KR100951596B1 - Method for Post-issuing Application for Smartcard - Google Patents

Abstract

The present invention provides a method of extracting network routing information from a network card, which allows a card terminal to access a network card server that provides a smart card management area including a smart card personalization information and an application for a smart card. Accessing the smart card personalization information and the smart card application management area of the network card server based on the extracted network routing information from the card terminal to confirm the smart card personalization information and the smart card application; and the identified smart at the card terminal. And receiving a post-issuance of the card application.

Smart card, terminal, network

Description

Method for Post-issuing Application for Smartcard {Method for Post-issuing Application for Smartcard}

1 is a simplified block diagram of the physical structure of a typical contact smart card.

2 is a simple configuration diagram of a logical structure of an IC chip mounted on a general smart card.

3 is a simple block diagram of the structure of a typical open smart card platform.

4 is a simple block diagram of an existing smart card service provision and post-issuance system.

5 is a simple block diagram of a network card system.

6 is a simplified block diagram of an embodiment of a network card system.

7 is a simple flowchart of the process of issuing a network card.

FIG. 8 is a simple flowchart of a process of post loading a smart card application to a smart card management area of a network card server through a network card.

9 is a simple flowchart illustrating a process of providing a smart card service through the network card system according to the present invention.

<Description of main parts of drawing>

500: network card 505: network card terminal

510: Common IC Chip Emulator 515: CAD Emulator

520: smart terminal application 525: terminal application

530: I / O interface 535: terminal smart card generation unit

540: network card server 545: smart card management program

The present invention provides a network card server for providing a smart card management area including smart card personalization information and an application for smart card, and network routing information for accessing the smart card personalization information and / or smart card application management area. And a common IC chip emulator for generating a network card and a smart card, wherein the common IC chip emulator is used to access the network card server based on the network routing information in the network card, and then through the smart card personalization information. And a network card terminal for dynamically personalizing a chip emulator and dynamically generating a smart card by dynamically issuing a smart card application mounted in the smart card management area. Software to perform the role of a smart card inside the network card terminal in place of a physical smart card equipped with an I / O interface and a physical IC chip that extracts the system and the network routing information from the network card. The smart card personalization information and the smart card application management area of the network card server are accessed based on the public IC chip emulator implemented in the network and the network routing information obtained from the recognition means. A smart card generator that dynamically personalizes a common IC chip emulator, dynamically post-issues a smart card application, and generates a smart card inside the network terminal, and dynamically creates the smart card application inside the network card terminal. It relates to a network card terminal having a CAD Emulator (Card Acceptance Device Emulator) providing an interface for accessing the terminal smart card and a smart terminal application for accessing the terminal smart card through the CAD emulator to provide a smart card service .

The terminal smart card of the present invention is a virtual smart card dynamically generated inside a network card terminal. The smart card dynamically generates a physical smart card equipped with a physical IC chip through a common IC chip emulator of the network card terminal. to be.

As described above, the physical smart card corresponding to the terminal smart card dynamically generated in the network card terminal according to the present invention will be described below.

A smart card is a credit card sized plastic card equipped with an integrated circuit chip (hereinafter referred to as an IC chip). The IC chip is a microprocessor, a card operating system, a security module, and a memory. High-level security features such as authentication, high-capacity storage with more than a few tens of kilobytes, high-speed computing for cryptographic operations, and high-performance information management through card management programs and / or chip operating systems (COS). It is next generation card installed.

Smart cards are generally classified into contact cards, contactless cards, hybrid cards, and combination cards, depending on the interface with the smart card terminal. Depending on the presence of the device, it is classified into a memory card and a microprocessor card.

1 is a schematic diagram of the physical structure of a typical contact smart card.

A smart card is an IC (Integrated Circuit) card in the form of a credit card that can store and compute various digital information by embedding a central processing unit and various memory devices.The IC chip mounted on the smart card is a central processing unit, ROM (Read Only Memory), RAM (Random Access Memory), and EEPROM (Electrically Erasable and Programmable Read Only Memory) or Flash Memory, etc. Each IC chip device is connected via a bus. It is connected.

The central processing unit on the IC chip is a key component that executes and computes the program instructions of the operating system (COS). It is called CPU / MPU (Central Processing Unit / Micro Processing Unit), It interprets the commands included in the Application Protocol Data Unit (APDU) and sends them to the smart card and processes the corresponding operations.

The ROM on the IC chip is a read-only memory that stores information that cannot be erased.It stores a smart card operating system (COS), a language interpreter, and various security codes. Memory that holds the operating system, applications, and data currently in use so that all data that is executed or computed through the smart card's central processing unit is stored once in RAM.

EEPROM or flash memory on the IC chip is a memory that stores smart card applications (hereinafter referred to as "smart card application" or "SCApp") running on the smart card platform, and optionally reads and adds data and information. Can be changed or deleted. In general, most smart card applications on smart cards are stored in EEPROM or flash memory.

According to ISO 7816, the IC chip of the contact smart card is connected to the smart card terminal by contacting the card acceptance device (CAD) through the chip on board (COB), and the COB is composed of 8 contacts, 6 of which The contacts are used for power supply (VCC), initialization signal (RST), clock signal (CLK), ground (GND), program power supply (VPP), and data input / output (I / O). Is reserved as a spare contact.

The biggest feature of the smart card as described above includes a security function in a structure that cannot be arbitrarily read or written from the outside, and the security function of the smart card is controlled by a card management program and / or a COS which is a card operating system. The card management program and / or operating system of the smart card may perform a function of setting an attribute and a password in each directory and file, checking and monitoring the number of failed password attempts, and the like.

2 is a simple block diagram of the logical structure of the IC chip mounted in a general smart card.

In a smart card, files containing smart card information and / or data, such as system files, smart card applications, key files, etc., are stored on the EEPROM and are proposed in ISO 7816-4, the contact smart card standard. The logical file structure of is shown in FIG.

According to ISO 7816-4, a smart card standard, each file mounted on a smart card has a hierarchical structure, and a master file (MF), a dedicated file (DF), and an element are identified by file separators. It can be divided into an element file (EF) and the like.

The master file is a root file, and must be via a master file which is a root file in order to access the smart card application through a card management program and / or an operating system mounted on the smart card.

A dedicated file is a file that classifies each file according to the purpose and application of the smart card service.In order to access the smart card application through the card management program and / or operating system installed in the smart card, the information recorded in the dedicated file is used. Reference should be made.

The element file is a file in which information and / or data providing a smart card service is stored. A smart card application providing a smart card service corresponds to an element file in a logical structure of a smart card.

According to the smart card standard, the protocol used for the smart card is basically a structure that transmits a command from the smart card terminal to the smart card, and the smart card responds in response to the command, the transmission and response of the command This is done through the Application Protocol Data Unit (APDU) of ISO 7816-3.

The processing of the smart card is carried out through the master file after the smart card receives the smart card command from the smart card terminal, the card management program and / or the operating system decrypts the received command and verifies the integrity. This is done by accessing files and element files.

Recently, a smart card is a multi-purpose combination card equipped with a central processing unit, which is capable of executing a program regardless of the card manufacturer, and is aiming at an open platform that is independent of the platform and that can be installed and deleted even after issuing a card. Typical smart card open platforms include Javacard, MULTOS, Smart Card For Windows (SCFW), and SmartTEC OS.

Javacard is a smart card platform that includes a Java Virtual Machine (JVM) on top of a COS (Chip Operating System) .It is a smart card platform that allows online downloading to modify programs inside the card, load one or more applications, and communicate with existing smart cards. It is an open smart card platform based on versatility with card terminals.

MULTOS is a smart card platform with MVM (MEL Virtual Machine) designed as MEL (Multos Executable Language), a unique interpretation language on MULTOS, a multifunctional operating system developed by Mondex and supported by MAOSCO, an industry consortium led by Mondex. It is an open smart card platform that is being used for various smart card applications in Europe, and is mounted in electronic money using smart cards in Korea.

SCFW card is a smart card platform that is equipped with VBVM (Visual Basic Virtual Machine) in the MS Kernel (MicroSoft Kernel) of 8bit operating system dedicated to smart card developed by Microsoft, and through Microsoft Visual Basic. It is an open smart card platform designed to allow general developers who do not have a thorough knowledge of smart cards to approach smart card service development.

3 is a simple block diagram of the structure of a typical open smart card platform.

The open smart card platform has a different structure depending on the features of the language supported by the platform and the COS mounted on the smart card such as Java Card, MULTOS, or SCFW. FIG. 3 is a generalization of the features of the respective open smart card platform structures, such as different Java cards, MULTOS, and SCFW, and the specific structure and configuration names of the respective open smart card platforms are shown in FIG. It may be somewhat different.

