed wireless) in the payment terminal 165. Payment transaction related data (or payment authorization request) defined to request high-speed wireless Internet-based electronic payment processing, including predetermined transaction data (e.g., payment means information read from a customer-owned medium) for realizing the Internet-based electronic payment processing function. Card data)) and a communication module for transmitting and receiving the transaction data generated at the card terminal to the VPN server 110 through the high-speed wireless Internet system. Characterized in that it comprises a wireless terminal end.

In FIG. 8C, the controller 805, the card interface 810, the security application module 825, the memory unit 845, the screen output unit 815, and the key input unit 820 configuring the card terminal end. The basic functions of the printing unit 830 and the power supply unit 840 are the same as those described with reference to the payment terminal 165 of FIG. 8A. The wireless processing unit 880 constituting the wireless terminal is also described with reference to FIG. 8A. As described and illustrated in the payment terminal 165.

Referring to FIG. 8C, the card terminal terminal transmits predetermined transaction data for realizing a function defined in the payment terminal 165 (for example, a high-speed wireless Internet-based electronic payment processing function) as shown in FIG. 8B. It is characterized in that it further comprises a predetermined card terminal end side interface 885 for interfacing and exchange with the end, a detailed description thereof is as described with reference to Figure 8b.

Referring to FIG. 8C, the wireless terminal end includes a predetermined wireless terminal end side interface 890 that matches the card terminal end side interface 885 provided in the card terminal end, and the wireless terminal end defined in the wireless terminal end. Function (e.g., at least one service providing function provided by the wireless terminal as an independent wireless terminal in conjunction with the high speed wireless internet, and / or a communication module function for interfacing with the card terminal to perform high speed wireless Internet-based electronic payment processing) A control unit 891, a memory unit 892, a screen output unit 815c, a key input unit 820c, a sound processing unit 894, and a power supply unit 893 for supplying predetermined power to the wireless terminal terminal for realization are provided. The basic features of the controller 891 and the memory unit 892 are the same as those described with reference to FIG. 8B.

The screen output unit 815c of the wireless terminal unit extracts key data generated through a predetermined key input unit 820c in cooperation with the control unit 891 and performs a predetermined function provided in the wireless terminal unit. / Or a variety of information and / or signal and / or content (e.g., text content, image content, and / or multimedia content) generated and / or received according to a predefined rule, a predetermined screen output device (e.g. LCD ( And a liquid crystal display (CRT) and / or a CRT (Cathode Ray Tube), and at least one output device therefor, and a driver managing the output device and interworking with the controller 891. It is preferable to comprise a.

The key input unit 820c of the wireless terminal may include at least one key button including a predetermined number key and / or a letter key (CHA 150) and / or a function key ( Detects information (or signal) input from a predetermined keypad having a key button, and inputs the keypad in a specific input mode and / or operation mode of the wireless terminal end controlled by the controller 891. When predetermined information (or a signal) is inputted from a predetermined key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 891. At least one input device and a driver for managing the input device and interworking with the controller 891 may be included.

The sound processing unit 894 of the wireless terminal end performs a predetermined sound signal (eg, wireless connection and / or information transmission and reception) defined in the wireless terminal end from a microphone provided in the wireless terminal end. Encoding is provided to the control unit 891, or decodes a predetermined sound signal extracted and / or generated by the control unit 891 and outputs through a speaker. The sound processor 894 is provided with a predetermined vocoder and a codec.

8A, 8B, and 8C, the payment terminal 165 reads payment means information 855 from at least one customer-owned medium through the card interface 810. And an information input unit 860 for receiving predetermined payment information (eg, payment amount) from a predetermined input device (eg, a key input device corresponding to the key input unit 820, a POS device, etc.), and the payment. A data generation unit 865 for generating predetermined payment processing related data (or payment approval request specialized data) including means information and payment information; and the wireless processing unit for the payment processing related data (or payment approval request specialized data). Processing the protocol stack transmittable through 880, and / or data related to payment processing (or payment approval) from the protocol stack received through the wireless processing unit 880. And a communication processing unit 875 which reads out payment processing result data (or payment approval specialized data) corresponding to the request full text data).

According to the exemplary embodiment of the present invention, when the end-to-end encryption and / or decryption function is provided to request a high degree of security between the payment terminal 165 and the VAN company network 100, the generated payment for this purpose is provided. An encryption processing unit that encrypts processing related data (or payment approval request specialized data), and / or decrypts payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data). It is preferred to further include 870.

The payment means reader 855 is linked with a card reader device corresponding to the card interface 810 provided in the payment terminal 165 and / or at least one driver for driving the card reader device. Through the payment terminal 165 through the payment terminal 165, the predetermined payment means information for performing the electronic payment processing is read from the customer-owned medium having at least one payment means through the payment means reading unit 855 The payment means information read by the data is provided to the data generator 865.

According to the method of the present invention, the payment means read out from the customer-owned medium through the payment means reading unit 855, a credit card, debit card, check card, prepaid It is preferable to include at least one card (Prepaid Card), Electronic Wallet (Electronic Wallet), Electronic Bankbook (Electronic Bankbook), the financial common network.

The information input unit 860 includes a payment amount from at least one input device including a key input device corresponding to the key input unit 820 and / or a POS device for extracting predetermined payment related information from payment target product information. Characterized in that the predetermined payment information is received, the payment information input by the information input unit 860 is provided to the data generation unit 865.

The data generation unit 865 includes predetermined payment processing related data (or payment approval request) including payment means information read by the payment means reader 855 and payment information input through the information input unit 860. Specialized data), and the payment processing related data (or payment approval request specialized data) is provided to the encryption processing unit 870.

The encryption processing unit 870 encrypts the payment processing related data (or payment approval request specialized data) according to a predetermined encryption protocol defined to be decrypted by the payment processing server, and the encrypted payment processing The relevant data (or payment approval request specialized data) is provided to the communication processing unit 875. In addition, the encryption processing unit 870, if the predetermined payment processing result data (or payment approval professional data) is restored (or generated) from the communication processing unit 875, characterized in that the decrypted, if the The decrypted payment processing result data (or payment approval specialized data) is provided to the screen output unit 815 and / or the printing unit 830 and output.

According to the embodiment of the present invention, the encryption processing unit 870 encrypts the payment processing related data (or payment approval request specialized data) by a predetermined symmetric key (or secret key) method, and / or the payment processing related It is preferable to decode predetermined payment processing result data (or payment approval specialized data) corresponding to the data (or payment approval request specialized data) by the symmetric key (or secret key) method.

The communication processing unit 875 performs communication processing for upper layers of the medium control layer (MAC) and the physical layer (PHY) defined in the wireless processing unit 880 on the communication protocol stack defined in the payment terminal 165. Characterized in that.

According to an exemplary embodiment of the present invention, the communication processing unit 875 stores a service data unit (SDU) from the encrypted payment processing related data (or payment approval request specialized data) in the communication protocol stack for transmission and And / or generate a Protocol Data Unit (PDU), and store the SDU / PDU in an upper layer of the communication protocol stack. As described above, the protocol stack in which the SDU / PDU is stored is the wireless processor. It is preferably provided to 880, the wireless processing unit 880 is a media control layer (MAC) and a physical layer (PHY) in a predetermined communication protocol stack in which the SDU / PDU is stored by the communication processing unit 875 Performs a communication process for the wireless transmission to the base station 165 on the high-speed wireless Internet.

Also, the base station 165 on the high-speed wireless Internet stores an SDU / PDU generated from predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data). After providing a communication protocol stack to the wireless processing unit 880, the wireless processing unit 880 performs a series of communication processing for the media control layer (MAC) and the physical layer (PHY) from the communication protocol stack, It is preferable to provide the remaining higher communication protocol stack to the communication processing unit 875, and the communication processing unit 875 reads out the SDU / PDU from the provided communication protocol stack to transmit the payment processing result data (or payment approval specialized data). Restore (or create)

If the restored (or generated) payment processing result data (or payment approval specialized data) is encrypted, the communication processing unit 875 transmits the payment processing result data (or payment approval specialized data) to the encryption processing unit 870. If it is not encrypted, the restored (or generated) payment processing result data (or payment approval data) is provided to the screen output unit 815 and / or the printing unit 830 and output.

In the case of the integrated payment terminal 165 according to the embodiment of the present invention, the payment means reading unit 855, the information input unit 860, the data generating unit 865, the encryption processing unit 870, and communication Processing unit 875 is preferably provided in the payment terminal 165 as shown in Figure 8a.

In the case of the modular payment terminal 165 according to the embodiment of the present invention, the payment means reading unit 855, the information input unit 860, the data generating unit 865, the encryption processing unit 870 is As shown in Figure 8b is provided in the card terminal of the payment terminal 165, the communication processing unit 875 is preferably provided in a wireless terminal with the wireless processing unit 880. At this time, the card terminal end transmits the payment processing related data (or payment approval request specialized data) encrypted by the encryption processing unit 870 through the card terminal end interface 885 and the wireless terminal end interface 890. The wireless processing unit 880 provides the wireless terminal end, and the communication processing unit 875 of the wireless terminal end performs a predetermined communication process on the encrypted payment processing related data (or payment approval request specialized data). Send via In addition, when a packet including a predetermined communication protocol stack is received through the wireless processing unit 880, the communication processing unit 875 of the wireless terminal performs a predetermined communication processing procedure to perform the payment processing related data from the packet. Restoring (or generating) payment processing result data (or payment approval specialized data) corresponding to (or payment approval request specialized data), and through the wireless terminal end interface 890 and the card terminal end interface 885. It provides to the card terminal end.

According to another exemplary embodiment of the present invention, the encryption processing unit 870 provided in the card terminal of the modular payment terminal 165 is transferred to the wireless terminal with respect to the embodiment shown in FIG. 8B. The present invention is not limited thereto. Alternatively, the communication processing unit 875 provided in the wireless terminal end may be transferred to the card terminal end to operate the method shown in FIG. 8B, and the present invention is not limited thereto. Alternatively, in the method shown in FIG. 8B, the communication processing unit 875 separates the highest layer of the communication protocol stack from the card terminal and the remaining layer from the wireless terminal. It may be provided separately from the end and the wireless terminal end, whereby the present invention is not limited.

