KR20080082567A - Method for processing security of card payment by using mobile internet communication network and recording medium - Google Patents

Abstract

A method for processing security of card payment with the mobile Internet network and a recording medium thereof are provided to keep high security between a payment terminal and a VAN(Value Added Network) server placed in the vulnerable high speed mobile Internet when the high speed mobile Internet is used for electronic payment. A payment terminal generates payment data and a private key, and the payment terminal encrypts the payment data with the private key. The payment terminal extracts a VAN server public key from a terminal security module. The payment terminal encrypts the random private key with the VAN server public key(835). The payment terminal stacks the encrypted payment data/private key to an upper layer of a mobile Internet protocol stack. The payment terminal adds mobile Internet-based MAC(Media Access Control)/physical layers on the mobile Internet protocol stack, and transmits the mobile Internet protocol stack to a VAN server through an MSC(Mobile Switching Center)(865). The VAN server restores the encrypted payment data/private key from an Internet protocol stack converted in the MSC. The VAN server extracts a VAN server private key from a server security module. The VAN server decrypts the encrypted private key with the VAN server private key. The VAN server decrypts the encrypted payment data with the decrypted private key.

Description

Method for processing card payment security using portable internet communication network and recording medium therefor {Method for Processing Security of Card Payment by Using Mobile Internet Communication Network and Recording Medium}

1 is a diagram showing a high-speed wireless Internet system configuration according to an embodiment of the present invention.

2 is a diagram illustrating subscriber information generated and managed in a PAR on a high-speed wireless Internet according to an embodiment of the present invention.

3A and 3B illustrate a communication path between a payment terminal and a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

4A, 4B, and 4C are diagrams showing a preferred functional configuration of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

5A, 5B, and 5C illustrate a preferred structure of a communication protocol stack of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

6 is a view showing a preferred structure of the wireless processing unit of the payment terminal according to an embodiment of the present invention.

7 is a diagram illustrating a VAN server function configuration for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

8 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

9 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a symmetric key (or secret key) method according to an embodiment of the present invention.

10 is a diagram illustrating a payment processing process of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

11 is a diagram illustrating a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received at a VAN server by a symmetric key (or secret key) method according to an embodiment of the present invention.

12 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in a symmetric key (or secret key) method in a VAN server according to an embodiment of the present invention.

13 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

14 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by a payment terminal according to an embodiment of the present invention by a symmetric key (or secret key) method.

15 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 16 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a public key based structure according to an embodiment of the present invention.

FIG. 17 is a diagram illustrating a payment processing process of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 18 illustrates a method for decrypting payment processing related data (or payment approval request specialized data) encrypted and received by a VAN server according to an embodiment of the present invention using a public key infrastructure.

FIG. 19 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a public key infrastructure structure in a VAN server according to an embodiment of the present invention.

20 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 21 illustrates a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by a payment terminal according to an embodiment of the present invention using a public key infrastructure.

22 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 23 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in an electronic envelope method according to an embodiment of the present invention.

24 is a diagram illustrating a payment processing procedure of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 25 illustrates a method for decrypting payment processing related data (or payment approval request specialized data) encrypted and received by a VAN server according to an embodiment of the present invention by an electronic envelope method.

FIG. 26 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in an electronic envelope method in a VAN server according to an embodiment of the present invention.

27 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 28 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by a payment terminal according to an embodiment of the present invention by an electronic envelope method.

29 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

30A and 30B illustrate a method of encrypting and transmitting payment processing related data (or payment approval request specialized data) in an electronic signature and key exchange method according to an embodiment of the present invention.

31 is a diagram illustrating a payment processing procedure of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

32A and 32B illustrate a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received by a VAN server according to an embodiment of the present invention using an electronic signature and a key exchange method.

33 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a digital signature and a key exchange method in a VAN server according to an embodiment of the present invention.

34 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

35A and 35B illustrate a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received at a payment terminal according to an embodiment of the present invention by an electronic signature and a key exchange method.

<Description of main parts of drawing>

100: operator network 105: VAN server

110: Authentication, Authorization and Accounting (AAA) Server

115: FA (Foreign Agent)

120: HA (Home Agent)

125: management server (Network Management System)

130: packet access router

135: base station

140: payment terminal

The present invention comprises the steps of generating payment processing related data (payment approval request specialized data) in the payment terminal, generating a predetermined random secret key in the payment terminal, and the payment via the random secret key in the payment terminal; Encrypting processing related data (payment approval request specialized data); extracting a VAN server public key from a terminal-side security application module at the payment terminal; and converting the random secret key into the VAN server public key at the payment terminal. Encrypting, concatenating the encrypted payment processing related data (payment approval request specialized data) and a random secret key in the payment terminal and storing the encrypted secret key in an upper layer of the portable internet protocol stack; Portable internet protocol stack containing payment processing related data (payment approval request data) and random secret key Adding the portable Internet based MAC layer and the PHY layer to the base station on the portable Internet communication network, removing the portable Internet based MAC layer and the PHY layer from the portable Internet protocol stack at the base station on the portable Internet communication network, Changing the internet protocol stack to the internet protocol stack, and then transmitting the changed internet protocol stack to the VAN server through a communication network, receiving the internet protocol stack from the VAN server, and encrypting payment data (payment authorization request). Recovering the private key of the VAN server from a predetermined server-side security application module in the VAN server, and extracting the private key of the VAN server from the VAN server. Decrypting the random secret key and decrypting the VAN server Decrypting the payment processing related data (payment approval request specialized data) encrypted through the encrypted random secret key and using the decrypted payment processing related data (payment approval request specialized data) at the VAN server. It relates to a card payment security processing method using a portable Internet communication network comprising the step of performing a procedure.

A predetermined payment means is provided in a media including a present strip card and / or an integrated circuit (IC) card and / or an IC chip mounted on or detached from a predetermined wireless terminal. Electronic payment system for payment processing using the payment means provided in the medium has been popularized.

The electronic payment system is a user-owned medium having at least one valid payment means (e.g. MS card, IC card, IC chip, etc.), and recognizes the medium and reads the valid payment means information from the medium is predefined It comprises a merchant payment terminal for performing a payment processing procedure, a payment server for approving the payment processing for the payment means, and a payment network connecting the payment terminal and the payment server.

The conventional payment network constituting the electronic payment system includes a Value Added Network (VAN) that leases a wired backbone network and / or uses a high-cost leased line as a closed network. The payment network using the wired backbone network and / or the leased line further includes a circuit switched mobile communication network and / or a packet switched wireless data communication network.

Recently, due to the need for high-speed wireless data communication, high-speed wireless Internet corresponding to the IEEE 802.16 series standard has been developed, thereby including the high-speed wireless Internet in a wide range of payment networks for providing the electronic payment system. It is expected to be.

Referring to the IEEE 802.16 series standard, the high-speed wireless Internet system accesses the high-speed wireless Internet by using a privacy key manager (PKM) message in a medium access control (MAC) layer based on an X.509 certificate. The authority for the wireless terminal is verified, and the verified wireless terminal can be initially connected to the high speed wireless Internet system.

However, the security system is limited to a wireless section, the wired section of the high-speed wireless Internet is characterized in that it consists of an open network directly connected to the conventional Internet (Internet), whereby the high-speed wireless Internet of the electronic payment system When used as a payment network, serious security problems are exposed to hacking such as sniffing and spoofing.

An object of the present invention is to generate a payment processing related data (payment approval request specialized data) at a payment terminal, generating a predetermined random secret key at the payment terminal, and generating the random secret key at the payment terminal. Encrypting the payment processing related data (payment approval request specialized data), extracting a VAN server public key from a terminal-side security application module at the payment terminal, and converting the random secret key from the payment terminal to the VAN. Encrypting with a server public key, concatenating the encrypted payment processing-related data (payment authorization request data) and a random secret key in the payment terminal and storing the encrypted secret key in an upper layer of the portable Internet protocol stack; A mobile internet protocol storing the encrypted payment processing related data (payment authorization request data) and a random secret key Adding a portable internet based MAC layer and a PHY layer to a call stack and transmitting the same to a base station on the portable internet communication network; removing the portable internet based MAC layer and the PHY layer from the portable internet protocol stack at the base station on the portable internet communication network; Changing the portable internet protocol stack to an internet protocol stack, and then transmitting the changed internet protocol stack to a VAN server through a communication network, receiving the internet protocol stack from the VAN server, and encrypting data related to encrypted payment processing ( Restoring a payment approval request specialized data) and a random secret key; extracting a private key of the VAN server from a predetermined server-side security application module in the VAN server; and extracting an individual of the VAN server extracted from the VAN server. Decrypting the random secret key through a key; Decrypting the payment processing related data (payment approval request specialized data) encrypted through the decrypted random secret key; and using the decrypted payment processing related data (payment approval request specialized data) by the VAN server It provides a card payment security processing method using a portable Internet communication network comprising the step of performing a processing procedure.

 A card payment security processing method using a portable Internet communication network according to the present invention comprises the steps of: generating payment processing related data (payment authorization request data) at a payment terminal; generating a predetermined random secret key at the payment terminal; Encrypting the payment processing related data (payment approval request specialized data) through the random secret key at the payment terminal; extracting a VAN server public key from the terminal-side security application module at the payment terminal; Encrypting the random secret key with the VAN server public key at a payment terminal, and connecting the encrypted payment processing related data (payment approval request specialized data) and a random secret key at the payment terminal to a higher layer of the portable Internet protocol stack And storing the encrypted payment processing-related data in the payment terminal (before the payment approval request). Adding a portable Internet based MAC layer and a PHY layer to a portable Internet protocol stack in which a door data) and a random secret key are stored, and transmitting the same to the base station on the portable Internet communication network. Removing the portable internet based MAC layer and the PHY layer, changing the portable internet protocol stack to an internet protocol stack, and then transmitting the changed internet protocol stack to a VAN server through a communication network; Restoring encrypted payment processing-related data (payment approval request specialized data) and random secret key after receiving the; and extracting the private key of the VAN server from a server-side security application module in the VAN server. And, through the private key of the extracted VAN server from the VAN server Decrypting an existing random secret key and decrypting the payment processing related data (payment approval request specialized data) encrypted through the random secret key decrypted by the VAN server, and the decrypted payment processing related data by the VAN server. It comprises a step of performing a predetermined payment processing procedure using (Payment approval request specialized data).

In addition, performing a predetermined payment processing procedure using the decrypted payment processing related data (payment approval request specialized data) in the VAN server, the payment processing related data (payment approval request) from the card company server in the VAN server. Specialized payment data); receiving payment approval data corresponding to the payment authorization data; generating a predetermined random secret key in the VAN server; and payment approval corresponding to the payment approval data through the random secret key in the VAN server. Encrypting the specialized data; extracting a public key of the payment terminal from a server-side security application module at the VAN server; encrypting the random secret key with the public key of the payment terminal at the VAN server; The VAN server associates the encrypted payment approval data with the random secret key to the upper layer of the internet protocol stack. And transmitting to the base station on the portable internet communication network, changing the internet protocol stack to the portable internet protocol stack at the base station on the portable internet communication network, and adding the portable internet based MAC layer and the PHY layer to the changed portable internet protocol stack. Transmitting to the payment terminal, receiving the portable internet protocol stack at the payment terminal, restoring the encrypted payment approval data and a random secret key, and receiving the security terminal from the terminal security application module at the payment terminal. Extracting a private key of a payment terminal; decrypting and reading the random secret key through the payment terminal private key at the payment terminal; and accepting the encrypted payment through the random secret key at the payment terminal. Decrypting the specialized data; By a specialized data decrypted payment authorization, comprising the step of outputting through a predetermined screen output apparatus and / or printing apparatus is characterized in that formed.

The present invention includes a computer-readable recording medium characterized by recording a program for executing the card payment security processing method using the portable Internet communication network described above.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be based on the contents throughout the present title.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also omitted as described above The relationship between the components and the components added for the present invention will also be clearly understood.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram showing a high-speed wireless Internet system configuration according to an embodiment of the present invention.

More specifically, Figure 1 is a 2.3GHz high-speed wireless Internet network based on HPi (High-Speed Portable Internet) that provides high-speed wireless access technology including mobility of 60 km / h or more and a transmission speed of 1 Mbps.

The high-speed wireless Internet system of the 2.3 GHz frequency band is a cellular network configuration using an Orthogonal Frequency Division Multiple Access (OFDMA) / Time Division Duplex (TDD) scheme and a network configuration of IP-based wireless data services. It can effectively adapt to downlink asymmetric transmission characteristics, support handoff to ensure cell-to-cell mobility without interruption of service, dynamically or statically assign IP to handheld terminals, and make system access for unauthorized users more efficient. It guarantees the quality of service against delay and packet loss, which is suitable for high speed transmission of various types of IP-based packet data such as streaming video, FTP, mail, chat, etc. provided by wired internet. Including features.

Referring to FIG. 1, the high speed wireless Internet system includes at least one payment terminal 140 (eg, an access terminal (AT) or a portable subscriber station (PSS)) and a base station 135 (eg, supporting high speed wireless Internet). A service provider network (100) connecting the access point (AP) or radio access station (RAS), a packet access router (PAR), and at least one or more PARs (130). It is done. In addition, the operator network 100 includes a home agent (HA) 120 for mobility of IP to the payment terminal 140 and an authentication, authorization and accounting (AAA) server 110 for authentication and billing of a user. ), And a management server 125 and a foreign agent (FA) 115 that interoperates with an external wireless network, at least according to the operator's intention and / or additional service type. It will be possible for more than one component to be added.

The payment terminal 140 is an endpoint of a wireless channel in the high-speed wireless Internet system, and communicates with the base station 135 in an OFDMA manner, the wireless channel transmission and reception function, MAC processing function, handover function, user authentication and encryption function, Performs radio link control management.

The base station 135 performs wired / wireless channel conversion function to transfer information (or data) received from the payment terminal 140 to the PAR 130 or vice versa. Converts them into OFDMA-based radio signals and delivers them to the payment terminal 140, packet retransmission function for error-free packet transmission and reception, packet scheduling and radio bandwidth allocation function for efficient operation of radio resources, and lanes. It performs connection control, handover control, and PAR 130 access function related to a ranging function, packet call connection establishment, maintenance, and release.

The PAR 130 is connected to and manages a plurality of base stations 135 and performs a handover control function to ensure high-speed mobility in the PAR 130. To this end, the base station 135 and the PAR 130 is connected based on the IP protocol, and is preferably configured based on a gigabit Ethernet switch for high-speed packet transmission.