In general, the open smart card platform is equipped with a smart card operating system COS is mounted on a hardware consisting of a silicon chip, a virtual machine and a card manager (Card Manager) on top, and above the virtual machine. It has a structure in which a smart card application (SCApp) is mounted.

As described above, the IC chip in which the smart card platform is mounted may include a central processing unit, a read only memory (ROM), a random access memory (RAM), and an electrically erasable and programmable read only memory (EEPROM), a flash memory, or the like. In some cases, a coprocessor for an Elliptic Curve Crypto system (ECC) and / or a Rivest-Shamir-Adleman (RSA) encryption operation is installed. In addition, the hardware of the smart card platform is equipped with a chip on board (COB) (plate of eight contacts) and / or RF (Radio Frequency) antenna to provide a communication connection with the smart terminal via CAD.

The operating system (COS) of the smart card platform is a system program embedded in the IC chip's ROM for driving the smart card. The smart card platform has developed and used different COSs for each smart card manufacturer and smart card issuer. Even so, the COS mounted on the smart card may be different. In general, COS runs the first time a smart card is booted, and communicates between the smart card and CAD, reads and writes data from internal memory, authenticates users, and controls file access and execution of smart card applications through card management programs. Do this.

The virtual machine (VM) of the smart card platform is a program that interfaces with the central processing unit through the process of requesting service from the COS by interpreting the code of the smart card application. Each smart card platform uses a different virtual machine. For example, Java cards use the Java Virtual Machine (JVM) designed for Java, MULTOS uses the MEL Virtual Machine (MVM) designed for MEL, and SCFW for Visual Basic. Use the designed Visual Basic Virtual Machine (VBVM).

The card manager of the smart card platform works in conjunction with the COS to control and manage the files stored on the smart card, to execute the smart card application, and to load the executed smart card application into RAM to virtually Through the machine and the COS, the central processing unit performs the role of performing a given task.

The card management program may function as a sub-OS independent of the COS depending on the characteristics of the smart card platform, or may include a card management program as part of the COS.

However, in the following description, in order to help the understanding of the present invention, a card management program mainly provides access control and management for a file stored in a smart card and execution of a smart card application. If the card management program is included as part of the operating system, the smart card operating system may provide access control and management of files stored in the smart card and execution of smart card applications.

The card management program controls and manages the smart card application, executes the smart card application corresponding to the smart card command transmitted from the smart card terminal through the APDU, loads the RAM into the RAM, and the like. The smart card application loaded in is interpreted by the virtual machine, operated by the central processing unit through the operating system, and the operation result is included in the APDU packet through the operating system and transmitted to the smart card terminal.

The smart card application of the smart card platform is an application that performs a unique function for the smart card service. The area in which the smart card application is stored or the memory space is called a smart card application area. In general, the access control and management of the smart card application area and the execution and running of the smart card application stored in the smart card application area are controlled by the card management program.

In the general issuance process of the smart card, the smart card issuing agency receives the IC chip from the IC chip manufacturer and / or the IC chip manufacturing institution, and then uses the smart card platform used by the smart card issuing authority for the IC chip. Initializing by mounting the smart card, the unique key information used by the smart card, the smart card user information that is issued the smart card, and the smart card application that runs the smart card service provided by the smart card Issued through steps and the like.

Initialization of the smart card is a step of mounting the specific smart card platform used by the smart card issuing authority among the various types of open platforms described above to the IC chip, and the virtual machine described in FIG. It is a process of installing a COS and / or a card management program and setting a smart card application area in which a smart card application will be mounted.

The smart card that has undergone the initialization step is generated as a smart card that can be issued to a specific smart card user through a personalization step, and is issued to a smart card user corresponding to the personalization information used in the personalization step. That is, the IC chip mounted on the smart card that has been initialized includes a feature that can be issued to any smart card user through a personalization process.

The personalization step of the smart card goes through an initialization step. The smart card unique key information provided by the smart card issuing authority and the smart card user information provided from the smart card user who issuing the smart card are provided. The smart card application is mounted on a smart card and a smart card application corresponding to a smart card service that can be provided through the smart card.

4 is a simple block diagram of an existing smart card service provision and post-issuance system.

Smart card service provides smart card with IC chip, CAD (Card Acceptance Device) to connect smart card and smart card terminal, smart card terminal with smart terminal application, smart card terminal and server It consists of a network and a server that provides smart card services for smart cards.

The CAD connects the smart card to the smart card terminal by transmitting an APDU packet corresponding to the smart card command from the smart card terminal to the smart card and transmitting the APDU packet corresponding to the smart card response from the smart card terminal to the smart card terminal. As a device, a communication path between a smart card and a smart card terminal is made in a half-duplex method. That is, the data contained in the APDU packet is transmitted from the smart card terminal to the smart card, or transmitted from the smart card to the smart card terminal, but the above process is not performed at the same time. According to ISO-7816, in the communication method between the smart card terminal and the smart card, when the smart card terminal transmits a command to the smart card terminal through an APDU packet, the smart card performs an operation corresponding to the command, and the result It responds to the smart card terminal through the APDU packet.

The smart card terminal is a host system that transmits a smart card command to the smart card and performs a given task through a response received from the smart card. Personal communication system (PCS), global system for mobile communications (GSM), personal digital cellular (PDC), personal handyphone system (PHS), personal digital assistant (PDA) In addition, wireless terminals including smart phones, credit authorization terminals (CAT), point of sales terminals, automatic teller machines (ATMs), and cash dispensers (CDs) , Or kiosks all play the role of smart card terminals.

The smart terminal application mounted on the smart card terminal is an application corresponding to at least one smart card application mounted in the smart card application area. The smart terminal application is a smart card application mounted on the smart card through an APDU packet. It is an application that transmits a card command, receives a smart card response generated by executing the smart card application, and processes a task corresponding to the smart card response.

The communication between the smart card and the smart card terminal is controlled by security systems such as confidentiality, authentication, integrity, and nonrepudiation of communication, as defined by ISO-7816 for smart cards. Apply.

The network connecting the smart card terminal and the server is a path through which the smart terminal application mounted on the smart card terminal communicates with the server to perform a task corresponding to the smart card response received from the smart card terminal. Depending on the type of server, a public switched telephone network (PSTN), a value added network (VAN), or a wired or wireless Internet may be included in the network.

The server is a server that performs a practical operation on data transmitted through the network from the smart terminal application of the smart card terminal to generate a result, and stores and manages the result. The location and role of the network is determined. For example, if the smart card terminal is a credit card payment terminal (CAT) and the network is a VAN, the server corresponds to the credit card payment server to the credit card company. In addition, if the smart card terminal is a POS of a large discount store and the network is a local area network (LAN), the server corresponds to a product management server inside the large discount store.

Communication between the smart card terminal and the server is controlled by a security system such as Public Key Infrastructure, such as Confidentiality, Authentication, Integrity, and Nonrepudiation. Security system is applied.

On the other hand, the characteristics of the open smart card platform as described above is characterized by the cooperation of the card issuer and the smart card application service organizations, and each of the card issuer that changes frequently even after the smart card produced by the card manufacturer is issued to the smart card user through the card issuer, It supports Post Issuance smart card application service that can share smart card application area with smart card users.

The post-issuance server is a post issuance server for smart card applications as an open smart card application area through smart card terminals on the wired / wireless Internet and network. It is a server system that is installed in a partner of a smart issuing authority and a smart card application service organization that have been granted an access code.

The post-issuance server is equipped with a D / B storing a smart card application to be mounted on the smart card, and delivers the smart card application stored in the D / B to the smart card terminal through a network. After the smart terminal application mounts the delivered smart card application as the smart card application area, the smart card application stored in the D / B is post-issued to the smart card application area.

Smart card application In the post-issuance system, the smart terminal application includes the functions and roles of the existing smart card service providing system.In addition, the smart card application stored in the D / B of the post-issuance server is a smart card that is equipped with an open platform. It is characterized in that the function of post-issuance to the application area is provided.

However, smart cards such as the above have higher capacity for storage and computing than conventional cards, and superior security features such as high level encryption and authentication, resulting in smart card production costs ranging from tens to hundreds of times. In early years, the smart card infrastructure, including the smart card terminal (infrastructure) is not established because it is not activated.

In addition, the capacity of the storage space on the IC chip, that is, the smart card application area, in which the smart card application can be mounted in the currently available smart card is extremely limited. Currently, about 16KB to 32KB of the storage capacity of IC chips installed in general smart cards, smart card applications are actually installed except smart card operating system (COS) and open platform. Smart card application areas can range from just a few kilobytes to tens of kilobytes.

The problem of the existing smart card as described above is to limit the high-level security services, financial services, and loyalty services through smart cards, as well as unlimited application services that various smart card application service organizations want to provide. will be.