In the linked payment terminal 165 according to the embodiment of the present invention, the payment means reading unit 855, the information input unit 860, and the data generating unit 865 is the payment terminal as shown in Figure 8c In the card terminal of 165, the encryption processing unit 870 and the communication processing unit 875 is preferably provided in the wireless terminal terminal provided with the wireless processing unit 880. At this time, the card terminal end transmits the payment processing related data (or payment approval request specialized data) generated by the data generating unit 865 to the card terminal end interface 885 and the wireless terminal end interface 890. Provided to the wireless terminal through the encryption terminal, the encryption processing unit 870 of the wireless terminal terminal encrypts the payment processing related data (or payment approval request specialized data) to provide the communication processing unit 875, the communication processing unit 875 performs a predetermined communication process on the encrypted payment processing related data (or payment approval request specialized data) and transmits the same through the wireless processing unit 880. In addition, when a packet including a predetermined communication protocol stack is received through the wireless processing unit 880, the communication processing unit 875 of the wireless terminal performs a predetermined communication processing procedure to perform the payment processing related data from the packet. Restoring (or generating) payment processing result data (or payment approval text data) corresponding to (or payment approval request text data), and if the payment processing result data (or payment approval text data) is encrypted, the encryption processing unit ( 870, and / or to the card terminal end through the wireless terminal end side interface 890 and the card terminal end side interface 885.

According to another exemplary embodiment of the present invention, the data generating unit 865 provided in the card terminal of the linked payment terminal 165 is transferred to the wireless terminal for the method shown in FIG. 8C. The present invention is not limited thereto. Alternatively, the encryption processing unit 870 provided in the wireless terminal end may be transferred to the card terminal end and operate with respect to the embodiment shown in FIG. 8C, and the present invention is not limited thereto.

9A, 9B, and 9C illustrate a preferred structure of a communication protocol stack of a payment terminal 165 connecting to a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention.

9A, 9B, and 9C are detailed views of the payment terminal 165 connected to the high-speed wireless Internet-based virtual payment communication network as shown in FIGS. 8A, 8B, and 8C. As a preferred embodiment of the preferred structure of the protocol stack that is processed by the processing unit 880 based on the high-speed wireless Internet, specifically, Figure 9a is a preferred communication protocol stack for the integrated payment terminal 165 as shown in Figure 8a 9b illustrates a preferred communication protocol stack for a modular payment terminal 165 as shown in FIG. 8b, and FIG. 9c illustrates a preferred communication protocol for a linked payment terminal 165 as shown in FIG. 8c. It is an example of a stack.

Referring to FIG. 9A, which illustrates a preferred communication protocol stack for the integrated payment terminal 165, the communication processing unit 875 included in the integrated payment terminal 165 may include traffic data (eg, payment processing related data (or payment approval). A predetermined SDU / PDU is generated from the request message data), and a communication protocol processing procedure of storing the generated predetermined SDU / PDU in a higher layer on the communication protocol stack defined in the payment terminal 165 is performed. Generates a predetermined communication protocol stack that can be processed by the medium control layer (MAC) of the wireless processing unit 880.

According to an embodiment of the present invention, the communication processing unit 875 may further include passing a Secure Sockets Layer (SSL) layer in the process of generating the communication protocol stack, and / or the high speed wireless Internet service. It is possible to further pass through a layer that supports at least one or more protocols defined in the high-speed wireless Internet to provide a, whereby the present invention is not limited.

The protocol stack communicated through the communication processor 875 is transmitted from the wireless processor 880 included in the integrated payment terminal 165 to the base station 165 on the high-speed wireless Internet through a media control layer and a physical layer. do.

The medium control layer (MAC) preferably includes a privacy sublayer, a MAC common PAR 160t sublayer, and a service specific convergence sublayer L23. Do.

According to an embodiment of the present invention, the privacy sub-layer performs device authentication, security key exchange, and encryption functions, wherein the privacy sub-layer performs only authentication for the device, and user authentication is performed at an upper layer of the MAC. desirable. In addition, the MAC common sub-layer is an essential part of the MAC layer, and is preferably responsible for system access, bandwidth allocation, traffic connection establishment and maintenance, and quality of service (QoS) management. In addition, the service specific aggregation sublayer is preferably responsible for payload header suppression and quality of service (QoS) mapping functions in continuous data communication.

Referring to the IEEE 802.16 series standard, the high-speed wireless Internet system defines an encryption function for traffic data in order to provide a stable wireless communication service, which is required before a predetermined traffic connection establishment procedure for encrypting the traffic data. It defines how to generate and distribute traffic encryption keys for traffic connections. Specifically, the payment terminal 165 and the base station 165, for generating and distributing traffic encryption keys, a PKM-REQ (Privacy Key Managment-Request) message and a PKM-RSP (Privacy Key Managment-Response) Message), the payment terminal 165 requests a traffic encryption key assignment by transmitting a key request message, which is an internal message of one of the PKM-REQ messages, to the base station 165, and the base station 165. ) Sends a response to the terminal. Specifically, the base station 165 transmits a key reply message to the terminal when the traffic encryption key assignment is successful, and transmits a key reject message to the terminal when the traffic encryption key assignment is successful. The payment terminal 165 and the base station 165 can encrypt and transmit all traffic data using the traffic encryption key assigned through the traffic encryption key assignment procedure.

The physical layer (PHY) is responsible for a wireless communication function performed in a normal physical layer, such as modulation and demodulation and coding, a preferred embodiment thereof will be described in detail with reference to FIG.

Referring to FIG. 9B, which illustrates a preferred communication protocol stack for the modular payment terminal 165, the communication processing unit 875 provided in the wireless terminal of the modular payment terminal 165 may be configured as the modular payment terminal 165. Communication protocol processing for generating a predetermined SDU / PDU from the traffic data provided from the card terminal of the terminal) and storing the generated SDU / PDU in a higher layer on the communication protocol stack defined in the payment terminal 165. Performs a procedure, and generates a predetermined communication protocol stack that can be processed in the media control layer (MAC) of the radio processing unit 880.

In addition, the protocol stack communicated through the communication processing unit 875 passes through the media control layer and the physical layer in the wireless processing unit 880 provided in the wireless terminal of the modular payment terminal 165. The technical characteristics of the medium control layer and the physical layer are transmitted to the base station 165 on the Internet as described with reference to FIG. 9A.

Referring to Figure 9c illustrating a preferred communication protocol stack for the linked payment terminal 165, the communication processing unit 875 provided in the wireless terminal of the linked payment terminal 165 is the linked payment terminal 165 Communication protocol processing for generating a predetermined SDU / PDU from the traffic data provided from the card terminal of the terminal) and storing the generated SDU / PDU in a higher layer on the communication protocol stack defined in the payment terminal 165. Performs a procedure, and generates a predetermined communication protocol stack that can be processed in the media control layer (MAC) of the radio processing unit 880.

In addition, the protocol stack communicated through the communication processing unit 875 passes through the media control layer and the physical layer in the wireless processing unit 880 provided in the wireless terminal of the interlocking payment terminal 165. The technical characteristics of the medium control layer and the physical layer are transmitted to the base station 165 on the Internet as described with reference to FIG. 9A.

10 is a diagram showing a preferred structure of the wireless processing unit 880 of the payment terminal 165 according to the embodiment of the present invention.

In more detail, FIG. 10 illustrates a preferred method of the wireless processor 880 for wirelessly communicating with the base station 165 in the OFDMA scheme according to the IEEE 802.16 series wireless access standard as an end point of a wireless channel in the high-speed wireless Internet system. to be. However, in the present invention, the wireless processing unit 880 of the payment terminal 165 is not limited to the case of FIG. 10, but does not violate the core of the present invention according to the intention of the terminal manufacturer and / or parts used. The present invention can be modified within the present invention, and the present invention is not limited thereto.

Referring to FIG. 10, the wireless processor 880 converts an analog baseband signal input from a baseband processor into a 2.3 GHz band signal, which is a carrier band, and transmits the signal. It performs the function of delivering to the baseband processor.

In addition, the wireless processing unit 880 includes a transmitting and receiving antenna, and performs an up / down conversion function between an RF front end (FE) and a power amplification function RF signal, and a front end module (FEM) is a PA (Power). It consists of Amplifier, RF SW (RF SWitch), and Low Noise Amplifier (LNA) FEM to perform transmit / receive mode switching function, power amplifier function of transmit signal, low noise amplifier function of received signal according to control signal, UPCM (UP Conversion Module) ) Consists of LPF, I / Q modulator, VGA, and RF BPF to convert baseband signal to RF signal, transmit power control function and filtering function, and DNCM (DowN-Conversion Module) uses RF BPF, It consists of an RF mixer, VGA, I / Q demodulator, LPF, and the DNCM performs the down conversion function of the RF signal to the baseband signal, automatic reception gain control and filtering function.

In addition, since the wireless processing unit 880 uses a Local Oscillator Module (LOM) consisting of a PLL and an RF VCO and a TDD scheme, the wireless processing unit 880 includes an ANTM (ANTenna Module) performing transmission and reception on the same antenna.

11 is a view showing a preferred process for implementing a high-speed wireless Internet-based virtual payment communication network in the network access process of the VPN payment terminal 800 according to the embodiment of the present invention.

In more detail, in FIG. 11, at least one or more network components provided on the high-speed wireless Internet are included in the process of accessing the high-speed wireless internet by the payment terminal 165 having a function of wirelessly connecting to a predetermined high-speed wireless internet. When a predetermined traffic connection request is made from the payment terminal 165 by interworking with each other, the payment terminal 165 automatically connects (or preferentially connects with) the VPN server 110 provided in the VAN company network 100. Check whether the payment terminal 800, and if the VPN payment terminal 800 is confirmed, the VPN payment terminal 800 is automatically connected to the VPN server 110 provided in the VAN company network 100 ( Or preferred connection).

Referring to FIG. 11, when a predetermined power is supplied to a payment terminal 165 having a function of wirelessly accessing a predetermined high-speed wireless Internet and the system is booted, the payment terminal 165 is a downlink of the base station 165. After synchronizing with downlink through channel search and acquiring channel control parameters for uplink, synchronizing with uplink through initial ranging and informing the payment terminal 165 registration information to the base station 165. An initial access procedure is performed (1100).