In addition, the high-speed wireless Internet system is a Uh interface between the payment terminal 140 and the base station 135, the Ah interface between the base station 135 and the PAR 130 to provide high-speed wireless communication, and the PAR 130 and A Ph interface is provided between the PAR 130, and an Ih interface is provided between the PAR 130 and the AAA and the HA 120 of the operator network 100.

The Uh interface provided between the payment terminal 140 and the base station 135 conforms to the physical layer (PHYsical) and media access control (MAC) standards of HPi, and the physical layer and the MAC standard are LOS. (Line Of Sight) is based on the 2.3GHz band having a non-guaranteed multipath channel environment, and provides mobility based on the wireless access standard of the IEEE 802.16 series.

According to an embodiment of the present invention, the physical layer standard of the Uh interface includes all items corresponding to Orthogonal Frequency Division Multiple Access (OFDMA) in the IEEE802.16 standard, and the changed parts of the IEEE 802.16 frame structure, uplink And OFDMA subcarrier allocation and channel coding for downlink. Additional additions include Transmit / Receive Transition Gap (TGT), Receive / Transmit Transition Gap (RTG), and RF parameters to accommodate a maximum radius of 1km. In addition, the MAC standard is optimized for the OFDMA PHY. The ranging and bandwidth request procedures are modified to fit the OFDMA PHY, and a handover function for mobility support is added. In addition, a sleep mode function for reducing power consumption of the terminal and a mechanism for checking a communication interruption state and recovering resources allocated in case of a disconnection have been added.

The Ah interface between the base station 135 and the PAR 130 uses an Access Network Application PAR (130) t (ANAP) protocol that defines control messages for smooth communication between the base station 135 and the PAR 130. In addition, the Ph interface between the PAR 130 and the PAR 130 is a PPAP (PAR 130-PAR 130 Application PAR 130) protocol defining control messages for smooth communication between the PAR 130. This is used.

The standard for the Ih interface between the PAR 130 and the AAA is based on an IETF Diameter Base protocol, and also refers to the IETF Diameter MIP Application and the IETF Diameter Extensible Authentication Protocol (EAP). In addition, the standard for the Ih interface between the PAR 130 and the HA 120 is based on MIP (Mobile IP) of IETF RFC 3344, MIP NAI (Network Access Identification) extension, MIP CHA (120) llenge / It adds response extension, AAA Registration Key extension, MIP extension for AAA NAI, and MIP extension for Reverse Tunneling.

According to an embodiment of the present invention, an integrated payment terminal 140 having a built-in OFDMA-based wireless access function in a predetermined card terminal to perform high-speed wireless Internet-based electronic payment processing, a predetermined card terminal and the OFDMA-based wireless access Modular payment terminal 140 is connected to a wireless terminal having a function to perform a high-speed wireless Internet-based electronic payment processing, interlocked payment for performing the electronic payment processing in conjunction with a predetermined card terminal and an OFDMA-based wireless terminal It is preferable to include at least one terminal 140, the preferred embodiment of the payment terminal 140 will be described in detail with reference to Figures 4a, 4b and 4c.

The payment terminal 140 is connected to a predetermined value added network (VAN) server through a high-speed wireless Internet system including at least one of a predetermined base station 135 and a PAR 130. The server 105 is preferably connected with at least one card company server to perform the electronic payment approval procedure. A preferred embodiment of a communication path between the payment terminal 140 and the VAN server 105 for performing the electronic payment process based on the high speed wireless Internet will be described in detail with reference to FIGS. 3A and 3B.

According to the exemplary embodiment of the present invention, the VAN server 105 may be directly connected to the high-speed wireless Internet through a predetermined dedicated line, and / or connected through the Internet, and the present invention is not limited thereto. No.

2 is a diagram illustrating subscriber information generated and managed in the PAR 130 on the high-speed wireless Internet according to an embodiment of the present invention.

More specifically, Figure 2 shows at least one wireless communication service according to quality of service (QoS) and / or traffic rate for at least one payment terminal 140 accessing the high speed wireless internet for a predetermined electronic payment process. It illustrates a preferred implementation method for the desired subscriber information stored and managed in the PAR 130 including a policy for providing a.

Referring to FIG. 2, the subscriber information includes predetermined subscriber profile information and at least one service flow information. When the payment terminal 140 accesses the high-speed wireless Internet, the AAA server 110 is provided. Obtained from the, the service flow information is generated by the PAR 130 when a service request via the high-speed wireless Internet in the payment terminal 140.

The subscriber profile item includes a context ID which is a unique identifier between the base station 135 and the PAR 130, IP address information indicating an internet address of the payment terminal 140, and hardware recognition of the payment terminal 140. A Message Authentication Code (MAC) address, which is an address, the number of flows serviced to the payment terminal 140, the current service state of the payment terminal 140, and the service level provided to the payment terminal 140. The number, service class name, subscriber name, address type serviced by the payment terminal 140, and a cell ID of a place where the payment terminal 140 is located, the service flow information is preferably included. Information required for providing at least one service to a given payment terminal 140, wherein the service flow item is a unique expression between the base station 135 and the PAR 130 Consisting of a web context ID, a flow ID that uniquely identifies a service flow, a service class name, a quality of service (QoS) type, a maximum sustained traffic rate, a maximum traffic burst, a minimum reserved traffic rate, a flow schedule type, and allowed jitter. desirable.

According to the method of the present invention, the subscriber profile information is transmitted to the subscriber (or payment terminal 140) accessing the high speed wireless Internet from the AAA server 110 when the payment terminal 140 accesses the high speed wireless internet. After the authentication is completed, it is preferable to be provided to the PAR 130 from the AAA server 110, and then to the PAR 130 until the service for the subscriber (or payment terminal 140) is released. It is desirable to be managed. In addition, when the payment terminal 140 requests a predetermined service through the high-speed wireless Internet, the PAR 130 is generated based on the service request information, session information and / or connection information, and when a new service is requested. It is generated and managed every time, thereby making it possible to provide at least one or more services to the payment terminal 140. When the service for the subscriber (or payment terminal 140) is released and the subscriber profile information is deleted in the PAR 130, the service flow information associated with the subscriber profile information is also deleted.

3A and 3B are diagrams illustrating a communication path between a payment terminal 140 and a VAN server 105 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIGS. 3A and 3B include a PAR 130 shown in FIG. 2 and use the high-speed wireless Internet system shown in FIG. 1 as a predetermined payment network for payment for high-speed wireless Internet-based electronic payment processing. The preferred embodiment of the communication path between the terminal 140 and the VAN server 105, specifically, Figure 3a is a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system FIG. 3B illustrates a communication path passing through, and FIG. 3B illustrates a communication path not passing through a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system. Those skilled in the art to which the present invention pertains may refer to the communication paths illustrated in FIGS. 3A and 3B, and the high-speed wireless Internet-based electronic payment processing may be performed without violating the core technical matters of the present invention. Various implementation methods for the communication path between the payment terminal 140 and the VAN server 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 3A illustrating a communication path via a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system, the payment terminal 140 may include a predetermined base station 135 and a PAR. 130 is shown as connecting the communication path with the VAN server 105 through the relay server 300 provided on the operator network 100, the communication path is passed through the operator network 100 It is desirable to pass through at least one router and / or gateway in the process. Accordingly, the payment processing related data (or payment approval request specialized data) transmitted from the payment terminal 140 is transmitted to the VAN server 105 through the base station 135, the PAR 130, and the relay server 300. The payment processing result data (or payment approval data) transmitted from the VAN server 105 is received to the payment terminal 140 through the relay server 300, the PAR 130, and the base station 135. It is desirable to be.

According to an embodiment of the present invention, the data transmitted and received between the payment terminal 140 and the VAN server 105 for the high-speed wireless Internet-based electronic payment processing must include a high degree of security. The communication path is preferably via a predetermined relay server 300 that processes data transmission and reception requiring high security on the high-speed wireless Internet, and the relay server 300 is configured to authenticate the terminal on the high-speed wireless Internet. And / or an AAA server 110 for performing user authentication and / or charging, and / or a firewall server (not shown), and / or an HA 120 server and / or NMS for managing and maintaining the high speed wireless Internet. And / or a security server (not shown) defined to be via and / or to transmit and receive data for maintaining high security on the high speed wireless Internet. It is preferable.

Referring to FIG. 3B, which illustrates a communication path not passing through a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system, the payment terminal 140 may include a predetermined base station 135. And a communication path with the VAN server 105 through the PAR 130, the communication path is via at least one router and / or gateway in the course of passing through the operator network 100. desirable. Accordingly, payment processing related data (or payment approval request specialized data) transmitted from the payment terminal 140 is transmitted to the VAN server 105 through the base station 135 and the PAR 130, and the VAN server. The payment processing result data (or payment approval specialized data) transmitted from 105 is preferably received by the payment terminal 140 through the PAR 130 and the base station 135.

According to an embodiment of the present invention, the high-speed wireless Internet system to provide a high security for data transmitted and received between the payment terminal 140 and the VAN server 105 in the communication path as shown in Figure 3b (Or at least one server (or device) provided on the high-speed wireless Internet) periodically monitors at least one or more network components (eg, routers) constituting the communication path, thereby allowing the payment terminal 140 and the VAN. It is desirable to maintain a high degree of security for the communication path connecting the server 105.

According to another exemplary embodiment of the present invention, in the communication path as shown in FIG. 3B, only the end-to-end security system between the payment terminal 140 and the VAN server 105 is connected to the communication path. If a high level of security is provided, the high speed wireless Internet system (or at least one server (or device) provided on the high speed wireless Internet) periodically monitors at least one or more network components constituting the communication path. The function may be omitted, and the present invention is not limited thereby.

According to the present invention, the VAN server 105 that connects the payment terminal 140 on the high-speed wireless Internet and the communication path as shown in Figs. 3a and / or 3b is provided in the operator network 100 of the high-speed wireless internet. A predetermined network connection device (eg, a router connecting the operator network 100 and an external network (or a server or a device)) and the Internet and / or a leased line based on Transmission Control Protocol / Internet Protocol (TCP / IP). It is characterized in that the present invention is not limited thereby.

4A, 4B, and 4C are diagrams showing a preferred functional configuration of a payment terminal 140 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

4a, 4b, and 4c show the preferred functional configuration of the payment terminal 140 for providing the electronic payment processing using the high-speed wireless Internet system shown in FIG. FIG. 4 illustrates a preferred functional configuration of the integrated payment terminal 140 in which the OFDMA-based wireless access function is embedded in a predetermined card terminal to perform high-speed wireless Internet-based electronic payment processing. FIG. 4B illustrates a predetermined card terminal 475. ) And the payment terminal 140 having the OFDMA-based wireless access function is connected to the preferred functional configuration of the modular payment terminal 140 to perform the high-speed wireless Internet-based electronic payment processing, Figure 4c The card terminal terminal 475 and the OFDMA-based wireless terminal terminal 480 of the interlocking payment terminal 140 to perform the electronic payment process is preferred It shows the function configuration. Those skilled in the art to which the present invention pertains, various embodiments of the payment terminal 140 for providing the high-speed wireless Internet-based electronic payment processing with reference to Figures 4a, 4b and 4c of the drawings. It can be easily inferred, whereby the present invention is not limited.

Referring to FIG. 4A illustrating a functional configuration of an integrated payment terminal 140 having a built-in OFDMA-based wireless access function in a predetermined card terminal and performing a high-speed wireless Internet-based electronic payment process, the payment terminal 140 may be configured as described above. Control unit 435, card interface 400, security application module 415, memory unit 465 and screen output for realizing the function defined in the payment terminal 140 (for example, high-speed wireless Internet-based electronic payment processing function) Required to perform the functions defined in the unit 405, the key input unit 410, the printing unit 420, the wireless processing unit 470, and the payment terminal 140 (for example, a high-speed wireless Internet-based electronic payment processing function). It is provided by having a power supply unit 430 for supplying power to the payment terminal 140.

The control unit 435 controls the overall operation of the payment terminal 140, manages the flow of information or data between each component, and is provided in the payment terminal 140 for high-speed wireless Internet-based electronic payment processing A functional configuration comprising controlling and managing at least one component, wherein at least one processor and at least one memory loading data including a central processing unit (CPU) / micro processing unit (MPU) are loaded in hardware Execution memory (for example, register and / or random access memory (RAM)) and a bus (BUS) for inputting and outputting at least one or more data to the processor and the memory, characterized in that the software and the payment terminal ( To a predetermined recording medium in order to perform a function (e.g., electronic payment processing) It includes a predetermined program routine (Routine) and / or program data that is loaded into the execution memory and processed by the processor (thus, provided in the payment terminal 140 for high-speed wireless Internet-based electronic payment processing) The control unit 435 shows a predetermined program recorded on a recording medium and / or a component that can be processed in software among the functional configurations provided in the payment terminal 140 for high-speed wireless Internet-based electronic payment processing. It is characterized by consisting of).

The card interface 400 may provide an interface for reading predetermined payment means information for electronic payment processing from a medium (eg, an MS card and / or an IC card and / or an IC chip) having at least one payment means. The information or data read out from a predetermined user-owned medium through the card interface is input to the controller 435.

According to an embodiment of the present invention, the card interface 400 may be configured to provide an interface for an MS card based on an ISO / IEC 7810 standard, and / or a contact IC card based on an ISO / IEC 7816 standard. And at least one contact IC interface providing an interface to the contactless IC card and / or a contact IC interface based on the ISO / IEC 14443 standard.

The MS interface is a card interface 400 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil, and includes predetermined information (eg, magnetized binary ( When the MS card on which the data is recorded is moved in close contact with the magnetic head (or the magnetic head moves in close contact with the MS card in which predetermined information is recorded), a predetermined electrical signal is applied to the magnetic head. It is characterized in that the predetermined information or data is read from at least one or more tracks provided in the MS of the MS card by using the loaded device.

The contact IC interface is a card interface 400 based on ISO / IEC 7816. The contact IC interface includes at least one contact point for making electrical contact with a chip on board (COB) provided in a contact IC card. It supplies power to the IC chip of the IC card through the contact point, and the predetermined information or from the IC chip through the transaction of the half-duplex (HA 120 lf Duplex) method using an APDU (Application Protocol Data Unit) The data is read out.

The contactless IC interface is a card interface 400 based on ISO / IEC 14443, and includes at least one contactless electrical contact with the contactless IC card by using capacitive coupling and / or inductive coupling. The antenna includes an antenna, and supplies power to the IC chip of the IC card through the antenna, and reads predetermined information or data from the IC chip through a non-contact half-duplex (HA 120 lf Duplex) transaction. It is characterized by.