An object of the present invention to solve the above problems is to provide a network card server and a smart card personalization information and / or smart card application management area for providing a smart card management area including smart card personalization information and smart card applications. Equipped with a common IC chip emulator for generating a network card and a smart card including network routing information to support access, and accessing the network card server based on the network routing information in the network card, A network card terminal for dynamically personalizing the common IC chip emulator through the smart card personalization information and dynamically generating a smart card by dynamically issuing a smart card application mounted in the smart card management area. The present invention provides a network card system comprising: a network card terminal in place of a physical smart card equipped with an I / O interface and a physical IC chip for extracting and recognizing the network routing information from the network card. The smart card personalization information and the smart card of the network card server based on a public IC chip emulator implemented in software to perform a role of a smart card internally and network routing information obtained from the recognition means. Accessing the application management area to dynamically personalize the common IC chip emulator with smart card personalization information, and dynamically post-issuing smart card applications to create terminal smart cards inside the network terminal. A smart card service by accessing the terminal smart card through a card acceptor device emulator and a CAD emulator providing an interface for accessing a terminal smart card dynamically generated in the network card terminal and the network card terminal. The present invention provides a network card terminal having a smart terminal application.

The present invention provides a method of extracting network routing information from a network card, which allows a card terminal to access a network card server that provides a smart card management area including a smart card personalization information and an application for a smart card. Accessing the smart card personalization information and the smart card application management area of the network card server based on the extracted network routing information from the card terminal to confirm the smart card personalization information and the smart card application; and the identified smart at the card terminal. And receiving a post-issuance of the card application.

In the present invention, the network card is any type of card capable of loading smart card personalization information of the network card server and / or network routing information for accessing the smart card management area, and at least one or more cards capable of storing network routing information. MS (Magnetic Stripe) card with data track, IC chip card and / or smart card with IC chip, memory chip card with memory chip, etc., which can be loaded with IC chip and / or IC chip card A slot, a dual chip, or a one-chip wireless terminal is included in the network card of the present invention.

According to the present invention, the network card includes the characteristics of each existing card as described above, and additionally, the smart card personalization information and smart card application management area mounted in the network card server through the network card terminal proposed by the present invention. It includes network routing information (Network Routing Information) that can be accessed.

In the present invention, the network card terminal includes the functions and features of the existing card terminal as it is, and in a smart terminal application, a CAD emulator (Card Acceptance Device Emulator), a public IC chip emulator (Public Integrated Circuit Chip Emulator), and in the case Therefore, the terminal smart card generation unit, etc. is additionally mounted, the terminal smart card generation unit on the basis of the network routing information contained in the network card, the common IC chip through the smart card personalization information mounted in the network card server By dynamically personalizing the emulator and dynamically post-issuing the smart card application mounted in the smart card application management area, the smart card role implemented in the software inside the network card terminal proposed by the present invention. After generating a terminal smart card to perform the smart terminal application and a smart card through a CAD emulator, characterized in that the card terminal.

* The common IC chip emulator mounted on the network card terminal implements the structure, function and role of the smart card equipped with the physical IC chip and / or IC chip card in the network card terminal by software. The terminal smart card generator mounted inside the terminal and / or on the network card server is dynamically generated as a terminal smart card that performs the functions and roles of the smart card through a series of dynamic personalization processes and a dynamic smart card application post-issuance process. Include.

The CAD emulator mounted on the network card terminal implements the structure, function, and role of a physical device that connects communication between a physical smart card and a physical smart card terminal in a network card terminal in software. It performs a role of virtually connecting the communication between the smart terminal application that provides the smart card service in the card terminal and the terminal smart card dynamically generated by the terminal smart card generator.

The smart terminal application mounted on the network card terminal is a porting of the smart terminal application mounted on the physical smart card terminal to be mounted on the card terminal, and is dynamically personalized and smart card by the terminal smart card generation unit. The application is a post-issued public IC chip emulator, i.e., a terminal smart card and a virtually connected internal communication via a CAD emulator, thereby providing a function of a smart terminal application that provides a smart card service in the network card terminal of the present invention. Characterized by playing a role.

According to the present invention, a terminal smart card generation unit that dynamically personalizes a common IC chip emulator implemented and mounted inside a network card terminal and dynamically post-issues a smart card application to generate a terminal smart card may be used in some cases. Or mounted on a network card terminal or on a network card server.

In the present invention, the network card server is a server that is physically connected to the network card terminal according to the present invention through a network, and the smart card personalization information and smart card application management area logically interworking with the network card according to the present invention. The server on the network that contains the.

According to the present invention, the smart card personalization information logically linked with the network card in the network card server is information for dynamically personalizing the common IC chip emulator mounted in the network card terminal, and the smart card management area is personalized as described above. A storage space on a database running on a network card server and / or network card server that stores and manages smart card applications that can be dynamically post-provisioned to a common IC chip emulator to provide smart card services.

In the present invention, a smart terminal application, a CAD emulator, a common IC chip emulator, and optionally, a terminal equipped with a terminal smart card generation unit, that is, a network terminal, a smart card personalization information and a smart card application management area are included. Servers on your network, that is, networks that connect network card servers, include all types of public networks, including wired and wireless Internet, and public switched telephone networks (PSTNs), and value added networks (VANs). It includes all kinds of networks, including all kinds of private networks, including financial and computer networks.

According to the present invention, when a network card terminal and a network card server are connected through a public network, the network card terminal and the network card server are based on IPv4 (Internet Protocol Ver. 4) and / or IPv6 (Internet Protocol Ver. 6). It works through protocols and ensures the confidentiality, authentication, integrity, and nonrepudiation that smart card services must provide by security systems such as Public Key Infrastructure (PKI) or Wireless PKI (WPKI). When the network card terminal and the network card server are connected through a private network, the network card terminal and the network card server interoperate with each other to make compatible the characteristics of the network provided by the corresponding private network and the characteristics of the network card system proposed by the present invention. A gateway is mounted on the network and interlocked, and a security system such as EMV This service is confidential by the smart card has to offer, authentication, integrity and non-repudiation, etc. are characterized by guaranteed.

In the present invention, as described above, the logical structure and function of each device included in the network card system including the network card, the network card terminal, and the network card server, and the transaction processing are ISO (International Standard Organization) and / or IEC ISO 7816, a Contact IC Card standard regulation established by the International Electrotechnical Commission, etc., ISO / IEC 10536, a CICC standard specification, a Remote Coupling Communication Card; It satisfies at least one of the regulations such as ISO / IEC 14443 (RCCC) standard, and EMV (Europay, MasterCard, Visa), the IC card regulation for financial settlement.

Therefore, the smart card issuing authority stores and manages the smart card issuing organization stored in the smart card application management area mounted on the network card server for the corresponding network card in the step of receiving the physical smart card. By transferring the card application to the smart card application area on the IC chip of the newly issued physical smart card, the smart card application used through the network card can be issued onto the IC chip of the physical smart card without further modification or modification. It is characterized by the presence. In particular, royalty / coupon / ticket / gift certificate / reservation related information accumulated through the network card proposed by the present invention is inherited on the IC chip of the physical smart card.

According to the present invention, when the network card has a certain storage area such as a smart card, the IC card application (or data) mounted in the common IC chip emulator in the network card terminal is transferred to the network card storage area. Note that it is possible to copy (move or move) or transfer (copy or move) the IC card application (or data) mounted in the network card storage area to the common IC chip emulator in the network card terminal.

5 is a simple block diagram of a network card system.

The network card system proposed by the present invention includes a network card 500 including network routing information, a smart terminal application 520 in an existing card terminal, a CAD emulator 515, a common IC chip emulator 510, and Accordingly, the network card terminal 505 in which the terminal smart card generation unit 535 is additionally installed, and the network card in which the smart card personalization information and the smart card management area are mounted in a server on the network connected to the network card terminal 505. Server 540 or the like.

The network card 500 is any type of card capable of storing the smart card personalization information of the network card server 540 and / or the network routing information for accessing the smart card management area. The network card 500 may store network routing information. Magnetic stripe (MS) cards, IC chip cards and / or smart cards, memory chip cards, and the like, and dual slot, dual chip, or one chip wireless terminals, etc. Included in the network card 500 to present.

That is, in the present invention, the network card 500 includes all kinds of cards including network routing information that allows the network card terminal 505 to access a server on a network including the network card server 540.

Network routing information included in the network card 500 proposed by the present invention

1) Use the information contained in each existing card as network routing information [when using the existing card number as network routing information],

2) logically mounted in a reserved region that is not used by the existing card's storage space (if network routing information is added to a card such as an existing credit card),

3) The network card 500 is mounted in an independent storage space of a card characterized to provide a function of the network card 500 (a dedicated card loaded with only network routing information).