According to an exemplary embodiment of the present invention, if the payment terminal 165 is a VPN payment terminal 800, the registration information of the payment terminal 165 is transmitted from the payment terminal 165 to the base station 165. In the process, a predetermined parameter value included in the VPN setting information 850 included in the memory unit 845 of the payment terminal 165 in the registration information of the payment terminal 165 (eg, of the payment terminal 165). And a parameter value configured to automatically connect (or prioritize) the communication path to the VPN server 110, whereby the high-speed wireless Internet network components exchange at least one message. The negotiation is performed using the parameters included in the VPN configuration information 850 during the negotiation of the basic provision capability for the payment terminal 165 and / or the authentication and registration process for the user or wireless terminal and / or the MIP allocation process. When a predetermined traffic connection request is made from the first terminal 165, the payment terminal 165 is configured to automatically connect (or first connect) the VPN server 110 provided in the VAN company network 100. If the payment terminal 165 is not the VPN payment terminal 800, the payment terminal 165 will transmit the registration information of the payment terminal 165 to the base station 165 according to a conventional procedure.

In addition, if the payment terminal 165 is a VPN payment terminal 800, in the process of transmitting the payment terminal 165 registration information from the payment terminal 165 to the base station 165, the payment terminal 165 ) The registration information is preferably transmitted further including the VPN connection information included in the VPN setting information 850 included in the memory unit 845 of the payment terminal 165, thereby transmitting to the payment terminal 165. After the basic capability capability negotiation and / or authentication process and registration process and / or MIP allocation process for the user or wireless terminal is performed, the VPN server 110 through the VPN connection information in the high-speed wireless Internet network component By transmitting the payment information 165 registration information to the VPN server 110, the payment terminal 165 is requested to authenticate whether or not the payment terminal 800 for the VPN.

According to another exemplary embodiment of the present invention, when the VPN setting information 850 cannot be transmitted to the initial access protocol stack defined between the payment terminal 165 and the base station 165, the payment terminal ( 165) the network components provided in the high-speed wireless Internet interoperate with each other to negotiate basic provisioning capabilities for the payment terminal 165 and / or to authenticate and register a user or a wireless terminal and / or to allocate a MIP. After the execution, the VPN configuration information 850 may be transmitted to the base station 165.

According to another exemplary embodiment of the present invention, when the VPN connection information may be checked only by the payment terminal 165 registration information in the high speed wireless Internet network component (for example, the subscriber profile information includes VPN connection information. In this case, the process of transmitting the VPN connection information included in the VPN setting information 850 in the payment terminal 165 may be omitted.

When the initial access process is performed, a Basic Capability Negotiation is performed between the payment terminal 165 and the base station 165 of the high-speed wireless Internet to determine basic capability. When negotiated, the base station 165 extends the radio access connection between the payment terminal 165 and the base station 165 to a wired section and passes the PAR 160 from the AAA 135 server to the payment terminal 165 and And / or perform an authentication procedure for verifying the subscriber's authentication and service authority (1105).

According to an embodiment of the present invention, the authentication process may be performed by the AAA 135 on the high-speed wireless Internet by sending a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) in the PAR 160. When provided to the server, the AAA 135 server receiving the request determines whether the user is a legitimate subscriber and transmits a Diametric EAP Answer (DEA) / TLS (Transport Layer Security) start message to the PAR 160. Thereafter, the PAR 160 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA 135 server, and the AAA 135 server responds to the PAR 160. Send DEA / Server-Hello. Subsequently, the PAR 160 and the AAA 135 server provide a DER / TLS certificate from the PAR 160 to the AAA 135 server for mutual certificate exchange. By sending DEA / TLS cHA (150) nge cipher spec, TLS finished message to PAR (160), the use of new encryption algorithm and handshaking (HA (150) nd-sHA (150) king) procedure is completed. Transfer to the PAR (160). The PAR 160 transmits a DER / Ack to the AAA 135 server and receives a DEA / Success from the AAA 135 server, thereby completing a subscriber authentication process by completing a certificate exchange between them.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 165 is performed, network components managing the MIP for the payment terminal 165 interoperate with each other to provide a predetermined value to the payment terminal 165. The process of allocating and registering an IP address is performed (1110).

According to an embodiment of the present invention, a method of allocating and registering a MIP address to the payment terminal 165 may include: performing authentication on the payment terminal 165 on the high-speed wireless Internet, and then performing the authentication on the AAA 135 server. Receives a MIP registration request message from the payment terminal 165 that performed the subscriber authentication, performs a MIP subscriber authentication with respect to the payment terminal 165, and then sends a dynamic HA 150 request message to the HA 150. Send it. Accordingly, the HA 150 transmits an address assignment request message for allocating a dynamic IP address to the payment terminal 165 in the AAA 135 server (for example, the AAA 135 server). Omitting)), the address assignment request message preferably includes the domain name of the MIP subscriber and the PAR 160 address to which the payment terminal 165 is connected.

In addition, the AAA (135) server is interlocked with a predetermined DHCP (130) server to process the address assignment request message received from the HA (150), the payment terminal 165 from the DHCP (130) server Dynamic IP addresses belonging to the subnet of the accessed PAR 160 area are allocated. Thereafter, the AAA 135 registers the newly allocated dynamic IP address and the domain name of the MIP service subscriber to the DNS 145 server on the high-speed wireless Internet. When the dynamic IP address allocation and the dynamic DNS 145 update for the payment terminal 165 are successfully performed, the AAA 135 server transmits an address assignment response message to the HA 150, and thus the HA ( 150 generates binding information for the payment terminal 165. Thereafter, the HA 150 transmits the dynamic HA 150 response message back to the AAA 135 server, and the AAA 135 server pays the received MIP registration response message through the PAR 160. The terminal 165 transmits to the terminal 165, whereby the payment terminal 165 can receive a MIP service through the high-speed wireless Internet.

According to another exemplary embodiment of the present invention, the payment terminal 165 and the high-speed wireless Internet network interoperate with each other to encrypt traffic for maintaining security for traffic connection between the payment terminal 165 and the base station 165. The key generation and distribution process can be further performed (not shown).

When the initial access process, the basic capability negotiation process, the authentication process for the user or payment terminal 165, and the MIP registration process as described above (and / or while the processes are performed), the PAR on the high-speed wireless Internet 160 (or AAA 135 server) provides the shopping mall payment terminal 165 registration information to the VPN server 110 provided in the VAN company network 100 through the VPN connection information, and authentication for this Request (1115).

The VPN server 110 (or the security server 120) provided in the VAN company network 100 receives the subscriber information D / V for VPN provided in the VAN company network 100 through the payment terminal 165 registration information. By searching for B, it is checked whether the payment terminal 165 corresponds to the VPN payment terminal 800 (1120).

If the validity of the payment terminal 800 for VPN to the payment terminal 165 registration information is not authenticated (1125), the VPN server 110 (or security server 120) is a PAR (160) on the high-speed wireless Internet (Or AAA 135 server) generates and transmits a result of a validation terminal 800 validity verification error for a VPN (1130), and the PAR 160 (or AAA 135 server) on the high-speed wireless Internet The communication path of the payment terminal 165 is set to prevent connection to the VPN server 110 provided in the VAN company network 100 (1135).

On the other hand, if the validity of the payment terminal 800 for VPN to the payment terminal 165 registration information is authenticated (1125), the VPN server 110 (or security server 120) is the PAR 160 on the high-speed wireless Internet (Or an AAA 135 server) generates and transmits a validity approval result of a predetermined payment terminal 800 for a VPN (1130), and the PAR 160 (or AAA 135 server) on the high-speed wireless Internet is the VPN. When requesting a traffic connection from the payment terminal 800, the traffic connection request automatically connects a communication path between a predetermined VPN server 110 provided in the VAN company network 100 and the VPN payment terminal 800. The virtual payment communication network including a communication path connected between the VPN payment terminal 800 and the VPN server 110 is set to be processed (1145) and then processed (or first connection) as shown in FIG.

12 is a diagram illustrating a preferred process of processing a traffic connection request of a VPN payment terminal 800 through a high-speed wireless Internet-based virtual payment communication network corresponding to a VAN company network 100 according to an embodiment of the present invention.

In detail, FIG. 12 illustrates a VPN server in which the predetermined VPN payment terminal 800 shown in FIGS. 8A, 8B, and 8C is provided in the VAN company network 100 through the VPN configuration information 850. When the payment terminal 165 is set to a predetermined proxy server to which the payment terminal 165 should automatically connect (or preferentially connect), and requests a traffic connection, the proxy server in at least one or more network components provided in the high-speed wireless Internet. The preferred embodiment of the method for establishing a communication path for the traffic connection to the VPN server 110 is set to.

Referring to FIG. 12, a predetermined payment terminal 165 having a function of wirelessly accessing the high-speed wireless Internet may be connected to the base station through a communication protocol stack structure defined between the payment terminal 165 and the base station 165. In step 165, a traffic connection for at least one connection target server (or device) is requested (1200).

According to an embodiment of the present invention, the payment terminal 165 includes the connection target server (or device) address information and / or the payment terminal 165 registration information for the traffic connection request, and / or the Sending predetermined traffic connection request information to the base station 165 to set the VPN server 110 corresponding to the VPN connection information included in the VPN setting information 850 as a proxy server for the payment terminal 165. desirable.

When the traffic connection request is received from the payment terminal 165 to the base station 165 on the high-speed wireless Internet, the base station 165 includes the registration information of the payment terminal 165 in the CREG_req message to display the PAR ( 160, and the PAR 160 searches for the subscriber profile based on the payment terminal 165 registration information included in the received CREG_req message, and determines whether to accept the subscriber profile. In step 1205, an authentication procedure for transmitting the CREG_rsp message to the base station 165 is performed.

If the CREG_rsp message received from the PAR 160 to the base station 165 is set to be rejected for the subscriber profile (1210), the base station 165 receives the traffic requested by the payment terminal 165. Reject and terminate the connection request.

On the other hand, if the CREG_rsp message received from the PAR 160 to the base station 165 is set to accept acceptance of the subscriber profile (1210), the base station 165 requests the traffic requested by the payment terminal 165. A service flow information for determining whether to accept the request through a call admission control mechanism by transmitting a connection establishment request to the PAR 160 in a predetermined DSA_req message and receiving the DSA_req message. Authenticate the traffic connection request (1215). In this case, the PAR 160 negotiates a quality of service (QoS) value and / or a service level that can be provided in response to the requested new traffic, and then DSA_rsp determines whether to accept the negotiation values and the traffic connection establishment request. Included in the message and transmitted to the base station 165.