The card terminal security application module (415) (Secure Application Module (SAM)) is a confidentiality (confidentiality) required in the process of the payment terminal 140 performs the electronic payment and / or electronic payment using the payment means provided in the medium And / or security requirements including authentication and / or integrity and / or nonrepudiation, etc. without using an authentication server (or payment server) on the network. As a safety device for performing a safe and reliable structure within, a predetermined message that is processed in the process of the payment terminal 140 performs a predetermined security request function (for example, electronic payment and / or electronic payment function) ( Information or data), adding an authenticator that prevents forgery (or tampering) of the message, or performing the security request function. The ability to store key information document important features to perform.

In general, the security application module 415 is preferably composed of a predetermined security application module inserter and a security application module chip, the security application module chip is a chip containing at least 8-bit CPU or more, more than 2 MIPS (Million Instructions Per Second) It is preferable to include an application specific integrated circuit (ASIC) chip (for example, a PLCC 44-pin chip) and / or an IC chip (for example, an IC card in the form of a subscriber identity module).

In addition, the security application module 415 is at least one or more security application data (eg, at least one identifier, version, expiration date, issue date, code value, etc.) required for the payment terminal 140 to perform a predetermined security request function ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocols, authorization protocols, mode switching protocols, key download protocols, SAM revocation protocols) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switch / gather / delete / discard / Initialization / reprocessing / cancellation command).

According to an embodiment of the present invention, the security application module 415 encrypts and / or decrypts predetermined payment processing related data (or payment approval request specialized data) and / or payment processing result data (or payment approval specialized data). Preferably at least one key value is provided.

The memory unit 465 inputs when a predetermined program routine (or code) and / or program data (eg, program routine (or code)) for controlling the overall operation of the payment terminal 140 is performed. Or a general term of non-volatile memory for storing at least one output information or data), which is hardware-based electrically erasable and programmable read only memory (EEPROM) and / or flash memory (FM) and / or HDD (HA 120). and at least one or more storage means including; rd Disk Drive).

The screen output unit 405 is at least one or more information (or data) defined to be exposed to the user in the process of performing a function (eg, high-speed wireless Internet-based electronic payment processing function) defined in the payment terminal 140 And at least one output device including a liquid crystal display (LCD) and / or a cathode ray tube (CRT), and a driver managing the output device and interworking with the control unit 435. It is preferable to comprise.

The key input unit 410 selects at least one or more information (or data) defined to be input from a user in the process of performing a function defined in the payment terminal 140 (for example, a high-speed wireless Internet-based electronic payment processing function). Characterized in that in the form of key data, and comprises at least one input device including a keypad and / or keyboard, and a driver for managing the input device and interworking with the control unit 435. .

The printing unit 420 performs a process (eg, a high speed wireless Internet-based electronic payment processing function) defined in the payment terminal 140 and / or predetermined information or data generated as a result (eg, payment) Process receipt) by printing (or outputting) through a predetermined printing device 425 (eg, a receipt printing machine), and printing the print information or data in accordance with a predefined printing form. It includes a print protocol and a driver for printing through).

The wireless processor 470 is a network component of the high-speed wireless Internet system (for example, the base station 135, in order to perform a function defined in the payment terminal 140 (for example, high-speed wireless Internet-based electronic payment processing function)), PAR 130, AAA server 110, HA (120 server, NMS, etc.) in conjunction with the payment terminal 140 is characterized in that the wireless connection to the high-speed wireless Internet, and also through the high-speed wireless Internet VAN server 105 connected to the high-speed wireless Internet and a TCP / IP-based network and / or a dedicated line 305 to perform a function defined in the payment terminal 140 (for example, high-speed wireless Internet-based electronic payment processing function). ) And a high-speed wireless Internet-based communication channel, and traffic for performing a function (eg, high-speed wireless Internet-based electronic payment processing function) defined in the payment terminal 140 through the communication channel. Characterized in that for production. A preferred embodiment of the wireless processing unit 470 will be described in detail with reference to FIG.

According to the present invention, the wireless processing unit 470 is a media control layer (MAC) and a physical layer corresponding to a lower layer on a communication protocol stack defined between the payment terminal 140 and the base station 135 on the high-speed wireless Internet. Perform communication processing for the (PHY).

A functional configuration of the modular payment terminal 140 is connected to a predetermined card terminal 475 and the payment terminal 140 having the OFDMA-based wireless access function to perform a high-speed wireless Internet-based electronic payment processing. FIG. 4B shows the control unit 435, the card interface 400, the security application module 415, the memory unit 465, the screen output unit 405, the key input unit 410, and the printing unit 420 illustrated in FIG. 4A. And predetermined transaction data (eg, payment means information read from a customer-owned medium) for realizing a function (eg, a high-speed wireless Internet-based electronic payment processing function) defined in the payment terminal 140 through the power supply unit 430. A card terminal stage 475 for generating payment processing related data (or payment approval request specialized data) defined to request high-speed wireless Internet-based electronic payment processing, and a transaction generated by the card terminal stage 475. place To the emitter via the high-speed wireless Internet access system comprising a wireless terminal end (480) which corresponds to a communication module for transmitting and receiving with the VAN server 105 it is characterized.

In FIG. 4B, the control unit 435, the card interface 400, the security application module 415, the memory unit 465, the screen output unit 405, and the key input unit constituting the card terminal 475 are shown. The basic functions of the 410, the printing unit 420, and the power supply unit 430 are the same as those described with reference to the payment terminal 140 of FIG. 4A, and the wireless processing unit configuring the wireless terminal end 480 is also described above. As shown and described in the payment terminal 140 of FIG.

Referring to FIG. 4B, the card terminal 475 transmits predetermined transaction data for realizing a function defined in the payment terminal 140 (eg, a high-speed wireless Internet-based electronic payment processing function). And a predetermined card terminal end interface 485 for interfacing and exchanging with 480.

According to the exemplary embodiment of the present invention, the card terminal end 475 may transmit predetermined transaction data (eg, a customer-owned medium) generated inside the card terminal end 475 through the card terminal end side interface 485. Interfacing and providing payment processing related data (or payment approval request specialized data) defined to request high-speed wireless Internet-based electronic payment processing, including payment method information read from the mobile terminal 480, and / or Alternatively, the VAN server 105 may correspond to predetermined transaction data (eg, the payment processing related data (or payment approval request specialized data)) from the wireless terminal 480 through the card terminal end interface 485. (Or payment processing result data (or payment approval specialized data) received from the card company server) is preferably provided to interface.

According to one embodiment of the invention, the card terminal end interface 485 is a wired communication interface including at least one or more, such as USB or RS-232c or RS-485, and / or Infrared Ray communication, RF A near field communication interface including at least one or more of Radio Frequency communication, Bluetooth, Wi-Fi, Ultra Wide Band system (UWB), and / or a Personal Computer Memory Card International Association (PCMCIA). It is preferred to include at least one or more interface means of at least one or more mating interfaces to include.

Referring to FIG. 4B, the wireless terminal end 480 includes a predetermined wireless terminal end 480 side interface that matches the card terminal end interface 485 provided in the card terminal end 475, and A control unit 491, a memory unit 493, and the wireless terminal 480 defined for realizing a function defined in the wireless terminal 480 (eg, a communication module function for high-speed wireless Internet-based electronic payment processing). And a power supply unit 494 for supplying power required to perform a function (eg, a communication module function for high-speed wireless Internet-based electronic payment processing).

The controller 491 of the wireless terminal 480 may include at least one or more processors including CPU / MPU in hardware and at least one or more program codes and / or data for realizing functions defined in the wireless terminal 480. Is loaded, and a bus (BUS) for inputting and outputting predetermined data to the processor and / or memory.

The memory unit 493 of the wireless terminal 480 is a generic term for storage means for storing a predetermined program routine (or code) and / or program data for controlling the overall operation of the wireless terminal 480. And a read only memory (ROM), a read / write flash memory (FM), an electrically erasable and programmable read only memory (EEPROM), and the like.

Those skilled in the art (e.g., device characteristics of the wireless terminal 480) (e.g., device characteristics in which the wireless terminal 480 is implemented by an external wireless modem, or the wireless terminal) If the stage 480 is aware of device characteristics implemented in the form of a PCMCIA card), since the functional configurations of the controller 491 and the memory unit 493 of the wireless terminal 480 will be clearly understood, a detailed description thereof will be given. Is omitted for convenience.

4c illustrates a functional configuration of a linked payment terminal 140 in which a predetermined card terminal 475 and the OFDMA-based wireless terminal 480 interoperate with each other to perform an electronic payment process. And a card interface, a security application module, a memory unit, a screen output unit, a key input unit, a printing unit, and a power supply unit, to realize a function defined in the payment terminal 140 (for example, a high-speed wireless Internet-based electronic payment processing function). Card terminal end generating transaction data (e.g., payment processing related data (or payment approval request specialized data) defined to request high-speed wireless Internet-based electronic payment processing, including payment method information read from a customer-owned medium) 475 and a transaction for transmitting / receiving the transaction data generated at the card terminal 475 to the VAN server 105 through the high-speed wireless Internet system. Including a wireless terminal end (480) that corresponds to the module, characterized in that formed.

In FIG. 4C, basic functions of the control unit, card interface, security application module, memory unit, screen output unit, key input unit, printing unit, and power supply unit constituting the card terminal unit 475 are settled in FIG. 4A. As described with reference to the terminal 140, the wireless processing unit constituting the wireless terminal 480 is also the same as described with reference to the payment terminal 140 of FIG.

Referring to FIG. 4C, the card terminal 475 stores predetermined transaction data for realizing a function defined in the payment terminal 140 (eg, a high speed wireless Internet-based electronic payment processing function) as shown in FIG. 4B. It is characterized in that it further comprises a predetermined card terminal end interface 485 for interfacing and exchange with the wireless terminal end 480, as described in detail with reference to Figure 4b.

Referring to FIG. 4C, the wireless terminal end 480 includes a predetermined wireless terminal end interface 490 that matches the card terminal end interface 485 provided in the card terminal end 475, and Functions defined in the wireless terminal 480 (eg, at least one or more service providing functions provided by the wireless terminal 480 in association with the high-speed wireless Internet as independent wireless terminals, and / or the card terminal 475). And a controller 491, a memory unit 493, a screen output unit 495, a key input unit 496, a sound processing unit 497, and the above, for realizing a communication module function for high-speed wireless Internet-based electronic payment processing. And a power supply unit 494 for supplying predetermined power to the wireless terminal terminal 480. The basic features of the controller 491 and the memory unit 493 are the same as those described with reference to FIG. 4B.

The screen output unit 495 of the wireless terminal 480 operates in conjunction with the control unit 491 to generate key data generated through a predetermined key input unit 496 and a predetermined function provided in the wireless terminal 480. Outputting a predetermined screen according to a predefined rule to a variety of information and / or signals and / or content (e.g. text content, image content, and / or multimedia content) extracted and / or generated and / or received in the process of performing And outputting to a device (for example, a liquid crystal display (LCD) and / or a cathode ray tube (CRT)), and at least one output device for managing the output device and managing the output device. It is preferable to include a driver that cooperates with 491.

The key input unit 496 of the wireless terminal 480 includes at least one of a predetermined number key and / or a character key (CHA 120) and / or a function key. Detects information (or signal) input from a predetermined keypad including a key button, and controls a specific input mode and / or of the wireless terminal 480 controlled by the controller 491. When predetermined information (or a signal) is input from a predetermined key button provided in the keypad in the operation mode, a key event corresponding to the input information (or signal) is generated, and the generated key event is controlled by the controller ( 491), and at least one input device for this purpose, and a driver for managing the input device and interworking with the control unit 491.

The sound processor 497 of the wireless terminal 480 is provided to the wireless terminal 480 in the process of performing a function defined in the wireless terminal 480 (for example, wireless connection and / or transmitting and receiving information). Encodes a predetermined sound signal input from the supplied microphone to provide to the controller 491, or decodes a predetermined sound signal extracted and / or generated by the controller 491 and outputs the same through a speaker. For this, a predetermined vocoder and a codec are provided in the sound processor.

4A, 4B, and 4C, the payment terminal 140 may include a payment means reading unit 440 that reads predetermined payment means information from at least one customer-owned medium through the card interface; An information input unit 445 for receiving predetermined payment information (e.g., a payment amount) from an input device (e.g., a key input device corresponding to the key input unit or a POS device), and the payment means information and payment information. Encrypts the data generation unit 450 for generating predetermined payment processing related data (or payment approval request specialized data), and the generated payment processing related data (or payment approval request specialized data), and / or the An encryption processing unit 455 for decrypting payment processing result data (or payment approval specialized data) corresponding to payment processing related data (or payment approval request professional data); Process the detailed payment processing related data (or payment approval request specialized data) into a protocol stack that can be transmitted through the wireless processing unit 470, and / or the payment processing from the protocol stack received through the wireless processing unit 470. And a communication processing unit 460 for reading payment processing result data (or payment approval specialized data) corresponding to the related data (or payment approval request specialized data).

The payment means reader 440 may be linked with a card reader device corresponding to the card interface 400 provided in the payment terminal 140 and / or at least one driver for driving the card reader device. Through the payment terminal 140, the predetermined payment means information for performing the electronic payment processing from the customer owned medium having at least one payment means through the through, characterized in that the payment means reading unit 440 The payment means information read by the data is provided to the data generation unit 450.

According to an embodiment of the present invention, the payment means read out from the customer-owned medium through the payment means reader 440 may include a credit card, a debit card, a check card, and a prepaid payment. It is preferable to include at least one card (Prepaid Card), Electronic Wallet (Electronic Wallet), Electronic Bankbook (Electronic Bankbook), the financial common network.

The information input unit 445 includes a payment amount from at least one input device including a key input device corresponding to the key input unit 410 and / or a POS device for extracting predetermined payment related information from payment target product information. Characterized in that the predetermined payment information is received, the payment information input by the information input unit is provided to the data generation unit 450.

The data generation unit 450 may include predetermined payment processing related data (or payment approval request) including payment means information read by the payment means reader 440 and payment information input through the information input unit 445. Specialized data), and the payment processing related data (or payment approval request specialized data) is provided to the encryption processing unit 455.