Network routing information included in the network card 500

-If you use the information contained in the existing card as it is, use the existing card-specific information such as the card number or chip serial number included in each card,

-When network routing information is mounted in a spare area of the existing card or in a separate storage space, the form of an existing 16-digit credit card number, Internet Protocol version 4 (IPv4) and / or Internet Protocol version 6 (IPv6) -based Internet address form, and a letter And a domain name consisting of numbers and numbers, or a specialized protocol promised between the network card 500 and the network card terminal 505 and the network card server 540.

The network card terminal 505 includes the functions of each existing card terminal as it is, and additionally, at least one or more of IC chip card and smart card standards such as ISO 7816, ISO 10536, ISO 14443, and / or EMV The common IC chip emulator 510, the CAD emulator 515, and the smart terminal application 520, which are satisfied, and the terminal smart card generator 535 may be implemented by software. Card terminal.

That is, the network card terminal 505 of the present invention recognizes the network routing information in the terminal application 525 installed in the existing card terminal and starts a terminal smart card service using the network of the present invention. After the addition, a public IC chip emulator 510 implemented in software to perform the role of a smart card in the network card terminal 505 in place of a physical smart card equipped with a physical IC chip (Public) The integrated IC chip emulator accesses the smart card personalization information and the smart card application management area of the network card server 540 based on the network routing information obtained from the Integrated Circuit Chip Emulator) and the network card 500. Dynamically Personalize 510, Smart Card App The terminal smart card generation unit 535 for generating a terminal smart card proposed by the present invention inside the network terminal by dynamically issuing the option, and the network card terminal 505 instead of the physical CAD accessing the physical smart card. The present invention proposes a CAD Emulator 515 (Card Acceptance Device Emulator) implemented in software to access a terminal smart card dynamically generated therein, and a terminal smart card through the CAD emulator 515. The smart terminal application 520 for providing a smart card service, etc. is characterized in that the software is mounted.

The terminal application 525 of the network card terminal 505 includes the functions of the terminal application 525 mounted on the existing card terminal as it is, and additionally, each card interworked through the I / O interface 530 is provided with the present invention. A function of checking whether or not the network card 500 is present, and extracting network routing information when the card is the network card 500 of the present invention, and the network card terminal 505 inside and / or a network card server ( 540, the terminal smart card generation unit 535 (subject is not the smart terminal application 520, this is a difference from the previous patent) is characterized in that it further provides a function to deliver.

According to the present invention, the terminal application 525 mounted in the network card terminal 505 extracts the network routing information as described above and is mounted in the network card terminal 505 and / or mounted in the network card server 540. Through the process of transmitting to the terminal smart card generation unit 535, the smart card service through the network card 500 proposed by the present invention is characterized.

The I / O interface 530 of the network card terminal 505 transmits information and commands from the network card terminal 505 to the network card 500 of the present invention, or receives information and responses from the network card 500. Card interface for reading and receiving.

The common IC chip emulator 510 mounted in the network card terminal 505 may be a physical IC chip and / or IC chip that satisfies at least one or more of standards such as ISO 7816, ISO 10536, ISO 14443, and / or EMV. A virtual IC chip in which a card is software-implemented inside a card terminal, and is a virtual chip, a physical IC chip, and / or an IC chip card corresponding to the hardware of the physical IC chip and / or the IC chip card. Virtual COS (COS) corresponding to the onboard chip operating system (COS), Smart Card VM (SCVM) corresponding to the virtual machine (VM) mounted on the physical IC chip and / or IC chip card, physical IC chip on a common IC chip emulator 510 that executes and / or runs smart card applications and access control to a dynamically generated terminal smart card in response to a card management program mounted on an IC chip and / or IC chip card. Emulator The management program and the smart card execution area on the common IC chip emulator 510 corresponding to the smart card application area mounted on the physical IC chip and / or the IC card are implemented.

According to the present invention, the common IC chip emulator 510 will be described in more detail. The common IC chip emulator 510 implemented by software in the network card terminal 505 is mounted on a physical IC. A software implementation of a chip and / or IC chip card, which includes the features of the IC chip and / or IC chip card after an initialization step and immediately before personalization and smart card applications are issued.

Therefore, the common IC chip emulator 510 is a terminal smart card that performs the function and role of the smart card in the network card terminal 505 through the dynamic personalization and dynamic post-issuance process of the smart card application proposed by the present invention. Characterized in that it is dynamically generated. That is, the common IC chip emulator 510 of the present invention utilizes the smart card personalization information and the smart card application mounted in the network card server 540 through the network routing information mounted in the network card 500. It includes a public service that can provide a smart card service in response to the network card (500).

In particular, the terminal smart card dynamically generated by the terminal smart card generation unit 535 in the network card terminal 505 as described above is provided through the CAD emulator 515 mounted in the network card terminal 505. Smart card personalization information that dynamically personalizes the common IC chip emulator 510 and dynamically post-issued to the common IC chip emulator 510 after providing the corresponding smart card service in conjunction with the smart terminal application 520. By deleting the card application, the network card terminal 505 is extinguished.

Accordingly, the terminal smart card dynamically generated in the network card terminal 505 provides a series of smart card services, and then provides a common IC chip emulator 510 capable of providing smart card services through another network card 500. Return to).

The virtual chip of the common IC chip emulator 510 is a software implementation of a physical IC chip and / or IC chip card on the network, the present invention provides a storage space inside the network card terminal 505 The shared IC chip emulator 510 may be allocated to be used so that the network card terminal 505 may be used as a storage space on a virtual IC chip.

In order to satisfy the above conditions, the storage space that plays the role of a virtual chip on the network card terminal 505 is implemented in the same structure as the physical IC chip and / or the IC chip card as shown in FIG. That is, on the network card terminal 505 in which the common IC chip emulator 510 is stored, the storage space is in the form of a master file, a dedicated file, and an element file like the structure of the physical IC chip and / or the IC card described in FIG. The file provides a feature compatible with the files stored in the physical IC chip and / or IC card.

The virtual COS of the common IC chip emulator 510 is configured to perform a function of a card operating system (COS) virtually in the common IC chip emulator 510 mounted in the network card terminal 505. As implemented in software on the 510, in conjunction with the operating system of the network card terminal 505, the files stored in the virtual chip have the same function and role as the COS mounted on the physical IC chip and / or the IC card. It is implemented to perform. That is, in order to access a file on a virtual chip implemented in software in the network card terminal 505, a virtual COS serving as a chip operating system (COS) for the virtual chip in the network card terminal 505 operating system. Approach

The smart card VM (SCVM) of the common IC chip emulator 510 is mounted on the common IC chip emulator 510 to virtually perform the function of the smart card VM in the common IC chip emulator 510 mounted in the network card terminal 505. Software implementations, such as VMs mounted on physical IC chips and / or IC cards, which are dynamically post-issued in the smart card execution region of the common IC chip emulator 510, are run and run through the SCVM. And / or run to provide smart card services.

The IC chip emulator management program of the common IC chip emulator 510 is mounted on the common IC chip emulator 510 to perform a function of a card management program virtually in the common IC chip emulator 510 mounted in the network card terminal 505. Implemented in software, and executes a smart card application dynamically post-issued in the smart card execution area of the common IC chip emulator 510, such as a physical IC chip and / or a card management program mounted on the IC card. It performs the functions of access control and management to operate.

The smart card execution region of the common IC chip emulator 510 is software on the common IC chip emulator 510 to include smart card applications that are dynamically post-issued to the common IC chip emulator 510 mounted in the network card terminal 505. As an example, the smart card application mounted in the smart card management area of the network card server 540, such as the smart card application area mounted on the physical IC chip and / or the IC card, may be installed inside the network card terminal 505. The smart card execution region on the common IC chip emulator 510 mounted in the network card terminal 505 to execute the role of the terminal smart card.

According to the present invention, the smart card execution region of the common IC chip emulator 510 is different from the smart card application region on the physical IC chip and / or IC chip card to maintain and manage the issued and / or post-issued smart card application. The smart card VM of the common IC chip emulator 510 is dynamically post-issued by dynamically issuing the smart card application maintained and managed in the smart card management area on the network card server 540 instead of the area for executing and running the smart card application. Smart card application area on common IC chip emulator 510 for running and driving. That is, in the present invention, the smart card application maintenance and management function of the smart card application area on the physical IC chip and / or IC chip card is in charge of the smart card management area of the network card server 540, The smart card application execution and driving function is in charge of the smart card execution region of the network card terminal 505.

According to the present invention, dynamically post-issuing the smart card application mounted in the smart management area of the network card server 540 to the smart card execution area of the common IC chip emulator 510 is the network card server 540. Temporary post-issuance to the common IC chip emulator 510 to execute the smart card application maintained and managed through the smart card management area through the common IC chip emulator 510 mounted in the network card terminal 505. In addition, the smart card application that is dynamically issued and executed and driven is deleted together with the smart card personalization information from the common IC chip emulator 510 of the corresponding network card terminal 505. Of course, the smart card personalization information and the smart card application deleted from the network card terminal 505 as described above are maintained through the smart card personalization information and the smart card management area of the network card server 540.