If the traffic connection configuration is set to be accepted in the DSA_rsp message received from the PAR 160 to the base station 165 (1220), the base station 165 includes the traffic connection configuration information (eg, the base station). A DSA_ack message including information corresponding to a traffic connection establishment request included in the DSA_req transmitted to the PAR 160 at 165, and the PAR 160 transmits the DSA_ack message to the PAR 160. By reading the service flow information is changed to a traffic connection setting that sets the VPN server 110 as a proxy server for the payment terminal 165, or changes the VPN server 110 to the payment terminal 165 as described above. The new service flow information to be set as a proxy server for is registered (1225).

After the change or new registration for the service flow information is performed as described above, the PAR 160 on the high-speed wireless Internet proxy the VPN server 110 to the payment terminal 165 based on the service flow information. By setting as a server, the connection target server (or device) and the payment terminal 165 connect a communication channel (1230), the VPN payment terminal 800 is a high-speed wireless Internet corresponding to the VAN network 100 It is possible to transmit and receive predetermined information or data with at least one server (or device) through the communication channel provided in the base virtual payment communication network.

13 is a view showing the functional configuration of the VAN company network 100 according to an embodiment of the present invention.

In more detail, FIG. 13 illustrates a preferred functional configuration for the VAN company network 100 interworking with the high-speed wireless Internet in the high-speed wireless Internet-based virtual payment communication network as shown in FIG. 1. Specifically, the VPN payment terminal After a communication channel 800 is connected to at least one connection target server (or device) through a process as shown in FIGS. 6 and / or 12 through the high-speed wireless Internet-based virtual payment communication network, the payment terminal for VPN ( 800 and a VPN server 110 for relaying packets transmitted and received between the connection target server (or device), and a security server 120 for processing security requirements defined in the VAN company network 100. It's about how. For convenience, the functional configuration in which the VPN server 110 connects the communication channel with the VPN subscriber information D / B in the communication channel connection process as shown in FIGS. 6 and / or 12 is a technical field to which the present invention pertains. In the case of those skilled in the art will be omitted because it can be easily inferred.

Those skilled in the art to which the present invention pertains may refer to the VPN server 110 modified according to the intention of the person skilled in the art and / or the security requirements defined in the VAN company network 100 with reference to FIG. And various embodiments of the security server 120 may be easily inferred, and the present invention is not limited thereto.

As shown in Figure 13 according to an embodiment of the present invention, the VPN server 110 and / or security server 120 and / or payment processing server is implemented as a separate server on the VAN company network 100 Although illustrated as being, the VPN server 110 and / or security server 120 and / or payment processing server may be implemented in a single server, if one of ordinary skill in the art to which the present invention belongs, The embodiment in which the VPN server 110 and / or the security server 120 and / or the payment processing server are implemented in one server may be easily inferred, and also intended by a person skilled in the art and / or the VAN company network ( Various embodiments of the VPN server 110 and the security server 120 that are modified in response to the security requirements defined in 100 may be easily inferred. As a result, the present invention is not limited to the case of the embodiment shown in FIG.

Referring to FIG. 13, a VPN server 110 for relaying packets transmitted and received between the VPN payment terminal 800 and the connection server (or device) is provided on the high-speed wireless Internet-based virtual payment communication network. Sends a predetermined packet to a receiver 1300 for receiving a predetermined packet from at least one VPN payment terminal 800, and at least one VPN payment terminal 800 provided in the high-speed wireless Internet-based virtual payment communication network. Read the transmission unit 1305 and at least one packet received from the VPN payment terminal 800 and distribute the packet to a predetermined connection server (or device), and / or at least one connection object Read at least one packet transmitted from the server (or device) to the payment terminal 800 for VPN and the packet is provided in the high-speed wireless Internet-based virtual payment communication network Packet minutes for dispensing a defined VPN billing terminal 800 for is characterized in that obtained by including a distributor (1315).

According to an embodiment of the present invention, the VPN server 110 is at least one or more communication with the VPN payment terminal 800 provided in the high-speed wireless Internet-based virtual payment communication network and at least one or more connection target server (or device) It is preferable to further comprise a cache unit 1310 for temporarily storing the packet.

In addition, referring to Figure 13, the security server 120 for processing the security requirements defined in the VAN company network 100, at least one or more distributed through the packet distribution unit 1315 of the VPN server 110 A transmission unit 1340 for transmitting a packet distributed to the external network other than the VAN company network 100 among the packets to the external network, a server provided inside the VAN company network 100 from the external network; And / or a receiving unit 1335 for receiving at least one or more packets received by a predetermined VPN payment terminal 800 provided in the high-speed wireless Internet-based virtual payment communication network, and a packet of the VPN server 110. Of the at least one packet distributed through the distribution 1315, the temporary storage before the transmission and reception to the external network other than the VAN company network 100, and / or of the VPN server 110 A cache unit 1320 for temporarily storing at least one packet temporarily stored in the cache unit 1310 for performing a procedure such as encryption / decryption and / or virus / malware checking, and the cache unit 1320 An encryption unit 1325 for encrypting and / or decrypting a stored packet and / or predetermined traffic data temporarily restored from the packet, and a packet temporarily stored in the cache unit 1320 and / or the packet. It is characterized in that it comprises a vaccine unit 1330 for performing the virus and / or malware scan and treatment for the predetermined traffic data to be temporarily restored.

14 is a view showing a preferred operation method of the VPN payment terminal 800 for the electronic payment processing using a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention.

In more detail, FIG. 14 illustrates a case where an electronic payment is processed by using a payment means provided in a predetermined customer-owned medium in a predetermined VPN payment terminal 800 provided in the high-speed wireless Internet-based virtual payment communication network. When security requirements corresponding to a predetermined encryption scheme are defined in the VAN company network 100, the payment terminal 165 performs end-to-end encryption and / or decryption corresponding to the security requirements to perform electronic payment processing. As a preferred embodiment for those skilled in the art to which the present invention pertains, the high-speed wireless Internet-based virtual payment communication network within the scope of not violating the core technical matters of the present invention with reference to FIG. Through the electronic payment process, it will be able to easily infer various implementation methods for operating the terminal device for VPN, The present invention is not limited by the. For example, when the security requirements defined in the VAN company network 100 do not define end-to-end encryption and / or decryption, in FIG. 14, payment processing related data (or payment approval request specialized data) is encrypted, and And / or the process of decrypting the payment processing result data (or payment approval specialized data) may be omitted.

Referring to FIG. 14, the VPN payment terminal 800 included in the high-speed wireless Internet-based virtual payment communication network periodically stores internal resources of the payment terminal 165 (eg, a resource for starting electronic payment processing at the card terminal). Monitoring to confirm whether the electronic payment processing through the high-speed wireless Internet-based virtual payment communication network is started (1400), and if the high-speed wireless Internet-based electronic payment processing is started (1405), the VPN payment terminal is a high-speed wireless Internet Receives predetermined payment information from a predetermined input device for electronic payment processing through a virtual payment communication network, and also uses the electronic payment from a customer-owned medium (eg, MS card, IC card, IC chip, etc.) from a card reader device. Predetermined payment means information for processing is read (1410).

When payment information for electronic payment processing is input as described above, and predetermined payment means information is read from a customer-owned medium, the payment terminal determines predetermined payment processing related data (or payment) including the payment information and payment means information. The authorization request specialized data) (or full payment request for electronic payment processing) (1415), and the security requirements defined in the VAN company network 100 for the payment processing related data (or payment approval request specialized data). Performing an encryption procedure for encrypting using an encryption method corresponding to the method 1420, and connecting the encrypted payment processing related data (or payment approval request specialized data) through a process as shown in FIGS. 7 and / or 12. The VAN company network 100 through the mobile terminal 1425, and the payment processing related data from the VAN company network 100 through the communication channel. Receives the settlement processing result data (or payment authorization specialized data corresponding to the payment authorization request or specialized data) Fourth 1430.

If payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received through a communication channel connected to the high-speed wireless Internet-based virtual payment communication network (1435), the The payment terminal for VPN 800 decrypts the received payment processing result data (or payment approval specialized data) in a multiplexing manner corresponding to the security requirements defined in the existing VAN company network 100, thereby providing the payment terminal for VPN ( The display device 800 outputs at least one output device (eg, a screen output device, a printing device 835, etc.) provided in the 800 (1440).

According to an embodiment of the present invention, the electronic payment process using the high-speed wireless Internet-based virtual payment communication network as described above is preferably repeated until the payment terminal 165 is terminated (1445).

15A, 15B, and 15C illustrate a preferred operation method of the VAN company network 100 for electronic payment processing using a high-speed wireless Internet-based virtual payment communication network according to an embodiment of the present invention.

In more detail, FIGS. 15A, 15B, and 15C show predetermined payment processing related data from a predetermined VPN payment terminal 800 provided in the high-speed wireless Internet-based virtual payment communication network through the high-speed wireless Internet-based virtual payment communication network. (Or payment approval request specialized data), when the payment processing related data (or payment approval request specialized data) using the VAN company network 100 for processing the electronic payment using the preferred method, Those skilled in the art to which the present invention pertains may refer to the above-described 15A, 15B, and 15C through the high-speed wireless Internet-based virtual payment communication network without departing from the essential technical matters of the present invention. During the electronic payment process, various implementation methods for operating the VAN company network 100 can be easily inferred. Will, to which the present invention is not limited. For example, when end-to-end encryption and / or decryption are not defined in the security requirements defined in the VAN company network 100, the data related to payment processing (or payment approval request specialized data) in FIGS. 15A, 15B, and 15C. ) And / or encrypting the payment processing result data (or payment approval specialized data) may be omitted. In addition, although the VAN company network 100 is separated into a VPN server 110, a security server 120, and a payment processing server in FIGS. 15A, 15B, and 15C, the servers may be provided in one server system. It will be alright.

Referring to FIG. 15A, when predetermined payment processing related data (or payment approval request specialized data) is transmitted from the VPN payment terminal 800 on the high-speed wireless Internet-based virtual payment communication network through the procedure as shown in FIG. Payment processing related data (or payment approval request specialized data) is received in the form of a packet through the high-speed wireless Internet-based virtual payment communication network to the VPN server 110 (1500), the VPN server 110 is the payment for the VPN A predetermined packet distribution target server (or apparatus) for reading a packet received from the terminal 800 (for example, by reading header information included in the packet) and finally receiving a packet received from the payment terminal 800 for VPN. Check.