The encryption processing unit 455 encrypts the payment processing related data (or payment approval request specialized data) according to a predetermined encryption protocol defined so that the VAN server 105 can decrypt the encrypted data. Payment processing related data (or payment approval request specialized data) is provided to the communication processing unit 460. In addition, the encryption processing unit 455 decrypts the predetermined payment processing result data (or payment approval specialized data) restored (or generated) from the communication processing unit 460 when the encrypted data is encrypted. The decrypted payment processing result data (or payment approval specialized data) is provided to the screen output unit 405 and / or the printing unit 420 and output.

The communication processing unit may perform communication processing on upper layers of a medium control layer (MAC) and a physical layer (PHY) defined in the wireless processing unit on the communication protocol stack defined in the payment terminal 140.

According to an embodiment of the present invention, the communication processing unit 460 stores a service data unit (SDU) to be stored in the communication protocol stack and transmitted from the encrypted payment processing related data (or payment approval request specialized data) and And / or generate a Protocol Data Unit (PDU), and store the SDU / PDU in an upper layer of the communication protocol stack. As described above, the protocol stack in which the SDU / PDU is stored is the wireless processor. 470 is preferably provided, and the wireless processing unit 470 includes a media control layer (MAC) and a physical layer (PHY) in a predetermined communication protocol stack in which the SDU / PDU is stored by the communication processing unit 460. Further performs communication processing for the wireless transmission to the base station 135 on the high-speed wireless Internet.

Also, the base station 135 on the high-speed wireless Internet stores an SDU / PDU generated from predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data). After providing a communication protocol stack to the wireless processing unit 470, the wireless processing unit 470 performs a series of communication processing for the media control layer (MAC) and the physical layer (PHY) from the communication protocol stack, Preferably, the remaining higher communication protocol stack is provided to the communication processing unit 460, and the communication processing unit 460 reads the SDU / PDU from the provided communication protocol stack to transmit the payment processing result data (or payment approval specialized data). Restore (or create)

If the restored (or generated) payment processing result data (or payment approval specialized data) is encrypted, the communication processing unit 460 transfers the payment processing result data (or payment approval specialized data) to the encryption processing unit 455. If it is not encrypted, the restored (or generated) payment processing result data (or payment approval data) is provided to the screen output unit and / or the print unit.

In the case of the integrated payment terminal 140 according to the embodiment of the present invention, the payment means reading unit, information input unit, data generation unit, encryption processing unit, and communication processing unit as shown in FIG. Is preferably provided).

In the case of the modular payment terminal 140 according to the embodiment of the present invention, the payment means reading unit 440, the information input unit 445, the data generating unit 450 and the encryption processing unit 455 As shown in FIG. 4B, the payment terminal 140 is provided at the card terminal 475, and the communication processing unit 460 is preferably provided at the wireless terminal 480 provided with the wireless processing unit 470. .

In this case, the card terminal 475 transmits the payment processing related data (or payment approval request specialized data) encrypted by the encryption processing unit 455 to the card terminal end interface 485 and the wireless terminal end interface 490. ) Is provided to the wireless terminal 480, and the communication processing unit 460 of the wireless terminal 480 performs a predetermined communication process on the encrypted payment processing related data (or payment approval request specialized data). Perform the transmission through the wireless processing unit.

In addition, when a packet including a predetermined communication protocol stack is received through the wireless processing unit 470, the communication processing unit of the wireless terminal 480 performs a predetermined communication processing procedure to perform the payment processing related data from the packet. Restoring (or generating) payment processing result data (or payment approval specialized data) corresponding to (or payment approval request specialized data), and through the wireless terminal end interface 490 and the card terminal end interface 485. The card terminal 475 is provided.

According to another embodiment of the present invention, the encryption processing unit 455 provided in the card terminal end 475 of the modular payment terminal 140 with respect to the embodiment shown in Figure 4b is the wireless terminal end ( The method may be transferred to 480, and the present invention is not limited thereto. Alternatively, the communication processing unit 460 provided in the wireless terminal 480 may be transferred to the card terminal 475 to operate according to the method illustrated in FIG. 4B, and thus the present invention is limited. Not.

Alternatively, for the method illustrated in FIG. 4B, the communication processor may be configured to process the uppermost layer of the communication protocol stack in the card terminal 475, and the remaining layer may be processed in the wireless terminal 480. The card terminal 475 and the wireless terminal 480 may be provided separately, and the present invention is not limited thereto.

In the case of the linked payment terminal 140 according to the embodiment of the present invention, the payment means reading unit 440, the information input unit 445, and the data generating unit 450 is the payment terminal as shown in Figure 4c It is preferable that the card terminal 475 of the 140 is provided, and the encryption processing unit 455 and the communication processing unit 460 are provided in the wireless terminal terminal 480 provided with the wireless processing unit 470.

At this time, the card terminal end 475 exchanges the payment processing related data (or payment approval request specialized data) generated by the data generation unit with the card terminal end interface 485 and the wireless terminal end interface 490. Provided to the wireless terminal 480 through, the encryption processing unit 455 of the wireless terminal 480 encrypts the payment processing-related data (or payment approval request specialized data) to the communication processing unit 460 The communication processing unit 460 performs a predetermined communication process on the encrypted payment processing related data (or payment approval request specialized data) and transmits it through the wireless processing unit 470.

In addition, when a packet including a predetermined communication protocol stack is received through the wireless processing unit 470, the communication processing unit 470 of the wireless terminal 480 performs a predetermined communication processing procedure to perform the payment from the packet. Restoring (or generating) payment processing result data (or payment approval specialized data) corresponding to processing related data (or payment approval request specialized data); and if the payment processing result data (or payment approval specialized data) is encrypted, It is provided to the encryption processing unit, and / or to the card terminal end 475 through the wireless terminal end side interface 490 and the card terminal end side interface 485.

According to another exemplary embodiment of the present invention, the data generation unit provided in the card terminal 475 of the linked payment terminal 140 is transferred to the wireless terminal 480 with respect to the embodiment shown in FIG. 4C. The present invention is not limited thereto.

Alternatively, the encryption processing unit 455 provided in the wireless terminal end 480 may be transferred to the card terminal end 475 to operate the method shown in FIG. 4C, and thus the present invention is limited. Not.

5A, 5B, and 5C illustrate a preferred structure of a communication protocol stack of a payment terminal 140 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

5A, 5B, and 5C show the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing shown in FIGS. 4A, 4B, and 4C. As a preferred embodiment of the preferred structure of the protocol stack that is processed communication based on the wireless Internet, specifically Figure 5a illustrates a preferred communication protocol stack for the integrated payment terminal 140, such as Figure 4a, Figure 5b 4b illustrates a preferred communication protocol stack for a modular payment terminal 140 as shown in FIG. 4b, and FIG. 5c illustrates a preferred communication protocol stack for a linked payment terminal 140 as shown in FIG. 4c. Those skilled in the art to which the present invention pertains, for the high-speed wireless Internet-based electronic payment processing in a range that does not violate the core technical matters of the present invention with reference to the drawings 5a, 5b and 5c. Various implementation methods of the communication protocol stack provided in the payment terminal 140 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 5A, which illustrates a preferred communication protocol stack for the integrated payment terminal 140, the communication processing unit provided in the integrated payment terminal 140 may include the encrypted payment processing related data (or payment approval request specialized data). Generates a predetermined SDU / PDU, performs a communication protocol processing procedure for storing the generated predetermined SDU / PDU in an upper layer on the communication protocol stack defined in the payment terminal 140, and controls the medium of the wireless processing unit Create a predetermined communication protocol stack that can be processed at the layer MAC.

According to an embodiment of the present invention, the communication processor may further include passing through a Secure Sockets Layer (SSL) layer in the process of generating the communication protocol stack, and / or providing the high speed wireless Internet service. It is possible to further pass through a layer that supports at least one or more protocols defined in the high-speed wireless Internet, for which the present invention is not limited.

The protocol stack communicated through the communication processor is transmitted from the wireless processor provided in the integrated payment terminal 140 to the base station 135 on the high-speed wireless Internet through a media control layer and a physical layer.

The medium control layer (MAC) preferably includes a privacy sublayer, a MAC common PAR 130t sublayer, and a service specific convergence sublayer L23. Do.

According to an embodiment of the present invention, the privacy sub-layer performs device authentication, security key exchange, and encryption functions, wherein the privacy sub-layer performs only authentication for the device, and user authentication is performed at an upper layer of the MAC. desirable. In addition, the MAC common sub-layer is an essential part of the MAC layer, and is preferably responsible for system access, bandwidth allocation, traffic connection establishment and maintenance, and quality of service (QoS) management. In addition, the service specific aggregation sublayer is preferably responsible for payload header suppression and quality of service (QoS) mapping functions in continuous data communication.

Referring to the IEEE 802.16 series standard, the high-speed wireless Internet system defines an encryption function for traffic data in order to provide a stable wireless communication service, which is required before a predetermined traffic connection establishment procedure for encrypting the traffic data. It defines how to generate and distribute traffic encryption keys for traffic connections. Specifically, the payment terminal 140 and the base station 135, for generating and distributing the traffic encryption key, a PKM-REQ (Privacy Key Managment-Request) message and a PKM-RSP (Privacy Key Managment-Response) Message, the payment terminal 140 requests a traffic encryption key assignment by transmitting a key request message, which is an internal message of one of the PKM-REQ messages, to the base station 135, and the base station 135 ) Sends a response to the terminal. Specifically, the base station 135 transmits a key reply message to the terminal when the traffic encryption key assignment is successful, and transmits a key reject message to the terminal when the traffic encryption key assignment is successful. By using the traffic encryption key assigned through the traffic encryption key assignment procedure, the payment terminal 140 and the base station 135 can encrypt and transmit all traffic data. However, as described above, the encryption traffic is defined in the wireless section between the payment terminal 140 and the base station 135 through the generation and distribution of the encryption key, whereby the payment terminal 140 at the VAN server. High security up to 105 is not secured, and high security is secured between the payment terminal 140 and the VAN server 105 only by the end-to-end encryption processing function according to the present invention.

The physical layer (PHY) is responsible for a wireless communication function performed in a normal physical layer, such as modulation and demodulation and coding, a preferred embodiment thereof will be described in detail with reference to FIG.

Referring to FIG. 5B, which illustrates a preferred communication protocol stack for the modular payment terminal 140, the communication processing unit provided in the wireless terminal end 480 of the modular payment terminal 140 includes the modular payment terminal ( A predetermined SDU / PDU is generated from the encrypted payment processing related data (or payment approval request specialized data) provided from the card terminal 475 of the 140, and the generated SDU / PDU is transferred to the payment terminal 140. Performs a communication protocol processing procedure stored in an upper layer on the communication protocol stack defined in the above), and generates a predetermined communication protocol stack that can be processed by the medium control layer (MAC) of the radio processing unit.

In addition, the protocol stack communicated through the communication processor is a base station on the high-speed wireless Internet by passing through a media control layer and a physical layer in the wireless processor provided in the wireless terminal 480 of the modular payment terminal 140. And the technical characteristics of the medium control layer and the physical layer are as described with reference to FIG. 5A.

Referring to FIG. 5C, which illustrates a preferred communication protocol stack for the linked payment terminal 140, the communication processor included in the wireless terminal 480 of the linked payment terminal 140 may be connected to the linked payment terminal 140. Encrypts the payment processing related data (or payment approval request specialized data) provided from the card terminal 475 of the card), and generates a predetermined SDU / PDU from the encrypted payment processing related data (or payment approval request specialized data). And a communication protocol processing procedure for storing the generated predetermined SDU / PDU in an upper layer on a communication protocol stack defined in the payment terminal 140, and may be processed by a media control layer (MAC) of the wireless processing unit. Create a given communication protocol stack.

In addition, the protocol stack communicated through the communication processor is a base station on the high-speed wireless Internet by passing through a media control layer and a physical layer in the wireless processor provided in the wireless terminal 480 of the linked payment terminal 140. And the technical characteristics of the medium control layer and the physical layer are as described with reference to FIG. 5A.

6 is a view showing a preferred structure of the wireless processing unit 470 of the payment terminal 140 according to the embodiment of the present invention.

In more detail, FIG. 6 is a view illustrating a preferred implementation method of a wireless processing unit 470 that wirelessly communicates with the base station 135 in an OFDMA scheme according to IEEE 802.16 series wireless access standard as an end point of a wireless channel in the high-speed wireless Internet system. . However, in the present invention, the wireless processing unit 470 of the payment terminal 140 is not limited to the case of FIG. 6, but does not violate the core of the present invention according to the intention and / or components of the terminal manufacturer. The present invention can be modified within the present invention, and the present invention is not limited thereto.

Referring to FIG. 6, the wireless processor converts an analog baseband signal input from a baseband processor into a 2.3 GHz band signal, which is a carrier band, and transmits the signal. It performs the function of transferring to the processing unit.

In addition, the wireless processing unit includes a transmitting and receiving antenna, RF front end (FE), performs the up / down conversion function between the power amplifier function RF signal, FEM (Front End Module) is PA (Power Amplifier), It consists of RFSW (RF SWitch) and LNA (Low Noise Amplifier) FEM to perform transmit / receive mode switching function, power amplifier function of transmit signal, low noise amplifier function of received signal according to control signal, and UPCM (UP Conversion Module) is LPF , I / Q modulator, VGA, RF BPF, which converts baseband signal into RF signal, transmit power control and filtering function, and DNCM (DowN-Conversion Module) uses RF BPF, RF mixer, Comprising a VGA, I / Q demodulator, LPF, the DNCM performs the down-conversion function of the RF signal to the baseband signal, automatic control of the received power gain and filtering.

In addition, since the wireless processor 470 uses a Local Oscillator Module (LOM) consisting of a PLL and an RF VCO and a TDD scheme, the wireless processor 470 includes an ANTM (ANTenna Module) for transmitting and receiving on the same antenna.

7 is a diagram showing the function configuration of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 7 provides an end-to-end encryption processing function and an end-to-end encryption processing function provided with encryption functions as shown in FIGS. 4A, 4B, and 4C, between the payment terminal 140 and the VAN server 105. As a preferred embodiment of the VAN server 105 for managing and maintaining the high security of the present invention, those skilled in the art to which the present invention pertains, with reference to FIG. 4C and the VAN server 105 providing the end-to-end encryption processing function with encryption functions as shown in FIG. 4C, may be variously modified and thus the present invention is not limited thereto. .