The CAD emulator 515 software-implements the physical CAD, which is an IC card device that satisfies at least one of the standards of ISO 7816, ISO 10536, ISO 14443, and / or EMV, in the network card terminal 505. For example, a virtual smart card transaction between a terminal smart card dynamically generated in the network card terminal 505 by the terminal smart card generator 535 and a smart terminal application 520 that provides a smart card service. It characterized in that to perform.

That is, the CAD emulator 515 transfers the smart card command generated from the smart terminal application 520 of the network card terminal 505 to the terminal smart card through the APDU, and sends the generated smart card response extracted from the terminal smart card. It returns to the smart terminal application 520 through the APDU.

According to the present invention, the CAD emulator 515 is a smart card specification such as ISO 7816, which is a contact smart card standard specification, when the common IC chip emulator 510 satisfies the specifications of the contact IC chip and / or IC chip card. Based on the communication between the smart terminal application 520 and the terminal smart card in the network card terminal 505. If the common IC chip emulator 510 satisfies the specifications of the contactless IC chip and / or IC chip card, the CAD emulator 515 is based on a smart card specification such as ISO 10536 or ISO 14443, which is a standard for contactless smart cards. The smart terminal application 520 and the terminal smart card to communicate within the network card terminal 505, and if the terminal smart card requires a security service related system, the smart terminal application is based on smart card regulations such as EMV. 520 and the terminal smart card is characterized in that the communication connection in the network card terminal (505).

The smart terminal application 520 of the network card terminal 505 is a smart terminal application 520 mounted in a smart card terminal that satisfies at least one or more of standards such as ISO 7816, ISO 10536, ISO 14443, and / or EMV. It is compatible with the same function as it is, mounted on the card terminal provides a smart card service in conjunction with the terminal smart card proposed by the present invention within the network card terminal 505 through the network card 500 proposed by the present invention. It is an application characterized by.

The network card server 540 is a server that can be communicatively connected with the network card terminal 505 through a network. The network card server 540 is a common server installed in the network card terminal 505 through network routing information mounted in each network card 500. Maintaining and managing smart card personalization information for personalizing the IC chip emulator 510 to be generated as a terminal smart card according to the present invention, and a smart card application for providing a smart card service corresponding to the network card 500. A smart card management area is mounted, and on the network card server 540, access control and management of the smart card personalization information and the smart card management area, and information on the smart card application mounted in the smart card management area is stored. Smart card management program (545), In some cases, the network card terminal 505 accesses the smart card personalization information and the smart card application management area based on the network routing information obtained from the network card 500, and then accesses the network card through the smart card personalization information. By dynamically personalizing the common IC chip emulator 510 mounted on the terminal 505 and dynamically issuing a smart card application, a terminal smart card generation unit for generating a terminal smart card according to the present invention in a network terminal. 535, etc. are mounted.

The smart card personalization information of the network card server 540 includes the card user's personal information and / or a personal code, a personal encryption key, an electronic signature key, and the like. Information for personalizing by mounting a public certificate or the like, and dynamically personalizing the common IC chip emulator 510 mounted in the network card terminal 505 through smart card personalization information corresponding to each network card 500. to be.

According to the present invention, the role of dynamically personalizing the common IC chip emulator 510 mounted in the network card terminal 505 through the smart card personalization information corresponding to each network card 500 is as described above. The card smart card generator 535 is installed in the card terminal 505 or mounted on the network card server 540.

The smart card management area of the network card server 540 is issued to the smart card application area of the physical smart card in the process of issuing the smart card on which the physical IC chip is mounted, or after issuing the smart card. A terminal smart card mounted in the network card terminal 505 or on the network card server 540 as a storage space and / or a database on the network card server 540 that stores and manages the smart card application that is post-issued to the application area. The generation unit 535 serves to dynamically post-issue the corresponding smart card application to the smart card execution region of the common IC chip emulator 510 mounted in the network card terminal 505.

According to the present invention, the smart card application area of the smart card on which the physical IC chip is mounted is issued and / or post-issued to the smart card application area of the physical smart card in the network card system proposed by the present invention. The access control and maintenance function for the smart card application is in charge of the smart card management area mounted on the network card server 540, and is issued and / or post-issued to the smart card application area of the physical smart card. Smart card application through the smart card VM to provide smart card services through the smart terminal application 520 is a smart card execution region on the common IC chip emulator 510 mounted inside the network card terminal 505. It is characterized in that it is separated to take charge.

The smart card management program 545 of the network card server 540 corresponds to the smart card personalization information and the smart card management area on the network card server 540 in response to the card management program of the smart card on which the physical IC chip is mounted. A program that performs access control and management functions for a smart card application mounted in a smart card management area. The smart card personalization generated in the network card server 540 while the card issuer issues the network card 500. Manages information and a smart card management area, stores and manages information on a smart card application that is mounted and / or mounted in the smart card management area, and a terminal smart card generation unit 535 shares the smart card application Smart card execution region of the IC chip emulator 510 To be issued after a dynamic characterized by providing features such as access control and management.

The terminal smart card generation unit 535 mounted in the network card terminal 505 and / or on the network card server 540 receives network routing information obtained from each network card 500 through the network card terminal 505. After interpreting, the common IC chip emulator of the network card terminal 505 through each smart card personalization information mounted in the network card server 540 corresponding to each network card 500 based on the network routing information. By dynamically personalizing the 510 and dynamically post-issuing a smart card application mounted in each smart card management area corresponding to each network card 500 to the smart card execution area of the common IC chip emulator 510. And a common IC chip emulator 510 mounted on the network card terminal 505 to each network card 500. Dynamically generated by the corresponding terminal smart card.

According to the present invention, the terminal smart card generation unit 535 is characterized in that the terminal application 525 for acquiring network routing information mounted on each network card 500 is mounted in an accessible area. Accordingly, the terminal smart card generation unit 535 according to the present invention may be mounted inside the network card terminal 505 in which the terminal application 525 is mounted, or the terminal application 525 may be accessed through a network. Can be mounted on a network card server 540.

In addition, the terminal smart card that the terminal smart card generation unit 535 dynamically generates through the smart card personalization information of the network card server 540 and the smart card application mounted in the smart card management area, the network routing information. Is generated through the common IC chip emulator 510 inside the network card terminal 505 in which the terminal application 525 is extracted.

In addition, the terminal smart card dynamically generated in the network card terminal 505 through the terminal smart card generation unit 535 may provide a smart card service for each network card 500, and then, by itself or in a network. The card terminal 505 deletes and disappears.

The process of the terminal smart card dynamically generated as described above, the smart card personalization information that dynamically personalized the public IC chip emulator 510, and the dynamically issued smart card application is deleted, so that the corresponding public IC chip The emulator 510 is returned to a state in which another type of terminal smart card can be generated through another smart card personalization information and a smart card application on a network that is logically linked with another network card 500.

Hereinafter, the features of the present invention will be described in detail with reference to the accompanying drawings. However, the following drawings and descriptions are for representative methods among various methods for properly describing the present invention, and the present invention is not limited only to the following drawings and descriptions.

6 is a simplified block diagram of an embodiment of a network card system.

According to the present invention, in the network card system, the terminal smart card generation unit 535 is mounted inside the network card terminal 505 as shown in FIG. 6A according to the position where the terminal smart card generation unit 535 is mounted. 6 and the case where the terminal smart card generation unit 535 is mounted on the network card server 540.

6A, when the terminal smart card generation unit 535 is mounted on the network card terminal 505, the terminal smart card generation unit 535 according to the present invention can be mounted on the card terminal. Smart card personalization information of the network card server 540 through the network connecting the network card terminal 505 and the network card server 540 based on the network routing information extracted from the network card 500 and Accessing the smart card management area.

Referring to a process of accessing the smart card personalization information and the smart card management area of the network card server 540 by the network card terminal 505 equipped with the terminal smart card generator 535 in FIG. When 525 reads the card information recorded on the card through the I / O interface 530, and confirms that the network card 500 is the present invention, the network routing information is extracted from the card information. The card generator 535 shares and delivers the data, and the terminal smart card generator 535 accesses the network card server 540 through the network based on the network routing information transmitted as described above, and the network card server 540. Access your smart card personalization information and smart card management area.