If the packet distribution target server (or device) for the received packet is not the payment processing server provided in the VAN company network 100 (1504), the VPN server 110 is the packet distribution target server (or device) In step 1506, the packet is distributed and transmitted.

On the other hand, if the packet distribution target server (or device) for the received packet is a payment processing server provided in the VAN company network 100 (1504), the VPN server 110 from the high-speed wireless Internet-based virtual payment communication network A predetermined packet is received, and the received packet is cached to restore payment processing related data (or payment approval request specialized data) transmitted from the VPN payment terminal 800 (1508). Next, the VPN server 110 provides the cached payment processing related data (or payment approval request specialized data) to the security server 120 on the VAN company network 100 to cache the security server 120. In operation 1510, the security server 120 decrypts the cached payment processing related data (or payment approval request specialized data).

According to another exemplary embodiment of the present invention, when the VPN server 110 and the security server 120 are provided in one server, the caching procedure may be omitted, and the present invention is not limited thereto.

The security server 120 decrypts the cached payment processing related data (or payment approval request specialized data) according to the decryption request.

If the payment processing related data (or payment approval request specialized data) is not normally decrypted (1514), the security server 120 generates a predetermined decryption error message and provides it to the VPN server 110 (1516). The VPN server 110 generates a predetermined payment processing error message corresponding to the decryption error message and transmits the predetermined payment processing error message to the VPN payment terminal 800 through the high-speed wireless Internet-based virtual payment communication network (1518).

On the other hand, if the payment processing related data (or payment approval request specialized data) is normally decrypted (1514), the security server 120 sends the decrypted payment processing related data (or payment approval request specialized data) to the VPN server 110. Ca), and generates a predetermined decryption success message to provide to the VPN server (110) (1520).

The VPN server 110 receiving the decryption success message from the security server 120 stores the payment processing related data (or payment approval request specialized data) decrypted and cached by the security server 120 in the VAN company network 100. The distribution is transmitted to the payment processing server through (1522).

According to another exemplary embodiment of the present invention, when the VPN server 110 and the security server 120 are provided in one server, the caching procedure may be omitted. In addition, the security server 120 does not return the decrypted payment processing related data (or payment approval request specialized data) to the VPN server 110, but directly transmits the security server 120 to the payment processing server. The present invention is not limited thereto.

Referring to FIG. 15B, the payment processing related data (or payment approval request specialized data) is received to the payment processing server through the VAN company network 100 (1524), and the VAN sub is decoded and received. Read the processing-related data (or payment approval request specialized data) to check the payment target card company server and / or the document purchase bank corresponding to the payment processing-related data (or payment approval request specialized data) (1526). After transmitting the payment processing related data (or payment approval request specialized data) to the card company server, the payment processing result data (or payment approval) corresponding to the payment processing related data (or payment approval request specialized data) from the card company server. Specialized data) is awaited to be received (1528).

According to the embodiment of the present invention, the payment processing result data (or payment approval professional data) may include a payment approval result or a payment error result.

If the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server (1530), the payment processing server is the VAN company network 100 After transmitting the payment processing result data (or payment approval specialized data) to the VPN server 110 via 1532, the payment processing related data (or payment approval request specialized data) and / or payment processing result data (1534) a request is made to purchase the document to the document purchasing bank corresponding to the payment approval specialized data.

Referring to FIG. 15c, the payment approval message transmitted from the payment processing server is received by the VPN server 110 through the VAN company network 100 (1536), and the VPN server 110 is the payment processing server. The packet distribution target server (or apparatus) is identified for the packet received from the payment processing server by reading a packet received from the header (for example, by reading header information included in the packet).

If the packet distribution target server (or device) is not the VPN payment terminal 800 provided in the high-speed wireless Internet-based virtual payment communication network (1540), the VPN server 110 is the packet distribution target server (or device) In step 1542, the packet is distributed and transmitted.

On the other hand, if the packet distribution target server (or device) is a VPN payment terminal 800 provided in the high-speed wireless Internet-based virtual payment communication network (1540), the VPN server 110 through the VAN company network 100 The packet is received from the payment processing server, and the received kit is cached to restore payment processing result data (or payment approval specialized data) transmitted from the payment processing server (1544). Next, the VPN server 110 provides the cached payment processing result data (or payment approval data) to the security server 120 on the VAN company network 100 to cache the security server 120. The security server 120 requests to encrypt the cached payment processing result data (or payment approval specialized data) (1546).

According to another exemplary embodiment of the present invention, when the VPN server 110 and the security server 120 are provided in one server, the caching procedure may be omitted, and the present invention is not limited thereto.

The security server 120 encrypts the cached payment processing result data (or payment approval specialized data) according to the encryption request (1548).

If the payment processing result data (or payment approval specialized data) is normally encrypted (1550), the security server 120 transmits the decrypted payment processing result data (or payment approval specialized data) to the VPN server 110. Caching, and generates a predetermined decryption success message to provide to the VPN server (110) (1552).

The VPN server 110 receiving the decryption success message from the security server 120 stores the payment processing result data (or payment approval specialized data) encrypted and cached by the security server 120 in the high-speed wireless Internet-based virtual payment. The distribution and transmission to the VPN payment terminal 800 through a communication network (1554).

According to another exemplary embodiment of the present invention, when the VPN server 110 and the security server 120 are provided in one server, the caching procedure may be omitted. In addition, the security server 120 does not return the encrypted payment processing result data (or payment approval specialized data) to the VPN server 110, and the VPN payment terminal 800 in the security server 120. May be directly transmitted, and the present invention is not limited thereto.

16A, 16B, 16C, and 16D are diagrams illustrating a symmetric key (secret key) based encryption / decryption procedure in a virtual payment network based payment process according to an embodiment of the present invention.

FIG. 16a illustrates a preferred embodiment of encrypting and transmitting the payment processing related data (or payment approval request specialized data) in a symmetric key (or secret key) method in a payment terminal 165 provided in the virtual payment communication network. Preferably, the symmetric key (or secret key) for encryption is read from the security application module 825 (SAM) provided in the payment terminal 165 (or card terminal of the payment terminal 165).

Referring to FIG. 16A, when the data generation unit 865 of the payment terminal 165 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. The encryption processing unit 870 is provided with this (1600a), and a predetermined symmetric key (or secret key) for encrypting the payment processing related data (or payment approval request specialized data) from the security application module 825. Extraction (1605a) and encrypting the payment processing related data (or payment approval request specialized data) through the extracted symmetric key (or secret key) (1610a).

When the payment processing related data (or payment approval request specialized data) is encrypted through the symmetric key (or secret key) as described above, the communication processing unit 875 transmits the encrypted payment processing related data (or payment approval request specialized data). Generates at least one SDU / PDU from and stored in a higher layer on the communication protocol stack (1615a), and the wireless processor 880 is defined between the wireless processor 880 and the base station 165 for the communication protocol stack. By performing communication processing corresponding to the media control layer and the physical layer (1620a), the packet corresponding to the encrypted payment processing related data (or payment approval request specialized data) is transmitted through the network component on the high-speed wireless Internet. Transmit to VPN server 110.

FIG. 16B illustrates a method for decrypting the payment processing related data (or payment approval request specialized data) encrypted and received from a payment terminal 165 provided in the virtual payment communication network by a symmetric key (or secret key) method. As described above, the symmetric key (or secret key) corresponds to the security application module 825 (SAM) provided in the payment terminal 165 (or the card terminal of the payment terminal 165). It is preferable to read from the security application module 825 provided in the).

Referring to FIG. 16B, the receiving unit 1300 of the VPN server 110 may encrypt data related to payment processing (or payment approval request) from an operator network of the high-speed wireless Internet through a TCP / IP-based Internet and / or a dedicated line. Receiving a packet corresponding to a communication protocol stack including data) and restoring (or generating) payment processing related data (or payment approval request specialized data) encrypted and transmitted by the payment terminal 165 (1600b); The encryption unit 1325 is a predetermined symmetric key (or secret key) for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module 825 included in the VPN server 110. ) Is extracted (1605b), and the encrypted payment processing related data (or payment approval request specialized data) is decrypted using the extracted symmetric key (or secret key) (1610b).

When the payment processing related data (or payment approval request specialized data) encrypted through the symmetric key (or the secret key) is decrypted as described above, the encryption unit 1325 causes the payment processing related data (or payment approval request specialized data). Provides to the packet distribution unit 1315 (1615b).

FIG. 16C illustrates payment processing result data (or payment approval message) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VPN server 110 on the virtual payment communication network. As a preferred embodiment of the present invention for encrypting and transmitting data in a symmetric key (or secret key) manner, the symmetric key (or secret key) for encryption is a security application module 825 provided in the VPN server 110. It is preferable to read from.

Referring to FIG. 16C, the VPN server 110 transmits payment processing result data (or payment approval) corresponding to the payment processing related data (or payment approval request specialized data) from the payment processing server to the packet distribution unit 1315. Text data), the encryption unit 1325 is provided with this (1600c), and a predetermined symmetric key for encrypting the payment processing result data (or payment approval professional data) from the security application module 825 ( Or a secret key) (1605c), and encrypts the payment processing result data (or payment approval specialized data) through the extracted symmetric key (or secret key) (1610c).

If the payment processing result data (or payment approval specialized data) is encrypted through the symmetric key (or secret key) as described above, the transmission unit 1305 is at least from the encrypted payment processing result data (or payment approval specialized data) By generating one or more SDUs / PDUs and storing them in a higher layer on the communication protocol stack (1615c), a communication protocol stack defined between the VPN server 110 and the Internet and / or leased lines connecting the carrier network of the high-speed wireless Internet is established. A corresponding packet is generated, and the generated packet is transmitted to the payment terminal 165 through a network component on the high-speed wireless Internet.

FIG. 16D illustrates a preferred embodiment of decrypting the payment processing result data (or payment approval data) received through an encryption procedure in a payment terminal 165 provided in the virtual payment communication network using a symmetric key (or secret key) method. For example, the symmetric key (or secret key) is preferably read from the security application module 825 (SAM) provided in the payment terminal 165 (or card terminal of the payment terminal 165).