Referring to FIG. 7, the VAN server 105 includes a receiving unit 700 for receiving encrypted payment processing related data (or payment approval request specialized data) transmitted from the payment terminal 140 through high-speed wireless Internet, Decrypt the encrypted payment processing related data (or payment approval request specialized data), and / or the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data). The encryption unit 710 for encryption processing and payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) are transmitted to the payment server through the high-speed wireless Internet. It characterized in that it comprises a transmission unit 705.

According to an exemplary embodiment of the present invention, the VAN server 105 reads the decrypted payment processing related data (or payment approval request specialized data) to a predetermined card company server that approves the payment request. Providing relevant data (or payment approval request specialized data) and receiving predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) from the card company server. It is preferable that the payment processing unit 715 is provided.

In the encryption unit 710, a decryption method for the encrypted payment processing related data (or payment approval request specialized data) is performed by the encryption processing unit of the payment terminal 140 (or payment approval request full text). Characterized in that it is performed according to a decryption procedure corresponding to a method of encrypting the data), and / or the payment processing result data (or payment approval) corresponding to the payment processing related data (or payment approval request specialized data). Specialized data) is performed according to an encryption procedure that can be decrypted by the encryption processing unit of the payment terminal 140, thereby increasing the altitude between the payment terminal 140 and the VAN server 105. End-to-end functionality is provided to manage and maintain security.

According to an embodiment of the present invention, the VAN server is preferably provided with a predetermined server-side security application module (not shown) interoperating with the encryption unit 710, the security application module is a predetermined payment processing related data At least one key value for encrypting and / or decrypting (or payment approval request data) and / or payment processing result data (or payment approval data) is preferably provided.

Hereinafter, the technical features of the present invention will be described through a preferred embodiment for processing a high-speed wireless Internet-based electronic payment that performs a symmetric key (or secret key) encryption and / or decryption procedure.

8 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 8 is connected to the high-speed wireless Internet from a payment terminal 140 equipped with encryption functions as shown in FIGS. 4A, 4B, and 4C, and when the electronic payment process is performed by the payment terminal 140, a payment process. The VAN server receiving the payment terminal 140 and the payment processing related data (or payment approval request specialized data) by encrypting and transmitting related data (or payment approval request specialized data) using a symmetric key (or secret key) method. As a preferred embodiment of the electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the 105, those of ordinary skill in the art to which the present invention pertains, The VAN server 105 and the portable interface through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from essential technical matters of the present invention. Various electronic payment processing methods for providing net-based end-to-end security can be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 8, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 interworking with a function of wirelessly connecting to a predetermined high-speed wireless Internet) is provided. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging, and an initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed (800). ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying authentication and service authority of the payment terminal 140 is performed from step 805.

According to an embodiment of the present invention, the preferred authentication procedure for verifying the authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR ( In step 130, a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) provided from the base station 135 is provided to the AAA server 110 on the high-speed wireless Internet. The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs a process of allocating and registering a predetermined IP address with respect to the payment terminal 140 (810).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Therefore, the payment terminal 140 periodically monitors an internal resource (eg, a resource for initiating the electronic payment process at the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment process is started (815). If the high-speed wireless Internet-based electronic payment processing is started (820), the payment terminal 140 receives predetermined payment information from a predetermined input device for electronic payment processing, and the customer-owned medium from the card reader device. The predetermined payment means information for the electronic payment processing is read from the MS (eg, MS card, IC card, IC chip, etc.) (825).

When payment information for electronic payment processing is input as described above and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 includes predetermined payment processing related data including the payment information and payment means information. (Or payment approval request text data) (or payment request text for electronic payment processing) (830), and the payment processing related data (or payment approval request text data) is converted into a symmetric key ( Or a secret key) method (835), and the VAN server 105 based on the communication protocol stack structure defined in the high-speed wireless Internet, and encrypts the encrypted payment processing related data (or payment approval request specialized data). 840, which is described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The medium control layer provided in the base control layer and the base station 135 connected to the payment terminal 140 is provided between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a mapping relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 845, the base station 135 on the high-speed wireless Internet and the PAR 130 interwork with each other to search for a payment processing service profile for the payment terminal 140 (850).

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. The subscriber profile is searched for through the registration information of the payment terminal 140 included in the received CREG_req message, and the acceptance of the registration of the subscriber is determined, and the result is included in the CREG_rsp message and transmitted to the base station 135. .

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and then negotiating the negotiation values and the payment. Whether to accept the processing traffic connection establishment request is included in the DSA_rsp message and transmitted to the base station 135.

Subsequently, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to establish the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the service processing information for payment processing is registered.

If a predetermined payment processing service profile is not retrieved from the PAR 130 (eg, if a traffic connection for payment processing is first attempted after booting the system of the payment terminal 140) (855), the high-speed wireless The PAR 130 on the Internet performs a change and / or registration and / or an additional procedure for the payment processing service profile (860).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, an electronic payment processing has been previously performed through a high-speed wireless Internet, and a service flow profile for payment processing has been previously generated) (855), or When a change and / or registration and / or an additional procedure for the payment processing service profile is performed (860), the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), which is transmitted to the base station 135 by the PAR 130. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. To 865, a communication path for transmitting the encrypted payment process related data (or the payment authorization request specialized data) is as shown in the figure 3a, or figure 3b.

9 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a symmetric key (or secret key) method according to an embodiment of the present invention.

In more detail, FIG. 9 illustrates a symmetric key (or secret key) of the payment processing related data (or payment approval request specialized data) in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. As a method for encrypting and transmitting in a manner, the symmetric key (or secret key) for encryption is secured in the payment terminal 140 (or card terminal 475 of the payment terminal 140). It is preferable to read from the application module 415 (SAM).

Referring to FIG. 9, when the data generation unit 450 of the payment terminal 140 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. The encryption processing unit 455 is provided with this (900), and a predetermined symmetric key (or secret key) for encrypting the payment processing related data (or payment approval request specialized data) from the security application module 415 In operation 905, the payment processing related data (or payment approval request specialized data) is encrypted using the extracted symmetric key (or secret key) (910).

When the payment processing related data (or payment approval request specialized data) is encrypted through the symmetric key (or secret key) as described above, the communication processing unit 460 sends the encrypted payment processing related data (or payment approval request specialized data). At least one SDU / PDU is generated from and stored in an upper layer on the communication protocol stack (915), and the wireless processing unit is a medium control layer defined between the wireless processing unit 470 and the base station 135 with respect to the communication protocol stack. By performing a communication process corresponding to the physical layer and the physical layer (920), the packet corresponding to the encrypted payment processing related data (or payment approval request specialized data) through the network component on the high-speed wireless Internet (VAN server) 105).

10 is a diagram illustrating a payment processing process of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to the embodiment of the present invention.

In more detail, FIG. 10 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing-related data (or payment approval request specialized data) encrypted through an encryption process as shown in FIG. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided in the intention of the person skilled in the art and / or each of the above VAN operators within the scope not to violate the core technical matters of the present invention with reference to this figure 10 Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 10, payment processing related data (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the encryption procedure as shown in FIG. 9 from the payment terminal 140 to the VAN server 105. When the professional data is received through the communication path as shown in FIG. 3a or 3b (1000), the VAN server 105 converts the received payment processing related data (or payment approval request expert data) into a symmetric key (or secret). By decryption processing in a key) method 1005, end-to-end security for the payment terminal 140 and the VAN server 105 is secured. A detailed procedure thereof will be described in detail with reference to FIG. 11.

If the payment processing related data (or payment approval request specialized data) is not decrypted (1010), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. In operation 1015, the payment terminal 140 transmits the payment to the payment terminal 140.

On the other hand, if the payment processing related data (or payment approval request specialized data) is decrypted (1010), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading the payment means information, and performs the electronic payment process in connection with a predetermined card company server and / or bank server (1020), and the payment processing related data (or payment approval request specialized data from the card company server and / or bank server) A predetermined payment processing result data (or payment approval specialized data) corresponding to the call is received (1025).

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (1030), the VAN server ( 105 encrypts the payment processing result data (or payment approval specialized data) in a symmetric key (or secret key) method (1035), and encrypts the encrypted payment processing result data (or payment approval specialized data) in FIG. 3A or FIG. To transmit to the payment terminal 140, such as Figures 4a, 4b and 4c through the communication path as shown in Figure 3b (1040), a detailed procedure thereof will be described in detail with reference to Figure 12.

FIG. 11 is a diagram illustrating a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received at a VAN server 105 by a symmetric key (or secret key) method according to an embodiment of the present invention. .

In more detail, in FIG. 11, the payment processing-related data received by being encrypted from the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C in the VAN server 105 as shown in FIG. Alternatively, the present invention relates to a method of decrypting a payment approval request specialized data by a symmetric key (or secret key) method, wherein the symmetric key (or secret key) is a card of the payment terminal 140 (or a payment terminal 140). It is preferable to read from the security application module provided in the VAN server 105 corresponding to the security application module (SAM) provided in the terminal end (475).

Referring to FIG. 11, the receiving unit 700 of the VAN server 105 is encrypted payment processing-related data (or payment) from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or leased line Receives a packet corresponding to a communication protocol stack including an authorization request specialized data and restores (or generates) payment processing related data (or payment approval request specialized data) encrypted and transmitted from the payment terminal 140 (1100). ), The encryption unit 710 is a predetermined symmetric key (or secret key) for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module provided in the VAN server 105 Extract (1105), and decrypt the encrypted payment processing related data (or payment approval request specialized data) through the extracted symmetric key (or secret key) (1110).

When the payment processing related data (or payment approval request specialized data) encrypted through the symmetric key (or secret key) is decrypted as described above, the encryption unit 710 may perform the payment processing related data (or payment approval request specialized data). To the payment processing unit 715 (1115), the payment processing unit 715 is linked with at least one card company server and / or bank server according to the payment processing procedure defined in the VAN server 105 and the payment The payment processing corresponding to the processing related data (or the payment approval request specialized data) is performed.

12 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a symmetric key (or secret key) method in the VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 12 shows payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. The preferred embodiment of the present invention encrypts payment approval data) using a symmetric key (or secret key) method, and the symmetric key (or secret key) for encryption is a security application module provided in the VAN server 105. It is preferable to read from.

Referring to FIG. 12, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit 715. When the payment approval specialized data is received, the encryption unit 710 is provided with this (1200), and a predetermined symmetric key (or a predetermined symmetric key for encrypting the payment processing result data (or payment approval specialized data) from the security application module. The secret key) is extracted (1205), and the payment processing result data (or payment approval specialized data) is encrypted using the extracted symmetric key (or secret key) (1210).

If the payment processing result data (or payment approval specialized data) is encrypted through the symmetric key (or secret key) as described above, the transmission unit 705 at least from the encrypted payment processing result data (or payment approval specialized data) By creating one or more SDUs / PDUs and storing them in a higher layer on the communication protocol stack (1215), communication defined between the VAN server 105 and the Internet and / or leased lines connecting the operator network 100 of the high-speed wireless Internet A packet corresponding to a protocol stack is generated and the generated packet is transmitted to the payment terminal 140 through a network component on the high-speed wireless Internet.

FIG. 13 is a diagram illustrating a payment processing procedure of a payment terminal 140 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 13 illustrates a payment terminal 140 that transmits the predetermined payment processing related data (or payment approval request specialized data) to the VAN server 105 as shown in FIG. By decrypting the payment processing result data (or payment approval specialized data) encrypted and received from 105 by a symmetric key (or secret key) method, the VAN server 105 and the payment processing result data (or payment approval specialized data) As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security between the payment terminal 140 for receiving the present invention, those skilled in the art to which the present invention belongs, The V through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from essential technical matters of the present invention with reference to FIG. 13. Various electronic payment processing methods for providing the AN server 105 and the portable Internet-based end-to-end security will be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 13, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the same process as in FIG. 8 may transmit the VAN server 105 through the high-speed wireless Internet. Wait 1300 to receive payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (1305), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval specialized data) is decoded and output by a symmetric key (or secret key) method (1310), a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment processing process of the payment terminal 140 as shown in FIGS. 8 and 13 is preferably repeated until the payment function of the payment terminal 140 ends (1315).

FIG. 14 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by the payment terminal 140 in a symmetric key (or secret key) method according to an embodiment of the present invention.

In more detail, FIG. 14 is received from the VAN server 105 as shown in FIG. 7 through an encryption procedure as shown in FIG. 12 in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. In the preferred embodiment of the method for decrypting the received payment processing result data (or payment approval professional data) by the symmetric key (or secret key) method, the symmetric key (or secret key) is the payment terminal 140 (or payment terminal) It is preferable to read from the security application module (SAM) provided in the card terminal 475 of the 140.

Referring to FIG. 14, the wireless processing unit 470 of the payment terminal 140 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. In operation 1400, the communication processing unit 460 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VAN server 105 from the received packet (1405). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit (1410).

The encryption processing unit 455 extracts a predetermined symmetric key (or secret key) for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module included in the payment terminal 140. In operation 1420, the encrypted payment processing result data (or payment approval specialized data) is decrypted using the extracted symmetric key (or secret key).

When the payment processing result data (or payment approval specialized data) encrypted through the symmetric key (or secret key) is decrypted as described above, the encryption processing unit outputs the payment processing result data (or payment approval specialized data) to the screen output unit. The screen is output through 1405 or 1425a and / or provided to the printing unit 420 to be output.

Hereinafter, the technical features of the present invention will be described through a preferred embodiment for processing a high-speed wireless Internet-based electronic payment that performs public key encryption and / or decryption procedures.

15 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 15 is connected to the high-speed wireless Internet from the payment terminal 140 with encryption functions as shown in FIGS. 4A, 4B, and 4C, and the payment process is performed when the electronic terminal processes the payment terminal 140. The VAN server 105 which receives the payment terminal 140 and the payment processing related data (or payment approval request specialized data) by encrypting and transmitting related data (or payment approval request specialized data) in a public key infrastructure. The present invention relates to a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between those skilled in the art and those skilled in the art. The VAN server 105 and the portable interface through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from technical matters. Based end-to-end will be able to easily derive various electronic settlement method for providing security, and to which the present invention is not limited.

Referring to FIG. 15, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 in conjunction with a predetermined high-speed wireless Internet) is provided with a function of wirelessly connecting to a predetermined high-speed wireless Internet. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging and initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed. ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying the authentication and the service authority of the payment terminal 140 is performed (1505).