In the above process, the terminal application 525 includes a network card provided by the present invention for each card interworked through the I / O interface 530 in addition to the function of the terminal application 525 mounted in the existing card terminal. 500) and a function of sharing and transferring the network routing information extracted from the network card 500 to the terminal smart card generator 535, and the terminal smart card generator 535 is the terminal application. Accessing the smart card personalization information and the smart card management area of the network card server 540 based on the network routing information shared from the network 525, the dynamic IC chip emulator 510 mounted on the network card terminal 505 is dynamically loaded. Personalize and dynamically post-issue smart card applications. That is, the terminal smart card generation unit 535 of the network card terminal 505 is software-mounted in the network card terminal 505 in the same way that the smart card issuing organization issues a smart card equipped with a physical IC chip. Dynamically generates the common IC chip emulator 510 to perform the role of a smart card.

In the case where the terminal smart card generation unit 535 is mounted on the network card server 540 as shown in FIG. 6, the terminal smart card generation unit 535 according to the present invention is provided to the network card server 540. The terminal application 525 of the network card terminal 505 is configured to mount the network routing information extracted from the network card 500 to the network card terminal 505 and the network card server 540. When the terminal smart card generation unit 535 of the network card server 540 is transferred to the terminal through the network to connect, the terminal smart card generation unit 535 is smart of the network card server 540 based on the network routing information. Access to card personalization information and smart card management areas.

Referring to (b) of FIG. 6, the network card terminal 505 accesses the smart card personalization information and the smart card management area of the network card server 540 equipped with the terminal smart card generator 535. When 525 reads the card information recorded in each card through the I / O interface 530, and confirms that the network card 500 is the present invention, the network routing information is extracted from the card information. The terminal application 525 delivers the network routing information extracted from the card information to the terminal smart card generation unit 535 mounted in the network card server 540 through the network. When the smart card personalization information and the network routing information for accessing the smart card management area are transmitted from the terminal application 525 of the network card terminal 505 through the network, the terminal smart card generation unit 535 performs the network routing. The smart card personalization information and the smart card management area mounted on the network card server 540 are accessed based on the information.

In the above process, the terminal application 525 includes a function of the terminal application 525 mounted on an existing card terminal, and additionally, the network card 500 proposed by the present invention is linked to the card through the I / O interface 530. And a function of transmitting network routing information extracted from the network card 500 to the terminal smart card generation unit 535 mounted in the network card server 540 through a network, and the terminal smart card. The generation unit 535 accesses the smart card personalization information and the smart card management area of the network card server 540 based on the network routing information transmitted through the network from the terminal application 525 to the network card terminal 505. Dynamically personalize on-board common IC chip emulator 510, smart card applications It serves to dynamically issued after a. That is, the terminal smart card generation unit 535 of the network card server 540 is software-enabled to the network card terminal 505 on the network in the same way that the smart card issuing organization issues a smart card equipped with a physical IC chip. Dynamically generates the mounted common IC chip emulator 510 to perform the role of a smart card.

According to the present invention, the common IC chip emulator 510 mounted in the network card terminal 505 in FIGS. 6A and 6B is an open platform capable of post-issuance of smart card applications as shown in FIGS. 3 and 4. It provides the same structure, function, and role as a physical IC chip equipped with (Open Platform), and is implemented in software to be mounted in the network card terminal 505 as described above.

In addition, a smart card application that is dynamically post-issued to the smart card execution region of the common IC chip emulator 510 is maintained through the smart card management region of the network card server 540, and It is executed and driven through the smart card execution area, and can be immediately used by transferring to the smart card application area on the physical IC chip and / or IC chip card without any special modification or processing.

For example, after a post-issuance of a smart card application for registering a guest book on a smart card of a visitor invited to a seminar, the guest book post-issued to a visitor through a smart card terminal installed at the gate during the visitor entering the seminar hall. The smart card application for automatically extracting the visitor's guest book information from the writing smart card application and transmitting and managing the guest book information to the server is shown in Table 1, and the physical IC chip and / Or dynamically post-issued and executed in the smart card application area mounted in the smart card application area of the IC card and the smart card execution area of the common IC chip emulator 510 mounted in the network card terminal 505 according to the present invention. And / or powered smart card applications Structure is the same.

Table 1 shows the logical format of the guest card entry smart card application post-issued on the smart card of the visitor invited to the seminar.

Table 1

According to Table 1, the information included in the guestbook smart card application includes the visitor's name, work, and personal information, such as the visitor's name, work, title, gender, age, social security number, phone number, mobile phone number, and e-mail address. This includes your job title, job title, social security number, telephone number, mobile phone number, and e-mail address.

Therefore, the guest card writing smart card application is a smart card application having a total size of 128 bytes. The visitor name of the guest book information is stored in the form of a string and is represented by the size of 8 bytes in Korean four letters. It is stored in the format of 16 letters or 8 letters in Korean and is represented by the size of 16 bytes. The title is stored in the form of a string and is represented by the size of 4 bytes in 2 letters of Korean characters. It is expressed in size of 14 bytes, phone number and cell phone number are each 13 bytes in size, and e-mail address is expressed in 32 bytes including '@'.

Table 2 includes the guestbook information in the logical format of the guestbook entry smart card application shown in Table1.

Table 2

Among the guestbook information included in the Guestbook entry smart card application, the visitor name was 3 characters 6 bytes of Korean characters out of 8 bytes, and the workplace used 6 characters of 12 characters of Korean characters out of 16 bytes. Two letters and four bytes were used, and the Social Security Number was used for 14 bytes including 13 numeric characters and hyphens ('-') among the total 14 bytes, and the phone number was 10 numeric characters and horizontal characters ( ')') And 12 bytes, including hyphens, and 13 numbers, including 11 numeric characters and 2 hyphens, 21 alphabets and special characters ('@', '.') 3 24 bytes were used including dogs.

Table 3 logically expresses the structure of the smart card application in which the guestbook writing smart card application including the guestbook information in Table 2 in the logical format shown in Table 1 is stored in the smart card execution region.

Table 3

In the example of Table 3, it is assumed that the memory address of the smart card execution area where the guest card writing smart card application is stored is a 128-byte area of 0X10000 to 0X10070 in hexadecimal. In general, as described above, the memory address of the smart card execution region may vary depending on the type of the smart card, the issuer and the manufacturer, and the operating system or the platform mounted on the smart card.

According to Table 3, the guestbook name of the guestbook entry smart card application is stored in 8 bytes of 0X10000 ~ 0X10007, the location in which the job is stored is 16 bytes of 0X10008 ~ 0X10015, and the location where the job title is stored is 0X10016 ~ 0X10019. 4 bytes, the location of the social security number is stored 14 bytes of 0X1001A ~ 0X10027, the location of the phone number is stored 13 bytes of 0X10028 ~ 0X10034, the location where the mobile phone number is stored 13 bytes of 0X10035 ~ 0X10041, electronic The location where the postal address is stored is 32 bytes from 0X10042 to 0X10062, and 28 bytes of 0X10063 to 0X1007F are currently unused and reserved.

According to the present invention, the logical format and logical structure of the smart card application stored in the smart card application area of the physical IC chip and / or IC chip card as described above is maintained through the smart card management area of the network card server 540. The logical format and logical structure of the smart card application managed and / or driven through the smart card execution region of the common IC chip emulator 510 mounted inside the network card terminal 505 is the same.

7 is a simple flowchart of the process of issuing the network card 500.

According to the present invention, in order for the network card 500 to be issued, the card issuing agency and / or the card user determines whether to issue the network card 500 according to the present invention (700).

If the card issuing agency and / or the card user does not issue the network card 500 proposed by the present invention in the above process (705), the card issuing institution manufactures each card in the same manner as the existing card production process. The card is newly issued to the card user through the same process as that of the existing card issuing process (710).

On the other hand, if a card issuing agency and / or a card user or the like decides to issue the network card 500 proposed by the present invention (715), the card issuing authority is assigned to each newly issued card, that is, the network presented by the present invention. A smart card application that is logically interlocked with the card 500 and dynamically post-issued to a common IC chip emulator 510 mounted on the network card terminal 505 based on network routing information is provided. A smart card management area that is maintained is created on the network card server 540 (720).

According to the present invention, the generation of the smart card management area proposed by the present invention on the network card server 540 is a smart logically associated with each network card 500 in the storage space on the network card server 540. Allocation of the space in which the card application can be mounted, or a field logically associated with each network card 500 is added to a database that stores and manages the smart card management area in the network card server 540 ( Add).

According to the present invention, each smart card management area that is logically associated with each network card 500 proposed by the present invention on the network card server 540 may store an element file described in FIG. The processed smart card application may be generated in a form that is stored in a database mounted inside the network card server 540 or in a form that can be stored on an independent database server interworked with the network card server 540 through a network. Or an integrated circuit chip image file including the structure of a master file and a dedicated file and an element file described in FIG. 2 (here, the image file is not a picture content but a CD image file. . When a CD is burned, one file is created with the same structure as the data recorded on the actual CD (these files are called image files). It is created in the form.