Referring to FIG. 16D, the wireless processing unit 880 of the payment terminal 165 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. (1600d), the communication processing unit 875 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted by the payment processing server from the received packet (1605d), and restores ( Alternatively, the generated payment processing result data (or payment approval specialized data) is provided to the password processing unit 870 (1610d).

The encryption processing unit 870 is a predetermined symmetric key (or secret key) for decrypting the encrypted payment processing result data (or payment approval professional data) from the security application module 825 provided in the payment terminal 165 ) Is extracted (1615d), and the encrypted payment processing result data (or payment approval specialized data) is decrypted using the extracted symmetric key (or secret key) (1620d).

When the payment processing result data (or payment approval specialized data) encrypted through the symmetric key (or secret key) is decrypted as described above, the encryption processing unit 870 reads the payment processing result data (or payment approval specialized data). The screen may be output through the screen output unit 815 (1625d-1) and / or provided to the printing unit 830 to output the print (1625d-2).

17A, 17B, 17C, and 17D illustrate public key-based encryption / decryption procedures in a virtual payment network-based payment process according to an embodiment of the present invention.

FIG. 17A illustrates a preferred embodiment of encrypting and transmitting the payment processing related data (or payment approval request specialized data) in a public key infrastructure scheme in a payment terminal 165 included in the virtual payment communication network. Public key for the VPN server 110 is preferably read from the security application module 825 (SAM) provided in the payment terminal 165 (or card terminal of the payment terminal 165).

Referring to FIG. 17A, when the data generation unit 865 of the payment terminal 165 generates predetermined payment processing-related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. The encryption processing unit 870 is provided with this (1700a), and the predetermined VPN server 110 public key for encrypting the payment processing related data (or payment approval request professional data) from the security application module 825 Extracting (1705a), and encrypting the payment processing-related data (or payment approval request specialized data) through the extracted VPN server 110 public key (1710a).

When the payment processing related data (or payment approval request specialized data) is encrypted through the VPN server 110 public key as described above, the communication processing unit 875 stores the encrypted payment processing related data (or payment approval request specialized data). Generates at least one SDU / PDU from and stored in a higher layer on the communication protocol stack (1715a), and the wireless processor 880 is defined between the wireless processor 880 and the base station 165 for the communication protocol stack. By performing a communication process corresponding to a media control layer and a physical layer (1720a), the packet corresponding to the encrypted payment processing related data (or payment approval request specialized data) is transmitted through the network component on the high-speed wireless Internet. Transmit to VPN server 110.

FIG. 17B illustrates that the VPN server 110 decrypts the payment processing related data (or payment approval request specialized data) received from the payment terminal 165 included in the virtual payment communication network in a public key infrastructure. In the preferred embodiment, the VPN server 110 private key for decrypting the encrypted payment processing related data (or payment approval request specialized data) in a public key infrastructure scheme is the payment terminal 165 (or payment terminal). In response to the security application module 825 (SAM) included in the card terminal (165), it is preferable to read from the security application module 825 provided in the VPN server 110.

Referring to FIG. 17B, the receiving unit 1300 of the VPN server 110 stores data related to payment processing (or payment approval request) encrypted through a TCP / IP-based Internet and / or a leased line from a carrier network of the high-speed wireless Internet. Receiving a packet corresponding to a communication protocol stack including data) and restoring (or generating) payment processing related data (or payment approval request specialized data) encrypted and transmitted by the payment terminal 165 (1700b). The encryption unit 1325 extracts the VPN server 110 private key for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module 825 included in the VPN server 110. In operation 1705b, the encrypted payment processing related data (or payment approval request specialized data) is decrypted through the extracted VPN server 110 private key (1710b).

As described above, when the payment processing related data (or payment approval request specialized data) encrypted through the VPN server 110 private key is decrypted, the encryption unit 1325 may perform the payment processing related data (or payment approval request specialized data). Provides to the packet distribution unit 1315 (1715b).

FIG. 17C discloses payment processing result data (or payment approval specialized data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) at the VPN server 110. As a preferred embodiment of the present invention for encrypting and transmitting in a key-based scheme, the payment terminal 165 public key for encryption is preferably read from the security application module 825 provided in the VPN server 110.

17C, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VPN server 110 to the packet distributor 1315. Or, if the payment approval professional data) is received, the encryption unit 1325 is provided with this (1700c), the predetermined security for encrypting the payment processing result data (or payment approval professional data) from the security application module 825 The payment terminal 165 extracts the public key (1705c), and encrypts the payment processing result data (or payment approval specialized data) through the extracted payment terminal 165 public key (1710c).

When the payment processing result data (or payment approval specialized data) is encrypted through the payment terminal 165 public key as described above, the transmission unit 1305 is configured to generate at least the encrypted payment processing result data (or payment approval specialized data) from the encrypted data. By generating one or more SDUs / PDUs and storing them in a higher layer on the communication protocol stack (1715c), a communication protocol stack defined between the VPN server 110 and the Internet and / or a dedicated line connecting the carrier network of the high-speed wireless Internet is created. A corresponding packet is generated, and the generated packet is transmitted to the payment terminal 165 through a network component on the high-speed wireless Internet.

FIG. 17D illustrates a public key based on payment processing result data (or payment approval specialized data) received from the VPN server 110 through the encryption process as shown in FIG. 17C in the payment terminal 165 provided in the virtual payment communication network. As a preferred embodiment of the method for decrypting in a structural manner, the payment terminal 165 private key is a security application module 825 (SAM) provided in the payment terminal 165 (or card terminal of the payment terminal 165). Is preferably read from.

Referring to FIG. 17D, the wireless processing unit 880 of the payment terminal 165 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. In operation 1700d, the communication processing unit 875 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VPN server 110 from the received packet (1705d). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit 870 (1710d).

The encryption processing unit 870 is a predetermined payment terminal 165 individuals for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module 825 provided in the payment terminal 165. The key is extracted (1715d), and the encrypted payment processing result data (or payment approval specialized data) is decrypted using the extracted payment terminal 165 private key (1720d).

As described above, when the payment processing result data (or payment approval specialized data) encrypted through the payment terminal 165 private key is decrypted, the encryption processing unit 870 reads the payment processing result data (or payment approval specialized data). The screen is output through the screen output unit 815 (1725d-1) and / or is provided to the printing unit 830 for printing and output (1725d-2).

18A, 18B, 18C, and 18D illustrate an encryption / decryption procedure using an electronic bag in a virtual payment communication network-based payment process according to an embodiment of the present invention.

18a illustrates a preferred embodiment of encrypting and transmitting the payment processing related data (or payment approval request specialized data) in an electronic envelope method in a payment terminal 165 provided in the virtual payment communication network. The VPN server 110 public key is preferably read from the security application module 825 (SAM) provided in the payment terminal 165 (or the card terminal of the payment terminal 165).

Referring to FIG. 18A, when the data generation unit 865 of the payment terminal 165 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information, The encryption processing unit 870 is provided with this (1800a), and a predetermined random secret key (Random) for encrypting the payment processing related data (or payment approval request specialized data) in a secret key (symmetric key) method A secret key is generated (1805a), and the payment processing related data (or payment approval request specialized data) is encrypted using the generated secret key (1810a).

In addition, the encryption processing unit 870 receives a predetermined VPN server 110 public key from the security application module 825 to encrypt the secret key that encrypts the payment processing related data (or payment approval request specialized data). The secret key encrypting the payment processing related data (or payment approval request specialized data) is encrypted using the VPN server 110 public key (1820a).

When the payment processing related data (or payment approval request specialized data) is encrypted with a predetermined secret key randomly generated as described above, and the secret key is encrypted through the VPN server 110 public key, the encryption processing unit 870 ) Generates transaction data associated with the payment processing related data (or payment approval request specialized data) encrypted with the secret key and the secret key encrypted with the public key of the VPN server 110 and provides the transaction data to the communication processing unit 875 (1825a). )

The communication processing unit 875 generates at least one SDU / PDU from the transaction data and stores it in a higher layer on a communication protocol stack (1830a). The wireless processing unit 880 transmits the wireless processing unit 880 to the communication protocol stack. By performing communication processing corresponding to the media control layer and the physical layer defined between the base station 165 and the base station 165 (1835a), the encrypted payment processing related data (or payment approval request specialized data) is transmitted on the high-speed wireless Internet. It transmits to the VPN server 110 through the network component.

18B is a preferred embodiment of decrypting the payment processing related data (or payment approval request specialized data) encrypted and received from the payment terminal 165 included in the virtual payment communication network in the VPN server 110 by an electronic envelope method. In the method, the VPN server 110 private key for decrypting the encrypted payment processing-related data (or payment approval request specialized data) in an electronic envelope method is the payment terminal 165 (or payment terminal 165) It is preferable to read from the security application module 825 provided in the VPN server 110 in response to the security application module (825) (SAM) provided in the card terminal end.

Referring to Figure 18b, the receiving unit 1300 of the VPN server 110 is encrypted payment processing-related data (or payment approval request full text) from the carrier network of the high-speed wireless Internet through the TCP / IP-based Internet and / or leased line Receiving a packet corresponding to a communication protocol stack including data) and restoring (or generating) payment processing related data (or payment approval request specialized data) encrypted and transmitted by the payment terminal 165 (1800b). The encryption unit 1325 extracts the VPN server 110 private key for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module 825 included in the VPN server 110. And (1805b) decrypt the secret key encrypted with the public key of the VPN server 110 through the extracted VPN server 110 private key (1810b), and the payment processing related data (or payment). By extracting the secret key for decrypting the in-person request data (1815b), and decrypting the payment processing related data (or payment approval request specialized data) using the extracted secret key (1820b), The encrypted payment processing related data (or payment approval request specialized data) is extracted (1825b).

When the payment processing related data (or payment approval request specialized data) is decrypted as described above, the encryption unit 1325 provides the payment processing related data (or payment approval request specialized data) to the packet distribution unit 1315. (1830b).

18c illustrates payment processing result data (or payment approval specialized data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VPN server 110. As a preferred method of transmitting by encrypting in an envelope method, the payment terminal 165 public key for encryption is preferably read from the security application module 825 provided in the VPN server 110.