According to an embodiment of the present invention, the preferred authentication procedure for verifying the authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR ( In step 130, a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) provided from the base station 135 is provided to the AAA server 110 on the high-speed wireless Internet. The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs a process of allocating and registering a predetermined IP address with respect to the payment terminal 140 (1510).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Accordingly, the payment terminal 140 periodically monitors an internal resource (eg, a resource for initiating the electronic payment processing in the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment processing is started (1515). If the high-speed wireless Internet-based electronic payment processing is started (1520), the payment terminal 140 receives a predetermined payment information from a predetermined input device for the electronic payment processing, and owns the customer from a card reader device. The predetermined payment means information for the electronic payment processing is read from the medium (eg, MS card, IC card, IC chip, etc.) (1525).

When payment information for electronic payment processing is input as described above and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 includes predetermined payment processing related data including the payment information and payment means information. (Or payment approval request text data) (or payment request text for electronic payment processing) is generated (1530), and the payment processing related data (or payment approval request text data) is based on a public key according to an embodiment of the present invention. Perform an encryption procedure in a structured manner (1535), and transmit the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the communication protocol stack structure defined in the high-speed wireless Internet. To request (1540), a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The provided medium control layer and the medium control layer provided in the base station 135 connected to the payment terminal 140 are mapped between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 1545, the base station 135 and the PAR 130 on the high-speed wireless Internet interwork with each other to search for a payment processing service profile for the payment terminal 140 (1550).

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. The subscriber profile is searched for through the registration information of the payment terminal 140 included in the received CREG_req message, and the acceptance of the registration of the subscriber is determined, and the result is included in the CREG_rsp message and transmitted to the base station 135. .

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and processing the negotiation values and the payment Whether or not to accept the request for establishing the traffic connection is included in the DSA_rsp message and transmitted to the base station 135.

Subsequently, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to establish the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the payment processing service flow information is registered.

If a predetermined payment processing service profile is not found in the PAR 130 (for example, if a traffic connection for payment processing is first attempted after booting the system of the payment terminal 140) (1555), the high-speed wireless The PAR 130 on the Internet performs a change and / or registration and / or addition procedure for the payment processing service profile (1560).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, a payment processing service flow profile is previously generated by performing electronic payment processing through a high-speed wireless Internet) (1555), or When a change and / or registration and / or an additional procedure for the service profile for payment processing is performed (1560), the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), and the base station 135 transmits the information to the base station 135. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. I (1565), communication route for transmitting the encrypted payment process related data (or the payment authorization request specialized data) is as shown in the figure 3a, or figure 3b.

FIG. 16 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a public key based structure according to an embodiment of the present invention.

More specifically, FIG. 16 encrypts the payment processing related data (or payment approval request specialized data) in a public key based structure in a payment terminal 140 having an encryption function as shown in FIGS. 4A, 4B, and 4C. As a preferred embodiment of the present invention, the public key of the VAN server 105 for encryption is a security application module provided in the payment terminal 140 (or the card terminal 475 of the payment terminal 140). 415) (SAM) is preferred.

Referring to FIG. 16, when the data generation unit 450 of the payment terminal 140 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. The encryption processing unit 455 is provided with this (1600), and extracts a predetermined VAN server 105 public key for encrypting the payment processing related data (or payment approval request specialized data) from the security application module ( In operation 1605, the payment processing related data (or payment approval request specialized data) is encrypted using the extracted VAN server 105 public key (1610).

When the payment processing related data (or payment approval request specialized data) is encrypted through the VAN server 105 public key as described above, the communication processing unit 460 performs the encrypted payment processing related data (or payment approval request specialized data). Generates at least one SDU / PDU from and stores it in a higher layer on the communication protocol stack (1615), and the wireless processor 470 is defined between the wireless processor 470 and the base station 135 with respect to the communication protocol stack. By performing a communication process corresponding to a media control layer and a physical layer (1620), the packet corresponding to the encrypted payment processing related data (or payment approval request specialized data) is transmitted through the network component on the high-speed wireless Internet. Transmit to VAN server 105.

17 is a diagram illustrating a payment processing process of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to the embodiment of the present invention.

In more detail, FIG. 17 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing related data (or payment approval request specialized data) through an encryption process as shown in FIG. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided in the intention of the person skilled in the art and / or each of the above VAN operators within the scope of not violating the core technical matters of the present invention with reference to this figure 17. Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 17, payment processing related data (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the encryption procedure as shown in FIG. 16 from the payment terminal 140 to the VAN server 105. When the full data is received through the communication path as shown in FIG. 3a or 3b (1700), the VAN server 105 transmits the received payment processing related data (or payment approval request specialized data) to a public key infrastructure. By decryption processing 1705, end-to-end security for the payment terminal 140 and the VAN server 105 is secured. A detailed procedure thereof will be described in detail with reference to FIG. 18.

If the payment processing related data (or payment approval request specialized data) is not decrypted (1710), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. In operation 1715, the payment terminal 140 transmits the payment to the payment terminal 140.

On the other hand, if the payment processing related data (or payment approval request specialized data) is decoded (1710), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading payment means information, the electronic payment process is performed in connection with a predetermined card company server and / or bank server (1720), and the payment processing related data (or payment approval request specialized data from the card company server and / or bank server). A predetermined payment processing result data (or payment approval specialized data) corresponding to) is received (1725).

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (1730), the VAN server ( 105 encrypts the payment processing result data (or payment approval specialized data) in a public key infrastructure scheme (1735), and encrypts the encrypted payment processing result data (or payment approval specialized data) with the drawings 3a or 3b. Through the same communication path to the payment terminal 140 as shown in Figures 4a, 4b and 4c (1740), a detailed procedure thereof will be described in detail with reference to Figure 19.

FIG. 18 illustrates a method for decrypting payment processing related data (or payment approval request specialized data) encrypted and received by the VAN server 105 in a public key infrastructure according to an embodiment of the present invention.

In more detail, FIG. 18 illustrates the payment processing related data encrypted and received from the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C in the VAN server 105 as shown in FIG. Or a preferred embodiment of the method for decrypting a payment approval request specialized data) using a public key infrastructure, and a VAN server for decrypting the encrypted payment processing related data (or payment approval request specialized data) using a public key infrastructure. (105) The private key is a security application provided in the VAN server 105 in response to a security application module (SAM) provided in the payment terminal 140 (or card terminal 475 of the payment terminal 140). It is preferable to read from the module.

Referring to FIG. 18, the receiving unit 700 of the VAN server 105 is encrypted payment processing-related data (or payment) from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or leased line Receives a packet corresponding to a communication protocol stack including an authorization request specialized data and restores (or generates) payment processing related data (or payment approval request specialized data) encrypted and transmitted from the payment terminal 140 (1800). The encryption unit 710 extracts the private key of the VAN server 105 for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module included in the VAN server 105. In operation 1805, the encrypted VAN server 105 decrypts the encrypted payment processing related data (or payment approval request specialized data) through the extracted private key (1810).

When the payment processing related data (or payment approval request specialized data) encrypted through the VAN server 105 private key is decrypted as described above, the encryption unit 710 may perform the payment processing related data (or payment approval request specialized data). To the payment processing unit 715 (1815), wherein the payment processing unit interoperates with at least one card company server and / or a bank server according to a payment processing procedure defined in the VAN server 105 to provide the payment processing related data. Perform payment processing corresponding to (or payment approval request specialized data);

FIG. 19 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in a public key infrastructure structure in a VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 19 shows payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. As a preferred embodiment of the present invention, a payment terminal public key for encryption is preferably read from a security application module provided in the VAN server 105. .

Referring to FIG. 19, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit 715. When the payment approval professional data) is received, the encryption unit 710 is provided with this (1900), and a predetermined payment terminal public key for encrypting the payment processing result data (or payment approval professional data) from the security application module. In operation 1905, the payment processing result data (or payment approval specialized data) is encrypted using the extracted payment terminal public key (1910).

When the payment processing result data (or payment approval specialized data) is encrypted through the payment terminal public key as described above, the transmission unit 705 may generate at least one SDU from the encrypted payment processing result data (or payment approval specialized data). / PDUs are generated and stored in a higher layer on the communication protocol stack (1915), thereby creating a communication protocol stack defined between the Internet and / or leased lines connecting the VAN server 105 and the carrier network 100 of the high-speed wireless Internet. A corresponding packet is generated, and the generated packet is transmitted to the payment terminal 140 through a network component on the high speed wireless Internet.

20 is a diagram illustrating a payment processing process of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, in FIG. 20, as shown in FIG. 15, the payment terminal 140 encrypts predetermined payment processing related data (or payment approval request specialized data) and transmits the encrypted data to the VAN server 105. Receiving the VAN server 105 and the payment processing result data (or payment approval specialized data) by decrypting the payment processing result data (or payment approval specialized data) encrypted and received from the public key infrastructure structure. As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security between the payment terminal 140, those skilled in the art to which the present invention pertains, see FIG. The VAN through the payment terminal 140 corresponding to the Figures 4a, 4b and 4c without departing from the core technical matters of the present invention. Various electronic payment processing methods for providing end-to-end security between the server 105 and the portable Internet may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 20, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the same process as in FIG. 15 may transmit the VAN server 105 through the high-speed wireless Internet. Waiting for the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from (2000).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (2005), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval specialized data) is decoded and output in a public key infrastructure structure (2010), and a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment process of the payment terminal 140 as shown in FIGS. 15 and 20 is preferably repeated until the payment function of the payment terminal 140 ends (2015).

21 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received at a payment terminal 140 according to an embodiment of the present invention using a public key infrastructure.

In more detail, FIG. 21 is received from the VAN server 105 as shown in FIG. 7 through an encryption procedure as shown in FIG. 19 in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. The present invention relates to a preferred method for decrypting the received payment processing result data (or payment approval specialized data) in a public key infrastructure, wherein the payment terminal private key is a card terminal of the payment terminal 140 (or the payment terminal 140). It is preferable to read from the security application module (SAM) provided in the stage (475).

Referring to FIG. 21, the wireless processing unit 470 of the payment terminal 140 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. 2100, the communication processing unit 460 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VAN server 105 from the received packet (2105). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit (2110).

The encryption processing unit 455 extracts a predetermined payment terminal private key for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module included in the payment terminal 140 (2115). In step 2120, the encrypted payment processing result data (or payment approval specialized data) is decrypted using the extracted payment terminal private key.

When the payment processing result data (or payment approval specialized data) encrypted through the payment terminal private key is decrypted as described above, the encryption processing unit 455 outputs the payment processing result data (or payment approval specialized data) to the screen output unit. The screen is output through 2405 (2125a) and / or provided to the printing unit 420 to be output (2125b).

Hereinafter, the technical features of the present invention will be described through a preferred embodiment of processing a high-speed wireless Internet-based electronic payment that performs an electronic envelope encryption and / or decryption procedure.

22 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 22 is connected to the high-speed wireless Internet in the payment terminal 140 with encryption functions as shown in FIGS. 4A, 4B, and 4C, and the payment process is performed when the electronic terminal processes the payment terminal 140. By encrypting and transmitting related data (or payment approval request specialized data) in an electronic envelope method, between the payment terminal 140 and the VAN server 105 that receives the payment processing related data (or payment approval request specialized data). As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security, those skilled in the art to which the present invention pertains, the core technical of the present invention with reference to FIG. Based on the VAN server 105 and the mobile Internet through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from the matters described above. Inter-stage will be able to easily derive various electronic settlement method for providing security, and to which the present invention is not limited.

Referring to FIG. 22, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 in association with a predetermined high-speed wireless Internet) is provided. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging, and an initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed (2200). ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying the authentication and service authority of the payment terminal 140 is performed (2205).

According to an embodiment of the present invention, a preferred authentication procedure for verifying authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR. When the 130 provides a DER (Extensible Authentication Protocol) Request (DER) message including a subscriber ID (ID) provided from the base station 135 to the AAA server 110 on the high-speed wireless Internet, The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs the process of allocating and registering a predetermined IP address with respect to the payment terminal 140 (2210).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Accordingly, the payment terminal 140 periodically monitors an internal resource (for example, a resource for initiating the electronic payment processing in the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment processing is started (2215). If the high-speed wireless Internet-based electronic payment processing is started (2220), the payment terminal 140 receives predetermined payment information from a predetermined input device for the electronic payment processing, and the customer-owned medium from the card reader device (E.g., MS card, IC card, IC chip, etc.), predetermined payment means information for the electronic payment processing is read (2225).

When payment information for electronic payment processing is input as described above and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 includes predetermined payment processing related data including the payment information and payment means information. (Or payment approval request text data) (or payment request text for electronic payment processing) is generated (2230), and the payment processing related data (or payment approval request text data) is an electronic envelope method according to an embodiment of the present invention. Perform an encryption procedure (2235), and request to transmit the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the communication protocol stack structure defined in the high-speed wireless Internet. 2240, a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The provided medium control layer and the medium control layer provided in the base station 135 connected to the payment terminal 140 are mapped between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 2245, the base station 135 and the PAR 130 on the high-speed wireless Internet interwork with each other to search for a service profile for payment processing for the payment terminal 140 (2250).

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. The subscriber profile is searched for through the registration information of the payment terminal 140 included in the received CREG_req message, and the acceptance of the registration of the subscriber is determined, and the result is included in the CREG_rsp message and transmitted to the base station 135. .

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and processing the negotiation values and the payment Whether or not to accept the request for establishing the traffic connection is included in the DSA_rsp message and transmitted to the base station 135.

Subsequently, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to establish the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the payment processing service flow information is registered.

If a predetermined payment processing service profile is not retrieved from the PAR 130 (eg, if a traffic connection for payment processing is first attempted after system booting of the payment terminal 140) (2255), the high-speed wireless The PAR 130 on the Internet performs a change and / or registration and / or an additional procedure for the payment processing service profile (2260).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, a payment processing service flow profile has been previously generated by performing electronic payment processing through a high-speed wireless Internet) (2255), or When a change and / or registration and / or an additional procedure for the service profile for payment processing is performed (2260), the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), and the base station 135 transmits the information to the base station 135. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. I (2265), communication route for transmitting the encrypted payment process related data (or the payment authorization request specialized data) is as shown in the figure 3a, or figure 3b.

FIG. 23 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in an electronic envelope method according to an embodiment of the present invention.

More specifically, FIG. 23 encrypts and transmits the payment processing related data (or payment approval request specialized data) in an electronic envelope method in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. As a preferred embodiment, the VAN server 105 public key for encryption is a security application module (SAM) provided in the payment terminal 140 (or card terminal 475 of the payment terminal 140). It is preferable to read from.