As described above, when the smart card management area logically interlocked with each network card 500 of the present invention is generated on the network card server 540, the card issuing authority may display a network card terminal ( A common smart card application capable of providing smart card services through the common IC chip emulator 510 mounted in the 505 is mounted (725).

According to the present invention, the process of mounting a basic smart card application that can provide a smart card service to the newly created smart card management area as described above, a new smart card equipped with a physical IC chip and / or IC chip card In the issuing process, the same process as issuing a basic smart card application to the smart card application area of the smart card. For example, if the newly issued smart card is a credit card issued by a credit card company and / or a banknote for credit settlement, the card issuer may provide a credit card service in the process of issuing the smart card. Basic smart card applications, such as card applications, smart card applications that provide electronic money services, and smart card applications that provide mileage point services based on credit card transactions, are issued on the smart card application area. That is, the basic smart card application is mounted in the newly created smart card management area in the network card server 540 as described above. The basic smart card application is issued to an existing physical smart card newly issued as in the above example. It is the same process.

According to the present invention, the smart card management area of the network card server 540 on which the basic smart card application is mounted as described above is transferred from the card issuing authority to the smart card management area as in the case of the smart card equipped with the open platform. Provides the ability to post-issue various types of smart card applications from various collaboration and / or partner organizations that have been granted access codes.

When the basic smart card application is mounted in the smart card management area of the network card server 540 as described above, the card issuer dynamically generates the common IC chip emulator 510 mounted on the network card 500 as the terminal smart card. In order to mount the smart card personalization information that can be personalized in response to the network card 500 (730).

According to the present invention, the smart card personalization information is the personal information of the card user and / or the personal code and the personal encryption key to the initialized smart card during the issuing process of the new smart card equipped with the physical IC chip and / or IC chip card. Information that performs the same structure, function, and role as information personalized by mounting a digital signature key, a public certificate, and the like.

As described above, the common IC chip emulator 510 mounted in the network card terminal 505 is a software implementation of the initialized IC chip and / or IC chip card. Through the process of personalizing through the smart card personalization information, the smart card is dynamically generated to perform the function and role of the smart card of the card user corresponding to the personalization information.

According to the present invention, the smart card personalization information is a form of a smart card application that is mounted on the smart card personalization information storage area included in a specific area inside the smart card management area or includes personalization information in the smart card management area. Or mounted on an independent smart card personalized information storage space that is logically linked to the smart card management area outside the smart card management area.

According to FIG. 7, the process includes smart card personalization information capable of dynamically personalizing the common IC chip emulator 510, which is equipped with a minimum smart card application which is basically required in the smart card management area of the network card server 540. The process of mounting is repeated until the completion of normal.

If the smart card management area is allocated to the network card server 540, the smart card management area is equipped with a basic smart card application that can be dynamically post-issued to the common IC chip emulator 510 to provide smart card services. When the smart card personalization information capable of dynamically personalizing the common IC chip emulator 510 is normally loaded (735), the smart card management program 545 of the network card server 540 performs the smart card mounted through the above process. Access control information and management information for a management area, file structure information, access control information and management information for a smart card application mounted in the smart card management area, access control information and personalization policy information for smart card personalization information, and the like. Generate and store (740).

The access control information and management information for the smart card management area are controlled by the network card server 540 by applying a high level security policy to the smart card management area to control inappropriate access, so that the network card linked with the network card 500 only. Information that allows access to the smart card management area only through the terminal 505.

File structure information, access control information, and management information about the smart card application mounted in the smart card management area may include information about the structure of the smart card application mounted in the smart card management area, and the terminal smart card generation unit 535. It includes information necessary in the process of dynamic post-issuance of the smart card application to the smart card execution region of the common IC chip emulator 510.

Access control information and personalization policy information for the smart card personalization information may include information necessary for the terminal smart card generation unit 535 to dynamically personalize the common IC chip emulator 510 and an upgrade policy of the smart card personalization information. Include the same information.

Through the above process, a smart card management area corresponding to the network card 500 is created on the network card server 540, a basic smart card application is mounted in the smart card management area, and the inside or the inside of the smart card management area. After the smart card personalization information for dynamically personalizing the common IC chip emulator 510 of the network card terminal 505 is mounted, the smart card management area and the smart card application and / or smart card generated as described above. When the access control and management information for the personalization information is generated and stored in the smart card management program 545, the card issuing authority allows the network card terminal 505 installed at each affiliate store to personalize the smart card management area and the smart card through the network. Generate network routing information to access the information And 745.

According to the present invention, the generated network routing information is unique information that is not duplicated on the network card system, and satisfies the characteristics and conditions that can be recorded on each card, and the network card terminal 505 of each affiliated store stores the network. Smart card management area corresponding to each network card 500 mounted on the card server 540 and the minimum complete information to access the smart card personalization information. In some cases, the network routing information may be further encrypted or compressed by a higher security policy.

When the network routing information for accessing the smart card management area and the smart card personalization information corresponding to each network card 500 mounted on the network card server 540 is generated as described above, the card issuing authority may select the network. A network card 500 including routing information is produced (750).

When the network card 500 including the network routing information is manufactured through the above process, the card issuing agency issues the network card 500 to the card user through the same process as the existing card issuing process (755). ).

8 is a simple flowchart for a process of post-loading a smart card application to the smart card management area of the network card server 540 through the network card 500.

[The terminal smart card generation unit 535 is not used in the post-mounting process. The terminal smart card generation unit 535 is used in FIG. 9 using a smart card.]

According to the present invention, the process of post-mounting the smart card application to the smart card management area mounted in the network card server 540, the network card terminal 505 extracts the network routing information from the network card 500 smart terminal Initiated through a process of sharing and forwarding to the application 520, the post-loading process of the various cases according to the path of the network card terminal 505 to post-mount the smart card application to the smart card management area on the network card server 540. May occur.

According to the present embodiment, the path where the network card terminal 505 post-mounts the smart card application to the smart card management area on the network card server 540 is

After the smart card application is downloaded from the post-issuance server to the network card terminal 505, the network card terminal 505 is mounted on the network card server 540 based on the network routing information obtained from the network card 500. With a route to the smart card management area

After the network card terminal 505 delivers the network routing information to the post-issuance server, the post-issuance server directly posts the smart card application to the smart card management area mounted on the network card server 540 based on the network routing information. There are paths to mount.

Figure 8 of the present embodiment relates to a representative method among the various post-mounting process as described above, the process of post-mounting the smart card application to the smart card management area mounted in the network card server 540 in the present invention is the following flow chart and It is not limited only to description.

8A illustrates that when the terminal application 525 extracts and acquires network routing information and shares it to the smart terminal application 520, the smart terminal application 520 is smart from the post-issuance server to the network card terminal 505. After downloading the card application, the network card terminal 505 based on the network routing information for the case of post-issuing the smart card application through the path that is post-mounted to the smart card management area mounted on the network card server 540 will be.

When the terminal application 525 of the network card terminal 505 obtains card information from each card through the I / O interface 530 (800), the terminal application 525 uses the card information obtained as described above. Validate each card. In this process, the validity authentication for the card includes card authentication for authenticating whether each card interworking with the network card terminal 505 is suitable for use, and card user authentication included in the card.

If the validity of the card is not authenticated in the process (805), the terminal application 525 terminates the service for the card.

On the other hand, if the validity of each card is authenticated (810), the terminal application 525 of the network card terminal 505 is based on the card information obtained from each card based on the card network card 500 presented by the present invention (815).

According to the present invention, the network routing information mounted on the network card 500 includes a string consisting of letters, numbers, and / or special characters that can be distinguished from existing card information, and the terminal application 525 includes an I / O interface. By checking the string in the card information obtained through 530, it is possible to confirm whether the card identified through the I / O interface 530 is the network card 500 proposed by the present invention.

If the card is not the network card 500 of the present invention (820), since the smart card application stored in the D / B of the post-issuance server can not be post-loaded into the smart card management area of the network card server 540 Terminal application 525 terminates the service for the card.

On the other hand, if the card is the network card 500 of the present invention (825), the terminal application 525 of the network card is the network card terminal 505 is a network card from the card information obtained from the network card 500 The network routing information for accessing the smart card management area mounted on the server 540 is extracted (830).

When network routing information is extracted from the network card 500 through the above process, the terminal application 525 shares and transmits the network routing information to the smart terminal application 520 mounted on the network card terminal 505 (835). ).

According to the present invention, the smart card application stored in the D / B of the post-issuance server corresponds to the network card 500 through the terminal application 525 transferring the network routing information to the smart terminal application 520. A process of post-mounting the smart card application to the smart card management area on the network card server 540 is disclosed.

Thus, when network routing information is passed from the terminal application 525 to the smart terminal application 520, the smart terminal application 520 connects to the post-issuance server 840 to provide the smart card application post-loading service.