Referring to FIG. 18C, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VPN server 110 to the packet distribution unit 1315 ( Or payment approval professional data), the encryption unit 1325 is provided with this (1800c),

A predetermined random secret key for encrypting the payment processing result data (or payment approval specialized data) by a secret key (symmetric key) method is generated (1805c), and the generated secret key is generated. In operation 1810c, the payment processing result data (or payment approval specialized data) is encrypted.

In addition, the encryption unit 1325 extracts a predetermined payment terminal 165 public key from the security application module 825 to encrypt the secret key that encrypts the payment processing result data (or payment approval specialized data). In operation 1815c, the private terminal encrypts the payment processing result data (or payment approval specialized data) using the payment terminal 165 public key (1820c).

If the payment processing result data (or payment approval specialized data) is encrypted with a predetermined secret key randomly generated as described above, and the secret key is encrypted through the payment terminal 165 public key, the encryption unit 1325 The transaction data is generated by linking the payment processing result data (or payment approval specialized data) encrypted with the secret key and the secret key encrypted with the payment terminal 165 public key and provided to the transmission unit 1305.

The transmission unit 1305 generates at least one SDU / PDU from the transaction data and stores it in an upper layer on a communication protocol stack (1825c), thereby connecting the VPN server 110 and a carrier network of high-speed wireless Internet. A packet corresponding to a communication protocol stack defined between the Internet and / or a dedicated line is generated, and the generated packet is transmitted to the payment terminal 165 through a network component on the high-speed wireless Internet.

18D illustrates an electronic envelope method of payment processing result data (or payment approval specialized data) received from the VPN server 110 through the encryption process as shown in FIG. 18C in the payment terminal 165 provided in the virtual payment communication network. In the preferred embodiment of the method for decryption, the payment terminal 165 private key from the security application module 825 (SAM) provided in the payment terminal 165 (or card terminal of the payment terminal 165). It is preferable to read.

Referring to FIG. 18D, the wireless processing unit 880 of the payment terminal 165 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. In operation 1800d, the communication processing unit 875 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VPN server 110 from the received packet (1805d). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit 870 (1810d).

The encryption processing unit 870 is a predetermined payment terminal 165 individuals for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module 825 provided in the payment terminal 165. By extracting a key (1815d) and decrypting a secret key encrypted with the payment terminal 165 public key through the extracted payment terminal 165 private key (1820d), the payment processing result data (or payment approval specialized data) Extracting the secret key for decrypting (1825d) and decrypting the payment processing result data (or payment approval specialized data) using the extracted secret key (1830d), thereby encrypting the payment processing with the secret key. The result data (or payment approval specialized data) is extracted (1835d).

When the payment processing result data (or payment approval specialized data) is decrypted as described above, the encryption processing unit 870 screens the payment processing result data (or payment approval specialized data) through the screen output unit 815 or 1840d-1 and / or the print unit 830 to output the printed image (1840d-2).

19A, 19B, 19C, 19D, 19E, 19F, and 19G illustrate an encryption / decryption procedure using digital signature and key exchange in a virtual payment network-based payment process according to an embodiment of the present invention. to be.

19A and 19B illustrate a preferred embodiment of encrypting and transmitting the payment processing related data (or payment approval request specialized data) in a key exchange method in a payment terminal 165 provided in the virtual payment communication network. The payment terminal 165 private key for encryption and the VPN server 110 public key are secured from the security application module 825 (SAM) provided in the payment terminal 165 (or card terminal of the payment terminal 165). It is preferable to read.

Referring to FIGS. 19A and 19B, the data generation unit 865 of the payment terminal 165 includes predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. Is generated, the encryption processing unit 870 is provided with this (1900a), the payment processing related data (or payment approval request specialized data) a predetermined one-way hash function (for example, the payment processing related data (or payment approval request) Regardless of the length of the full text data), a message digest including a hash code (HA 150) code of a predetermined length is generated, and the original message is confirmed through the hash code (or message digest). Or a one-way hash function (HA (sh) function) that cannot be inferred.The payment terminal 165 and the VPN server 110 use the same hash function to generate a predetermined message digest. (1905a), by encrypting the message digest with the billing terminal 165, the private key and the digital signature (1910a).

In addition, the encryption processing unit 870 generates a predetermined random secret key for encrypting the payment processing related data (or payment approval request specialized data) by a secret key (symmetric key) method, 1915a, a certificate (eg, a payment terminal 165) provided in the message digest and the security application module 825 encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal 165 private key. The certificate containing the public key) is linked and encrypted using the generated private key (1920a). In addition, the encryption processing unit 870 receives a predetermined VPN server 110 public key from the security application module 825 to encrypt the secret key that encrypts the payment processing related data (or payment approval request specialized data). The secret key encrypting the payment processing related data (or payment approval request specialized data) is encrypted using the VPN server 110 public key (1930a).

The generated private key is linked by copying a certificate including the message digest encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal 165 private key and the payment terminal 165 public key. When the secret key is encrypted through the VPN server 110 public key, the encryption processing unit 870 encrypts the payment processing related data (or payment approval request specialized data) and the secret key through the secret key. Generating a predetermined transaction data by associating a copy of a certificate including the message digest encrypted with the payment terminal 165 private key and the payment terminal 165 public key with the secret key encrypted with the VPN server 110 public key, The generated transaction data is provided to the communication processor 875 (1935a).

The communication processing unit 875 generates at least one SDU / PDU from the transaction data and stores it in a higher layer on a communication protocol stack (1940a), and the wireless processing unit 880 transmits the radio processing unit 880 to the communication protocol stack. By performing communication processing corresponding to the media control layer and the physical layer defined between the base station 165 and the base station 165 (1945a), the encrypted payment processing related data (or payment approval request specialized data) is transmitted on the high-speed wireless Internet. It transmits to the VPN server 110 through the network component.

19C and 19D illustrate the payment processing related data (or payment approval request specialized data) encrypted and received from the payment terminal 165 included in the virtual payment communication network in the VPN server 110 in a key exchange method. As a preferred embodiment of the method for decrypting, the VPN server 110 private key and the payment terminal 165 public key for decrypting the encrypted payment processing related data (or payment approval request specialized data) by a key exchange method are used for the payment. Read from the security application module 825 provided in the VPN server 110 corresponding to the security application module 825 (SAM) provided in the terminal 165 (or card terminal of the payment terminal 165). desirable.

Referring to FIGS. 19C and 19D, the receiving unit 1300 of the VPN server 110 encrypts payment processing related data (or payment) through the TCP / IP-based Internet and / or a dedicated line from the carrier network of the high-speed wireless Internet. Receives a packet corresponding to a communication protocol stack including an authorization request specialized data, and restores (or generates) transaction data encrypted and transmitted by the payment terminal 165 (1900b), and restores (or generates) Transaction data is provided to the encryption unit 1325 (1905b), wherein the transaction data is encrypted with the payment processing related data (or payment approval request specialized data) encrypted with the secret key and the payment terminal 165 private key. A copy of the certificate including a message digest and the payment terminal 165 public key, and the secret key encrypted with the VPN server 110 public key. It is preferable to make.

The encryption unit 1325 extracts the VPN server 110 private key from the security application module 825 provided in the VPN server 110 to decrypt the secret key encrypted with the VPN server 110 public key. 1910b, by decrypting the secret key through the VPN server 110 private key 1115b, the message digest encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal 165 private key. And the secret key for decrypting a copy of the certificate including the payment terminal 165 public key (1920b).

When the secret key is extracted as described above, the encryption unit 1325 uses the extracted secret key to encrypt the message with the payment processing related data (or payment approval request specialized data) and the payment terminal 165 private key. By decrypting a copy of the certificate including the digest and the payment terminal 165 public key (1925b), encrypting the payment processing related data (or payment approval request specialized data) encrypted with the secret key and the payment terminal 165 private key. A copy of the certificate including the message digest and the payment terminal 165 public key is extracted.

In addition, the encryption unit 1325 decodes the message digest encrypted with the payment terminal 165 private key through the payment terminal 165 public key (1930b), so that the payment terminal 165 relates to the payment processing. Extracts the message digest generated and transmitted from the data (or payment approval request specialized data) (1935b), and transmits the received payment processing related data (or payment approval request specialized data) to the same one-way hash function as the payment terminal 165. After generating a predetermined message digest (1940b), and comparing the generated message digest with the decrypted message digest (1945b), the validity of the received payment processing related data (or payment approval request specialized data) Check.

If the generated message digest and the decrypted message digest match (1950b), the encryption unit 1325 provides the payment processing related data (or payment approval request specialized data) to the packet distribution unit 1315. (1955b).

FIG. 19E shows the payment processing result data (or payment approval specialized data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VPN server 110. As a preferred embodiment of the method for transmitting by encrypting the exchange, the payment terminal 165 public key and the VPN server 110 private key for encryption from the security application module 825 provided in the VPN server 110 It is preferable to read.

Referring to FIG. 19E, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VPN server 110 to the packet distributor 1315. Or, if the payment approval professional data is received, the encryption unit 1325 is provided with this (1900c), the payment processing result data (or payment approval professional data) a predetermined one-way hash function (for example, the payment processing result data) Regardless of the length of the payment approval data, a message digest including a hash code HA (150) code of a certain length is generated, and the original message is generated through the hash code (or message digest). One-way hash function (HA (150) sh Function) that cannot confirm (or infer) the message.The predetermined message die is transmitted through the VPN server 110 and the payment terminal 165 using the same hash function. Generate a text (1905c) and digitally sign (1910c) the message digest by encrypting it with the VPN server 110 private key.

In addition, the encryption unit 1325 generates a predetermined random secret key for encrypting the payment processing result data (or payment approval specialized data) by a secret key (symmetric key) method ( 1915c) the secret generated by linking the payment processing result data (or payment approval specialized data) with a copy of a certificate including the message digest encrypted with the VPN server 110 private key and the VPN server 110 public key Encrypt with the key (1920c).

In addition, the encryption unit 1325 extracts a predetermined payment terminal 165 public key from the security application module 825 to encrypt the secret key that encrypts the payment processing result data (or payment approval specialized data). In operation 1925c, the secret key used for encryption is encrypted using the payment terminal 165 public key (1930c).