Referring to FIG. 23, the data generation unit 450 of the payment terminal 140 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. When the encryption processing unit 455 is provided with it (2300), the predetermined random secret key for encrypting the payment processing related data (or payment approval request specialized data) by a secret key (symmetric key) method ( A random secret key is generated (2305), and the payment processing related data (or payment approval request specialized data) is encrypted using the generated secret key (2310).

In addition, the encryption processing unit 455 extracts a predetermined VAN server 105 public key from the security application module to encrypt the secret key encrypting the payment processing related data (or payment approval request specialized data) ( 2315), using the VAN server 105 public key, encrypts a secret key that encrypts the payment processing related data (or payment approval request specialized data) (2320).

When the payment processing related data (or payment approval request specialized data) is encrypted with a predetermined secret key randomly generated as described above, and the secret key is encrypted through the VAN server 105 public key, the encryption processing unit ( 455 generates transaction data associated with the payment processing related data (or payment approval request specialized data) encrypted with the secret key and the secret key encrypted with the public key of the VAN server 105 and provides the transaction data to the communication processing unit 460 ( 2325)

The communication processor 460 generates at least one SDU / PDU from the transaction data and stores it in an upper layer on a communication protocol stack (2330), and the wireless processor 470 performs the radio processing unit 470 on the communication protocol stack. By performing a communication process corresponding to the media control layer and the physical layer defined between the base station 135 and the base station 135 (2335), the encrypted payment processing related data (or payment approval request specialized data) on the high-speed wireless Internet It transmits to the VAN server 105 through a network component.

24 is a diagram illustrating a payment processing procedure of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 24 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing related data (or payment approval request specialized data) encrypted through an encryption procedure as shown in FIG. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided to the intention of the person skilled in the art and / or each of the above-mentioned VAN operators within the scope of not violating the core technical matters of the present invention with reference to this figure 24 Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 24, data related to payment processing (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C to the VAN server 105 through an encryption procedure as shown in FIG. When the full data is received through the communication path as shown in FIG. 3a or 3b (2400), the VAN server 105 decrypts the received payment processing related data (or payment approval request professional data) by an electronic envelope method. By processing (2405), end-to-end security for the payment terminal 140 and the VAN server 105 is secured, a detailed procedure for this will be described in detail with reference to FIG.

If the payment processing related data (or payment approval request specialized data) is not decrypted (2410), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. The payment terminal 140 transmits the data to the payment terminal 140 (2415).

On the other hand, if the payment processing related data (or payment approval request specialized data) is decoded (2410), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading the payment means information, and performs the electronic payment procedure in connection with a predetermined card company server and / or bank server (2420), and the data related to the payment processing (or payment authorization request from the card company server and / or bank server) The predetermined payment processing result data (or payment approval specialized data) corresponding to the data) is received (2425).

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (2430), the VAN server ( 105 encrypts the payment processing result data (or payment approval specialized data) in an electronic envelope method (2435) and communicates the encrypted payment processing result data (or payment approval specialized data) as shown in FIGS. 3A or 3B. It is transmitted to the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the path (2440), and a detailed procedure thereof will be described in detail with reference to FIG.

25 is a diagram illustrating a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received by the VAN server 105 according to an embodiment of the present invention by an electronic envelope method.

In more detail, FIG. 25 is the VAN server 105 as shown in FIG. 7, wherein the payment process related data received from the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C is encrypted. Or a method for decrypting payment approval request specialized data) by an electronic envelope method, wherein the VAN server 105 individual for decrypting the encrypted payment processing related data (or payment approval request specialized data) by an electronic envelope method. The key is read from the security application module provided in the VAN server 105 in response to a security application module (SAM) provided in the payment terminal 140 (or the card terminal 475 of the payment terminal 140). It is preferable.

Referring to FIG. 25, the receiving unit 700 of the VAN server 105 is encrypted payment processing related data (or payment) from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or leased line Receiving a packet corresponding to a communication protocol stack including an authorization request specialized data and restoring (or generating) payment processing related data (or payment approval request specialized data) encrypted and transmitted from the payment terminal 140 (2500). The encryption unit 710 extracts the private key of the VAN server 105 for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module included in the VAN server 105. (2505), and decrypting the secret key encrypted with the VAN server 105 public key through the extracted VAN server 105 private key (2510), the payment processing related data (or payment approval) Extracting the secret key for decrypting the authority text (2515), and decrypting the payment processing related data (or payment approval request specialized data) using the extracted secret key (2520), and encrypting the secret key. The payment processing related data (or payment approval request specialized data) is extracted (2525).

When the payment processing related data (or payment approval request specialized data) is decrypted as described above, the encryption unit 710 provides the payment processing related data (or payment approval request specialized data) to the payment processing unit 715 ( 2530), the payment processing unit 715 is linked with at least one card company server and / or bank server according to the payment processing procedures defined in the VAN server 105, the data related to the payment processing (or payment approval request specialized data) Perform a payment process corresponding to the.

FIG. 26 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in an electronic envelope method in a VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 26 illustrates payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. As a preferred embodiment of the method for encrypting and transmitting payment approval data) by an electronic envelope method, the payment terminal public key for encryption is preferably read from a security application module provided in the VAN server 105.

Referring to FIG. 26, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit, or the payment approval message Data) is received, the encryption unit is provided with it (2600),

Generate a random secret key for encrypting the payment processing result data (or payment approval specialized data) by a secret key (symmetric key) method (2605), and generates the generated secret key The payment processing result data (or payment approval specialized data) is encrypted using the operation 2610.

In addition, the encryption unit 710 extracts a predetermined payment terminal public key from the security application module (2615) to encrypt the secret key that encrypts the payment processing result data (or payment approval specialized data) (2615). A secret key that encrypts the payment processing result data (or payment approval specialized data) is encrypted using the payment terminal public key (2620).

When the payment processing result data (or payment approval specialized data) is encrypted with a predetermined secret key randomly generated as described above, and the secret key is encrypted through the payment terminal public key, the encryption unit 710 is the secret. It generates transaction data associated with a payment processing result data (or payment approval specialized data) encrypted with a key and a secret key encrypted with the payment terminal public key and provides the same to the transmission unit.

The transmission unit 705 generates at least one SDU / PDU from the transaction data and stores it in a higher layer on a communication protocol stack (2625), thereby establishing the VAN server 105 and the operator network 100 of the high-speed wireless Internet. A packet corresponding to a communication protocol stack defined between the connecting Internet and / or a dedicated line is generated, and the generated packet is transmitted to the payment terminal 140 through a network component on the high-speed wireless Internet.

27 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 27 shows a payment terminal 140 which transmits the predetermined payment processing related data (or payment approval request specialized data) to the VAN server 105 as shown in FIG. The payment terminal receiving the VAN server 105 and the payment processing result data (or payment approval specialized data) by decrypting the payment processing result data (or payment approval specialized data) encrypted by the electronic envelope method. As a preferred embodiment of the electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the 140, those skilled in the art to which the present invention pertains, with reference to this figure 27 The VAN server 105 through the payment terminal 140 corresponding to the Figures 4a, 4b and 4c without departing from the essential technical matters of the present invention. And a variety of electronic payment processing methods for providing end-to-end security based on the mobile Internet, and thus the present invention is not limited thereto.

Referring to FIG. 27, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the same process as in FIG. 22 is connected to the VAN server 105 through the high-speed wireless Internet. Waiting for the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from (2700).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (2705), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval data) is decoded and output in an electronic envelope method (2710), and a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment process of the payment terminal 140 as shown in FIGS. 22 and 27 is preferably repeated until the payment function of the payment terminal 140 ends (2715).

28 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by the payment terminal 140 according to an embodiment of the present invention by an electronic envelope method.

More specifically, FIG. 28 is received from the VAN server 105 as shown in FIG. 7 through an encryption procedure as shown in FIG. 26 in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. The present invention relates to a preferred method of decrypting the received payment processing result data (or payment approval specialized data) by an electronic envelope method, wherein the payment terminal private key is the card terminal of the payment terminal 140 (or the payment terminal 140 ( 475) is preferably read from the security application module (SAM) provided in.

Referring to FIG. 28, the wireless processing unit 470 of the payment terminal 140 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. The communication processor 460 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VAN server 105 from the received packet (2805). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit (2810).

The encryption processing unit 455 extracts a predetermined payment terminal private key for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module included in the payment terminal 140 (2815). (2820) by decrypting the secret key encrypted with the payment terminal public key through the extracted payment terminal private key, extracting the secret key for decrypting the payment processing result data (or payment approval specialized data); 2825, the payment processing result data (or payment approval specialized data) is decrypted using the extracted secret key (2830), and the payment processing result data (or payment approval specialized data) encrypted with the secret key is extracted. (2835).

When the payment processing result data (or payment approval specialized data) is decrypted as described above, the encryption processing unit 455 outputs the payment processing result data (or payment approval specialized data) through the screen output unit (2840a), and And / or provide a printout to the printing unit (2840b).

Hereinafter, the technical features of the present invention will be described through a preferred embodiment of processing a high-speed wireless Internet-based electronic payment that performs an encryption and / or decryption procedure using an electronic signature and a key exchange method.

29 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 29 is connected to the high-speed wireless Internet in the payment terminal 140 with encryption functions as shown in FIGS. 4A, 4B, and 4C, and the payment process is performed when the electronic terminal processes the payment terminal 140. The VAN server 105 which receives the payment terminal 140 and the payment processing related data (or payment approval request specialized data) by encrypting and transmitting related data (or payment approval request specialized data) by an electronic signature and a key exchange method. The present invention relates to a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the present invention and those skilled in the art to which the present invention pertains. The VAN server 105 and the portable interface through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from essential technical matters. Various electronic payment processing methods for providing net-based end-to-end security can be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 29, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 in association with a function of wirelessly connecting to a predetermined high-speed wireless Internet) is provided. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging and initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed (2900). ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying the authentication and the service authority of the payment terminal 140 is performed (2905).

According to an embodiment of the present invention, the preferred authentication procedure for verifying the authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR ( In step 130, a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) provided from the base station 135 is provided to the AAA server 110 on the high-speed wireless Internet. The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs the process of allocating and registering a predetermined IP address with respect to the payment terminal 140 (2910).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Accordingly, the payment terminal 140 periodically monitors an internal resource (eg, a resource for initiating the electronic payment processing in the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment processing is started (2915). If the high-speed wireless Internet-based electronic payment processing is started (2920), the payment terminal 140 receives a predetermined payment information from a predetermined input device for the electronic payment processing, and the customer-owned medium from the card reader device (E.g., MS card, IC card, IC chip, etc.), predetermined payment means information for the electronic payment processing is read (2925).

When payment information for electronic payment processing is input as described above and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 includes predetermined payment processing related data including the payment information and payment means information. (Or payment approval request text data) (or payment request text for electronic payment processing) (2930), and the payment processing related data (or payment approval request text data) according to an embodiment of the present invention. Perform an encryption procedure using a key exchange method (2935), and transmit the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the communication protocol stack structure defined in the high-speed wireless Internet. To request (2940), a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The provided medium control layer and the medium control layer provided in the base station 135 connected to the payment terminal 140 are mapped between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 2950, the base station 135 and the PAR 130 interoperate with each other to search for a payment processing service profile for the payment terminal 140.

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. Search for the subscriber profile through the registration information of the payment terminal 140 included in the received CREG_req message, determine whether to accept the registration of the subscriber, and transmit the result to the base station 135 by including the result in the CREG_rsp message. do.

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and processing the negotiation values and the payment Whether or not to accept the request for establishing the traffic connection is included in the DSA_rsp message and transmitted to the base station 135.

Subsequently, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to establish the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the payment processing service flow information is registered.

If a predetermined payment processing service profile is not retrieved from the PAR 130 (eg, if a traffic connection for payment processing is first attempted after system booting of the payment terminal 140), the high speed wireless The PAR 130 on the Internet performs a change and / or registration and / or an additional procedure for the payment processing service profile (2960).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, an electronic payment processing has been previously performed through a high-speed wireless Internet, and a service flow profile for payment processing has been previously generated) (2955), or When a change and / or registration and / or additional procedure for the payment processing service profile is performed (2960), the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), which is transmitted to the base station 135 by the PAR 130. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. In 2965, the communication path for transmitting the encrypted payment processing related data (or payment approval request specialized data) is as shown in FIG. 3A or 3B.

30A and 30B illustrate a method of encrypting and transmitting payment processing related data (or payment approval request specialized data) by an electronic signature and a key exchange method in the payment terminal 140 according to an embodiment of the present invention.

In more detail, FIGS. 30A and 30B show an electronic signature and a key of the payment processing related data (or payment approval request specialized data) in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. The present invention relates to a method of encrypting and transmitting in an exchange method, wherein the payment terminal private key and the public key of the VAN server 105 for encryption are the card terminal 475 of the payment terminal 140 (or the payment terminal 140). It is preferable to read from the security application module (SAM) provided in the).

Referring to FIGS. 30A and 30B, the data generation unit 450 of the payment terminal 140 includes predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. Is generated, the encryption processing unit 455 is provided with this (3000), the payment processing related data (or payment approval request specialized data) a predetermined one-way hash function (for example, the payment processing related data (or payment approval request) Regardless of the length of the full text data), a message digest including a hash code (HA 120) code of a predetermined length is generated, and the original message is identified through the hash code (or message digest). Or one-way hash function (HA 120) that cannot be inferred.The payment terminal and the VAN server 105 use the same hash function to generate a predetermined message digest (300). 5) The digital signature is digitally signed by encrypting the message digest through the payment terminal private key (3010).

In addition, the encryption processing unit 455 generates a predetermined random secret key for encrypting the payment processing related data (or payment approval request specialized data) using a secret key (symmetric key) method, 3015, the message digest encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key and a certificate (eg, a payment terminal public key) included in the security application module 415. The certificate is linked to the copy and encrypted using the generated private key (3020). In addition, the encryption processing unit 455 extracts a predetermined VAN server 105 public key from the security application module to encrypt the secret key encrypting the payment processing related data (or payment approval request specialized data) ( In operation 3030, the private key encrypting the payment processing related data (or payment approval request specialized data) is encrypted using the VAN server 105 public key (3030).

The payment processing related data (or payment approval request specialized data) and the copy of a certificate including the message digest encrypted with the payment terminal private key and the payment terminal public key are linked to each other and encrypted through the generated secret key, and the secret When the key is encrypted using the public key of the VAN server 105, the encryption processing unit 455 is encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key encrypted through the secret key. A certificate copy including the message digest and the payment terminal public key is associated with a secret key encrypted with the VAN server 105 public key to generate predetermined transaction data, and the generated transaction data is transmitted to the communication processor 460. (3035).

The communication processing unit 460 generates at least one SDU / PDU from the transaction data and stores it in an upper layer on a communication protocol stack (3040), and the wireless processing unit 470 performs the radio processing unit 470 on the communication protocol stack. By performing communication processing corresponding to the media control layer and the physical layer defined between the base station 135 and the base station 135 (3045), the encrypted payment processing related data (or payment approval request specialized data) on the high-speed wireless Internet It transmits to the VAN server 105 through a network component.

31 is a diagram illustrating a payment processing procedure of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 31 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing related data (or payment approval request specialized data) through an encryption process as shown in FIG. 30. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided in the intention of the person skilled in the art and / or each of the above VAN operators with reference to the drawing 31 does not violate the essential technical matters of the present invention. Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 31, payment processing related data (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the encryption procedure as shown in FIG. 30 from the payment terminal 140 to the VAN server 105. When the full text data is received through the communication path as shown in FIG. 3a or 3b (3100), the VAN server 105 exchanges the received payment processing related data (or payment approval request professional data) with an electronic signature and key exchange. By way of the decryption process 3105, end-to-end security for the payment terminal 140 and the VAN server 105 is secured. A detailed procedure thereof will be described in detail with reference to FIG.

If the payment processing related data (or payment approval request specialized data) is not decrypted (3110), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. In operation 3115, the payment terminal 140 transmits the payment to the payment terminal 140.

On the other hand, if the payment processing related data (or payment approval request specialized data) is decrypted (3110), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading the payment means information, and performs the electronic payment procedure in connection with a predetermined card company server and / or bank server (3120), and the payment processing related data (or payment approval request specialized data from the card company server and / or bank server) (3125) a predetermined payment processing result data (or payment approval specialized data) corresponding to) is received.

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (3130), the VAN server ( In step 105, the payment processing result data (or payment approval specialized data) is encrypted by electronic signature and key exchange method (3135), and the encrypted payment processing result data (or payment approval specialized data) is stored in the drawings 3a or 3b. Through the communication path as shown in FIG. 4A, FIG. 4B, and the payment terminal 140 as shown in FIG. 4C (3140), a detailed procedure thereof will be described in detail with reference to FIG.

32A and 32B illustrate a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received at the VAN server 105 by an electronic signature and key exchange method according to an embodiment of the present invention. to be.

In more detail, FIGS. 32A and 32B are encrypted payments received from a payment terminal 140 having an encryption function as shown in FIGS. 4A, 4B, and 4C in the VAN server 105 as shown in FIG. A preferred method of decrypting processing related data (or payment approval request specialized data) by an electronic signature and key exchange method, wherein the encrypted payment processing related data (or payment approval request specialized data) is converted into an electronic signature and key exchange method. The VAN server 105 private key and the payment terminal public key for decryption correspond to a security application module (SAM) provided in the payment terminal 140 (or the card terminal 475 of the payment terminal 140). It is preferable to read from the security application module provided in the VAN server 105.

Referring to FIGS. 32A and 32B, the receiver 700 of the VAN server 105 stores data related to payment processing encrypted from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or a dedicated line. Receives a packet corresponding to a communication protocol stack including (or payment approval request specialized data) to restore (or generate) encrypted transaction data transmitted from the payment terminal 140 (3200), and restore (or generate). The transaction data is provided to the encryption unit 710 (3205), and the transaction data is encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key encrypted with the secret key. A copy of the certificate including the digest and the payment terminal public key, and the secret key encrypted with the VAN server 105 public key. It is desirable to lose.

The encryption unit 710 extracts the private key of the VAN server 105 from the security application module included in the VAN server 105 to decrypt the private key encrypted with the public key of the VAN server 105 (3210). By decrypting the secret key through the VAN server 105 private key, the message digest and the payment terminal public key encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key. The secret key for decrypting the copy of the certificate including the symbol is extracted (3220).

When the secret key is extracted as described above, the encryption unit 710 uses the extracted secret key and the message digest encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key, and the By decrypting a copy of the certificate including the payment terminal public key (3225), the message digest and the payment terminal disclosure encrypted with the payment processing related data (or payment approval request specialized data) encrypted with the secret key and the payment terminal private key. Extract a copy of the certificate that contains the key.

In addition, the encryption unit 710 decrypts the message digest encrypted with the payment terminal private key (3230) through the payment terminal public key (3230), so that the payment terminal-related data (or payment approval request) Message digest generated and transmitted (3235), and the received message processing related data (or payment approval request specialized data) is a predetermined message digest through the same one-way hash function as the payment terminal 140. After generating 3240, the generated message digest is compared with the decrypted message digest (3245) to check the validity of the received payment processing related data (or payment approval request specialized data).

If the generated message digest coincides with the decrypted message digest (3250), the encryption unit 710 provides the payment processing related data (or payment approval request specialized data) to the payment processing unit 715 ( 3255), the payment processing unit corresponding to the payment processing related data (or payment approval request specialized data) in conjunction with at least one card company server and / or bank server in accordance with the payment processing procedure defined in the VAN server 105 Perform payment processing.

FIG. 33 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a digital signature and key exchange method in a VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 33 shows payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. The preferred embodiment of the present invention encrypts payment approval data) using an electronic signature and a key exchange method, and the payment terminal public key and the VAN server 105 private key for encryption are provided in the VAN server 105. It is preferable to read from the security application module.

Referring to FIG. 33, payment processing result data (or payment approval message) corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit. When the data is received, the encryption unit is provided with the data (3300), and the payment processing result data (or payment approval specialized data) of a predetermined one-way hash function (eg, the payment processing result data (or payment approval specialized data) Create a message digest containing a hash code (HA 120) shcode of any length, regardless of length, and verify (or infer) the original message via the hash code (or message digest). One-way hash function (HA 120) function that cannot be generated. The predetermined message digest is generated through the VAN server 105 and the payment terminal using the same hash function. The message digest is digitally signed (3310) by encrypting the message digest through the VAN server 105 private key.

In addition, the encryption unit 710 generates a predetermined random secret key for encrypting the payment processing result data (or payment approval specialized data) by a secret key (symmetric key) method ( 3315), generating the connection by copying a certificate including the message processing data encrypted with the payment processing result data (or payment approval specialized data) and the VAN server 105 private key and the VAN server 105 public key. Encrypted via the secret key (3320).

In addition, the encryption unit 710 extracts (3325) a predetermined payment terminal public key from the security application module to encrypt the secret key that encrypts the payment processing result data (or payment approval specialized data). The secret key used for encryption is encrypted using the payment terminal public key (3330).

The payment processing result data (or payment approval data) and the copy of the certificate including the message digest encrypted with the VAN server 105 private key and the VAN server 105 public key are linked to each other through the generated secret key. If the secret key is encrypted using the payment terminal public key, the encryption unit is encrypted with the payment processing result data (or payment approval specialized data) and the VAN server 105 private key encrypted with the secret key. A certificate copy including the message digest and the VAN server 105 public key is generated in association with a secret key encrypted with the payment terminal public key to generate predetermined transaction data and provide it to the transmission unit 705.

The transmission unit 705 generates at least one SDU / PDU from the transaction data and stores it in a higher layer on a communication protocol stack (3335), thereby establishing a network of the VAN server 105 and the carrier network 100 of the high-speed wireless Internet. A packet corresponding to a communication protocol stack defined between the connecting Internet and / or a dedicated line is generated, and the generated packet is transmitted to the payment terminal 140 through a network component on the high-speed wireless Internet.

34 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, as shown in FIG. 29, in FIG. 34, the payment terminal 140 encrypts predetermined payment processing-related data (or payment approval request specialized data) and transmits the encrypted data to the VAN server 105. 105, the VAN server 105 receives the payment processing result data (or payment approval specialized data) by decrypting the payment processing result data (or payment approval specialized data) encrypted and received from the electronic signature and the key exchange method. As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security between the payment terminal 140, if the person skilled in the art to which the present invention pertains, The V through the payment terminal 140 corresponding to the Figures 4a, 4b and 4c without departing from the core technical matters of the present invention with reference to Various electronic payment processing methods for providing the AN server 105 and the portable Internet-based end-to-end security will be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 34, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the process as shown in FIG. 29 is connected to the VAN server 105 via the high-speed wireless Internet. Waits for the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) from (3400).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (3405), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval specialized data) may be decoded and output using an electronic signature and a key exchange method (3410), and a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment process of the payment terminal 140 as shown in FIGS. 29 and 34 is preferably repeated until the payment function of the payment terminal 140 ends (3415).

35A and 35B illustrate a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by the payment terminal 140 according to an exemplary embodiment of the present invention by an electronic signature and a key exchange method. .

In more detail, FIGS. 35A and 35B show an encryption procedure as shown in FIG. 33 from the VAN server 105 as shown in FIG. 7 in the payment terminal 140 having the encryption function as shown in FIGS. 4A and 4B and 4C. The present invention relates to a preferred method of decrypting payment processing result data (or payment approval specialized data) received through an electronic signature and a key exchange method, wherein the payment terminal private key is the payment terminal 140 (or payment terminal 140). It is preferable to read from the security application module (SAM) provided in the card terminal 475).

35A and 35B, the wireless processing unit 470 of the payment terminal 140 includes a packet corresponding to a communication protocol stack including payment processing result data (or payment approval specialized data) encrypted from the high-speed wireless Internet. Receiving (3500), the communication processing unit transmits the transaction data encrypted by the VAN server 105 from the received packet (e.g., the payment processing result data (or payment approval specialized data) encrypted with a predetermined secret key). And restore (or generate) a copy of the certificate including the message digest encrypted with the VAN server 105 private key and the private key encrypted with the payment terminal public key (3505). In operation 3110, the restored (or generated) transaction data is provided to the encryption processing unit 455.

The encryption processing unit 455 extracts a predetermined payment terminal private key for decrypting the secret key encrypted with the payment terminal public key from the security application module included in the payment terminal 140 (3515). By decrypting the private key encrypted with the public key with the payment terminal private key (3520), the message digest and the VAN server 105 encrypted with the payment processing result data (or payment authorization data) and the VAN server 105 private key. Extract the private key for decrypting the copy of the certificate including the public key (3525),

When the secret key is extracted as described above, the encryption processing unit 455 encrypts the message digest encrypted with the payment processing result data (or payment approval specialized data) and the VAN server 105 private key using the extracted secret key. And decrypting a copy of the certificate including the public key of the VAN server 105 (3530), thereby encrypting the payment processing result data (or payment approval specialized data) encrypted with the secret key and the private key of the VAN server 105. A copy of the certificate including the message digest and the VAN server 105 public key is extracted.

The encryption processing unit 455 decrypts the message digest encrypted with the private key of the VAN server 105 through the VAN server 105 public key (3535), thereby allowing the payment processing result data (or payment approval) in the encryption unit. Text message), and extracts the message digest generated (3540) and transmits the received message processing result data (or payment approval message data) through the same one-way hash function as the encryption unit 710. After generation (3545), the validity of the received payment processing result data (or payment approval specialized data) is checked by comparing the generated message digest with the decrypted message digest (3550).

If the generated message digest and the decrypted message digest coincide with each other (3555), the encryption processing unit displays the payment processing result data (or payment approval specialized data) through the screen output unit 405. Output (3560a) and / or provided to the printing unit 420 to print (3560b).

According to the present invention, there is an advantage of maintaining high end-to-end security between a payment terminal located in the high-speed wireless Internet and a VAN server when using the high-speed wireless Internet having weak security as a communication network for electronic payment processing.

Claims (3)

Generating payment processing related data (payment approval request full text data) at the payment terminal; Generating a predetermined random secret key in the payment terminal; Encrypting, at the payment terminal, the payment processing related data (payment approval request specialized data) through the random secret key; Extracting a VAN server public key from the terminal security application module at the payment terminal; Encrypting, at the payment terminal, the random secret key with the VAN server public key; Concatenating the encrypted payment processing related data (payment authorization request specialized data) and a random secret key in the payment terminal and storing the encrypted secret processing key in an upper layer of the portable internet protocol stack; Adding, by the payment terminal, a portable Internet based MAC layer and a PHY layer to the portable Internet protocol stack in which the encrypted payment processing related data (payment approval request specialized data) and the random secret key are stored and transmitted to the base station on the portable Internet communication network ; The base station on the portable Internet communication network removes the portable Internet protocol based MAC layer and the PHY layer from the portable Internet protocol stack, changes the portable Internet protocol stack to an Internet protocol stack, and then changes the changed Internet protocol stack through a VAN network. Transmitting to a server; Restoring encrypted payment processing related data (payment authorization request specialized data) and random secret key after receiving the internet protocol stack from the VAN server; Extracting a private key of the VAN server from a server-side security application module in the VAN server; Decrypting, by the VAN server, the random secret key through the extracted private key of the VAN server; And Decrypting the payment processing related data (payment approval request specialized data) encrypted by the random secret key decrypted by the VAN server; And performing a predetermined payment processing procedure using the decrypted payment processing related data (payment approval request specialized data) in the VAN server. The method of claim 1, wherein the performing of the predetermined payment processing procedure using the decrypted payment processing related data (payment approval request specialized data) in the VAN server, Receiving payment approval data corresponding to the payment processing related data (payment approval request specialized data) from a card company server at the VAN server; Generating a predetermined random secret key in the VAN server; Encrypting payment approval specialized data corresponding to the payment approval data through the random secret key in the VAN server; Extracting a public key of the payment terminal from a server-side security application module in the VAN server; Encrypting, at the VAN server, the random secret key with the public key of the payment terminal; Concatenating the encrypted payment approval data and the random secret key in the VAN server, storing them in an upper layer of the Internet protocol stack, and transmitting them to a base station on a portable Internet communication network; Changing the internet protocol stack to a portable internet protocol stack by a base station on the portable internet communication network, and adding a portable internet based MAC layer and a PHY layer to the changed portable internet protocol stack to transmit to the payment terminal; Restoring the encrypted payment authorization data and a random secret key after receiving the portable Internet protocol stack at the payment terminal; Extracting a private key of a payment terminal from the terminal security application module at the payment terminal; Decrypting and reading the random secret key through the payment terminal private key in the payment terminal; Decrypting, at the payment terminal, the encrypted payment approval text data through the random secret key; And outputting the decrypted payment approval message data through a predetermined screen output device and / or a printing device in the payment terminal. A computer-readable recording medium having recorded thereon a program for executing the method of claim 1.

Images