The payment processing result data (or payment approval data) and the copy of the certificate including the message digest encrypted with the VPN server 110 private key and the VPN server 110 public key are linked to each other through the generated secret key. When the secret key is encrypted using the payment terminal 165 public key, the encryption unit 1325 may encrypt the payment processing result data (or payment approval specialized data) and the VPN server encrypted using the secret key. The transmission unit generates predetermined transaction data by linking a copy of a certificate including the message digest encrypted with the private key and the public key encrypted with the VPN server 110 with the private key encrypted with the payment terminal 165 public key. Provided as (1305).

The transmission unit 1305 generates at least one SDU / PDU from the transaction data and stores it in an upper layer on a communication protocol stack (1935c), thereby connecting the VPN server 110 with a carrier network of high-speed wireless Internet. And / or generate a packet corresponding to a communication protocol stack defined between dedicated lines, and transmit the generated packet to the payment terminal 165 through a network component on the high-speed wireless Internet.

19F and 19G illustrate the payment processing result data (or payment approval specialized data) received from the VPN server 110 through the encryption procedure as shown in FIG. 19E in the payment terminal 165 provided in the virtual payment communication network. As a preferred embodiment of the method for decrypting by a key exchange method, the payment terminal 165 private key is a security application module 825 provided in the payment terminal 165 (or card terminal of the payment terminal 165) ( Read from SAM).

19F and 19G, the wireless processing unit 880 of the payment terminal 165 includes a packet corresponding to a communication protocol stack including payment processing result data (or payment approval specialized data) encrypted from the high-speed wireless Internet. 1900d, the communication processing unit 875 transmits the transaction data (e.g., the payment processing result data encrypted with a predetermined secret key (or payment approval) encrypted by the VPN server 110 from the received packet. Specialized data) and a copy of the certificate including the message digest encrypted with the VPN server 110 private key and the public key encrypted with the VPN server 110, and the secret key encrypted with the payment terminal 165 public key). (Or create) 1905d, and provide the restored (or generated) transaction data to the cryptographic processing unit 870 (1910d).

The encryption processing unit 870 decrypts a predetermined payment terminal 165 private key for decrypting a secret key encrypted with the payment terminal 165 public key from the security application module 825 included in the payment terminal 165. Extracting (1915d) and decrypting the secret key encrypted with the payment terminal 165 public key (1920d) with the payment terminal 165 private key, the payment processing result data (or payment approval specialized data) and the VPN server ( 110, extracting the secret key for decrypting a copy of the certificate including the message digest encrypted with the private key and the public key of the VPN server 110 (1925d),

When the secret key is extracted as described above, the encryption processing unit 870 encrypts the message digest encrypted with the payment processing result data (or payment approval specialized data) and the VPN server 110 private key using the extracted secret key. And decrypting a copy of the certificate including the VPN server 110 public key (1930d), thereby encrypting the payment processing result data (or payment approval specialized data) encrypted with the secret key and the VPN server 110 private key. A copy of the certificate including the message digest and the VPN server 110 public key is extracted.

The encryption processing unit 870 decrypts the message digest encrypted with the VPN server 110 private key through the VPN server 110 public key (1935d), and the encryption processing unit 1325 receives the payment processing result data ( Alternatively, the message digest generated and transmitted from the payment approval text data) is extracted (1940d), and the received payment processing result data (or payment approval text data) is predetermined through the same one-way hash function as the encryption unit 1325. After generating a message digest (1945d), the generated message digest is compared with the decrypted message digest (1950d) to verify the validity of the received payment processing result data (or payment approval specialized data).

If the generated message digest coincides with the decrypted message digest (1955d), the encryption processing unit 870 causes the encryption processing unit 870 to display the payment processing result data (or payment approval specialized data) on the screen output unit. The screen is output through the screen 815 (1960d-1) and / or provided to the printing unit 830 to be output (1960d-1).

According to the present invention, the high-speed wireless Internet satisfies the closure of the conventional payment network between the affiliated store terminal (or card payment terminal device) located in the high-speed wireless Internet and a predetermined payment processing server provided in the VAN company network. There is an advantage to provide a base electronic payment processing system.

According to the present invention, there is an advantage of providing a high-speed wireless Internet-based electronic payment processing system that satisfies high end-to-end security through encryption / decryption between the merchant terminal (or card payment terminal device) and the VAN company network.

Claims (16)

In the payment processing system using a predetermined virtual private communication network formed by leasing a high-speed wireless Internet communication network, A payment terminal for generating predetermined payment related data (or payment approval request specialized data) and then transmitting at least one or more packets including the payment related data (or payment approval request specialized data) to the high speed wireless Internet communication network; A high speed wireless internet communication network for transmitting at least one packet transmitted by the payment terminal to a virtual private network (VPN) server located in the virtual private communication network; A VPN server for restoring the payment related data (or payment approval request specialized data) after receiving the at least one packet, and providing the restored payment related data (or payment approval request specialized data) to a payment processing server; And A virtual private network through a high-speed wireless internet network lease, comprising: a payment processing server performing a predetermined payment processing procedure in connection with a payment approval server corresponding to the payment related data (or payment approval request specialized data). Payment processing system using a communication network. The method of claim 1, The payment processing server, After receiving predetermined payment approval data corresponding to the payment related data (or payment approval request specialized data) from the payment approval server, the predetermined payment approval specialized data corresponding to the payment approval data is provided to the VPN server. Characterized in that, The VPN server, And transmitting at least one packet including the payment approval specialized data to the high speed wireless internet communication network. The high speed wireless Internet communication network, At least one packet transmitted by the VPN server is characterized in that for transmitting to the payment terminal, The payment terminal, After the at least one packet is received, the payment approval text data is restored, and the payment approval text data is output through a predetermined screen output device and / or a printing device. Payment processing system using a virtual private communication network. The method according to claim 1 or 2, wherein the payment related data (or payment approval request specialized data) and / or payment approval specialized data, A payment processing system using a virtual private communication network through a high-speed wireless Internet network lease, characterized in that the encryption process by a predetermined encryption algorithm. The method according to claim 1 or 2, Payment processing using a virtual private communication network through a high-speed wireless Internet network lease characterized in that it further comprises a security server for decrypting the payment related data (or payment approval request specialized data) and encrypting the payment approval professional data system. The method according to claim 1 or 2, Payment processing system using a virtual private communication network through a high-speed wireless Internet network lease characterized in that it further comprises a security server for verifying the security of the payment related data (or payment approval request professional data) and / or payment approval professional data . The method according to claim 1 or 2, wherein the VPN server and the payment processing server, A payment processing system using a virtual private communication network through a high-speed wireless Internet network lease, characterized in that located in a value-added network (VAN). The method of claim 1 or 2, wherein the VPN server, the security server and the payment processing server, Consists of a single server, or Payment processing system using a virtual private communication network through a high-speed wireless Internet communication network lease, characterized in that consisting of an independent server. In the payment processing system using a predetermined virtual private communication network formed by leasing a high-speed wireless Internet communication network, After generating predetermined payment related data (or payment approval request specialized data), encrypting according to a predetermined encryption method, and at least one packet containing the encrypted payment related data (or payment approval request specialized data) A payment terminal for transmitting to the high speed wireless internet communication network; A high speed wireless internet communication network for transmitting at least one packet transmitted by the payment terminal to a virtual private network (VPN) server located in the virtual private communication network; After receiving the at least one packet, the encrypted payment related data (or payment approval request specialized data) is restored, and the restored payment related data (or payment approval request specialized data) is associated with a predetermined security server. After decryption processing, at least one packet including the complexed payment related data (or payment approval request specialized data) or the complexed payment related data (or payment approval request specialized data) is provided to a payment processing server. VPN server; And A virtual private network through a high-speed wireless internet network lease, comprising: a payment processing server performing a predetermined payment processing procedure in connection with a payment approval server corresponding to the payment related data (or payment approval request specialized data). Payment processing system using a communication network. The method of claim 8, The payment processing server, After receiving predetermined payment approval data corresponding to the payment related data (or payment approval request specialized data) from the payment approval server, the predetermined payment approval specialized data or the payment approval specialized data corresponding to the payment approval data is received. Characterized in that to provide at least one packet to the VPN server, The VPN server, Encrypting the payment approval specialized data in connection with the security server, and then transmitting at least one or more packets including the encrypted payment approval specialized data to the high speed wireless internet communication network, The high speed wireless Internet communication network, At least one packet transmitted by the VPN server is characterized in that for transmitting to the payment terminal, The payment terminal, After receiving the at least one packet, restore the encrypted payment approval message data, decrypt the encrypted payment approval message data, and output through a predetermined screen output device and / or a printing device. Payment processing system using a virtual private communication network through a high-speed wireless Internet network lease. The method of claim 8 or 9, wherein the security server, And verifying the safety of the payment related data (or payment approval request specialized data) and / or payment approval specialized data. 10. The payment processing system using a virtual private communication network using a high speed wireless internet network lease. The method of claim 8 or 9, wherein the VPN server, the security server and the payment processing server, A payment processing system using a virtual private communication network through a high-speed wireless Internet network lease, characterized in that located in a value-added network (VAN). The method of claim 8 or 9, wherein the VPN server, the security server and the payment processing server, Consists of a single server, or Payment processing system using a virtual private communication network through a high-speed wireless Internet communication network lease, characterized in that consisting of an independent server. Packet receiving means for receiving predetermined payment related data (or payment approval request specialized data) packet transmitted from a payment terminal through a high speed wireless Internet communication network; Security processing means for decrypting when the payment related data (or payment approval request specialized data) is encrypted; And And a payment processing means for performing a predetermined payment processing procedure in connection with a payment approval server corresponding to the decrypted payment related data (or payment approval request specialized data). Payment processing system using a virtual private communication network. The method of claim 13, The payment processing means receives predetermined payment approval data corresponding to the payment related data (or payment approval request specialized data) from the payment approval server, and then generates predetermined payment approval specialized data corresponding to the payment approval data. And, if the security processing means for processing the payment approval professional data, And a packet transmission means for transmitting the encrypted payment approval data packet to the high speed wireless internet communication network. The method of claim 13 or 14, wherein each of the means, A payment processing system using a virtual private communication network through a high-speed wireless Internet network lease, characterized in that located in a value-added network (VAN). The method of claim 13 or 14, wherein each of the means, Located on a single server, or Payment processing system using a virtual private communication network through a high-speed wireless Internet network rental, characterized in that located in a plurality of servers.

Images