According to the present invention, when the smart terminal application 520 initiates the post-loading process of the smart card application, the smart terminal application 520 mounted in the network card terminal 505 and / or the network card terminal 505 is connected to the network. Through the process of automatically connecting to a known post-issuance server, or entering a post-issuance server address to connect to, it connects to a post-issuance server that can post-install a smart card application.

When the smart terminal application 520 connects to the post-issuance server as described above, the post-loading is performed from the D / B of the post-issuance server to the smart card execution region of the common IC chip emulator 510 mounted in the network card server 540. A smart card application to select is selected (845).

When the smart card application is selected in the post-issuance server through the above process, the smart terminal application 520 of the network card terminal 505 accesses the post-issuance server and downloads the smart card application stored in the D / B. Pull technology to transmit card terminal-full technology, or the post-issuance server extracts the smart card application stored in the D / B as a smart card terminal and transmits it to the network card terminal 505 [transmitter: The post-issuance server-push technology transmits a smart card application to be post-mounted from the post-issuance server to the smart card terminal by using push technology.

When the smart card application is transferred from the post-issuance server to the network card terminal 505, the smart terminal application 520 of the network card terminal 505 is a smart terminal application 520 mounted on an existing physical smart card terminal is CAD By applying the same method to the network as the process of post-issuing the smart card application to the smart card application area on the IC chip of the physical smart card through the network, the smart card management area mounted on the network card server 540 through the network is smart. Post-mount the card application (855).

According to the present invention, as described above, the smart terminal application 520 of the network card terminal 505 post-mounts the smart card application to the smart card management area of the network card server 540. And in compliance with the regulations, but instead of the smart card application area on the IC chip of the physical smart card is mounted on the smart card management area of the network card server 540.

In addition, the post-installation of the smart card application into the smart card management area of the network card server 540 through the process proposed by the present invention, issuing the smart card application to the smart card application area on the IC chip of the physical smart card. The process is the same, but the functions and roles of the post-mounted smart card application are different. That is, a smart card application post-issued to a physical smart card may provide a smart card service at the same time as the post-issuance, but is post-installed into the smart card management area of the network card server 540 through the process proposed by the present invention. The smart card application is dynamically post-issued to the smart card execution region of the common IC chip emulator 510 mounted in the network card terminal 505 based on the network routing information included in the network card 500, and then uses the smart card service. Can provide.

When the smart card application is loaded on the smart card management area mounted on the network card server 540 through the above process, the smart card management program 545 of the network card server 540 is loaded on the smart card as described above. A file structure and access control and management information for the card application are generated and stored (860).

According to the present invention, after the smart card management program 545 of the network card server 540 is stored as described above, the terminal smart card generator 535 dynamically transfers the smart card application to the common IC chip emulator 510. Used as reference information to issue.

When the post-loading process of the smart card application is completed to the smart card management area as described above, the smart card management program 545 of the network card server 540 sends the result of the smart card application post-loading to the network card terminal 505 through the network. And transmits the result to the output (865).

8B shows that when the terminal application 525 extracts the network routing information and shares it to the smart terminal application 520, the smart terminal application 520 delivers the network routing information to the post-issuance server. The issuing server is for post-issuing a smart card application through a path that is directly mounted on the smart card management area mounted in the network card server 540 based on the network routing information.

The terminal application 525 of the network card terminal 505 obtains card information from the card via the I / O interface 530 (800) to authenticate the validity of the corresponding card (805), and the card is an embodiment of the present invention. Check whether the network card 500 is present (810), if the network card is confirmed (815), the network card terminal 505 from the card information obtained from the network card 500 network card server 540 Extracting network routing information for accessing the smart card management area mounted on the network card 820, and sharing the extracted network routing information to the smart terminal application 520 mounted on the network card terminal 505. 825, the smart terminal application 520 is a smart card application to be mounted on the smart card management area of the network card server 540 In step 830, a smart card application to be mounted is selected by accessing a post-issuance server on a network on which the D / B storing the option is mounted.

When the smart card application to be mounted on the smart card management area of the network card server 540 is selected from the smart card applications stored in the D / B of the post-issuance server through the above-described process, the network card terminal ( The smart terminal application 520 of 505 is configured to provide the network routing information extracted from the network card 500, the network card user information for logging in to the network card server 540, and the smart card application in the smart card management area. The network card terminal 505 for transmitting the mountable smart card management area access right information, the smart card application extraction information selected by the smart terminal application 520, and the smart card application post-issuance result to the network card terminal 505. Information network Transfer to the post-issuance server through (840).

In the above process, the smart terminal application 520 of the network card terminal 505 transmits various types of smart card application post-loading related information to the post-issuance server in addition to the network routing information. As shown in FIG. 8A, the smart terminal application 520 does not post-install into the smart card management area of the network card server 540, but directly from the post-issuance server to the smart card management area of the network card server 540. This is because it is after-mounting. That is, in FIG. 8B, various types of smart card application post-loading related information transmitted by the smart terminal application 520 to the post-issuance server are shown in FIG. 8 by the smart terminal application 520 as a network card. In the case of post-installation to the smart card management area of the server 540, the smart card application is automatically processed by the post-installation processing method and the protocol between the network card terminal 505 and the network card server 540.

When network routing information, network card user information, smart card management area access authority information, and smart card application extraction information are transmitted to the post-issuance server, the smart terminal application 520 of the network card terminal 505 is configured as a post-issuance server. Based on the information transmitted as described above, the smart card application selected by the smart terminal application 520 is extracted from the D / B to the smart card execution region of the common IC chip emulator 510 mounted in the network card server 540. Request to mount (845).

Through the above process, the smart terminal application 520 of the network card terminal 505 extracts the smart card application stored in the D / B as a post-issuance server and post-installs it into the smart card management area of the network card server 540. If requested, the post-issuance server extracts the smart card application from the D / B based on the smart card application extraction information, and the network card server based on the network routing information, the network card user information, and the smart card management area access authority information. After accessing the smart card management area mounted at 540, the extracted smart card application is post-mounted to the smart card management area mounted at the network card server 540 (850).

When the smart card application is loaded on the smart card management area mounted in the network card server 540 through the above process, the smart card management program 545 of the network card server 540 is shown in FIG. The file structure and access control and management information for the post-mounted smart card application are generated and stored (855), and the smart card application post-loaded result is transmitted to the network card terminal 505 through a network and outputted (860). ).

9 is a simple flowchart illustrating a process of providing a smart card service through the network card system according to the present invention.

* According to the present invention, the smart card service process through the network card 500, the smart card personalization information and smart card mounted on the network card server 540 in conjunction with the network card terminal 505 network card 500 Characteristics of the network accessing the card management area, a method of accessing the smart card personalization information and the smart card management area mounted in the network card server 540 by the network card terminal 505 in association with the network card 500, and Various implementation methods may occur according to a method in which the terminal smart card generator 535 dynamically personalizes the common IC chip emulator 510 and dynamically post-issues a smart card application.

According to this embodiment, the network connecting the network card terminal 505 and the network card server 540 is

-Using a public network such as wired or wireless Internet or public switched telephone network (PSTN);

-When using private networks such as VAN (Value Added Network) or financial network

Etc.

When the network card terminal 505 and the network card server 540 are connected through a public network, the network card terminal 505 and the network card server 540 interwork with each other through an IPv4 and / or IPv6 based protocol and are publicly available. Security systems such as the Public Key Infrastructure (PKI) or Wireless PKI (WPKI) ensure the confidentiality, authentication, integrity, and nonrepudiation that smart card services must provide.

When the network card terminal 505 and the network card server 540 are connected through a private network, the network card terminal 505 and the network card server 540 may be characterized by the characteristics of the network provided by the corresponding private network and the present invention. A gateway that interoperates with the network card system to be compatible is interlocked on the network, and the confidentiality, authentication, integrity, and nonrepudiation that the smart card service must provide are guaranteed by a security system such as EMV. do.

In addition, the network card terminal 505 in conjunction with the network card 500 to access the smart card personalization information and the smart card management area mounted on the network card server 540,

6, the terminal application 525 shares and delivers network routing information to the terminal smart card generation unit 535 mounted in the network card terminal 505, as shown in FIG.

-As shown in (b) of FIG. 6, the terminal application 525 transfers network routing information to the terminal smart card generation unit 535 mounted in the network card server 540 through the network to access.

The smart card generation unit 535 dynamically personalizes the common IC chip emulator 510 and dynamically post-issuits the smart card application.

A method of dynamically personalizing the common IC chip emulator 510 and dynamically post-issuing a smart card application mounted in the smart card management area by the terminal smart card generating unit 535 [Fig. 9 (a)]. ]

After the terminal smart card generation unit 535 dynamically personalizes the common IC chip emulator 510, the smart card application is selectively selected by dynamically selecting the smart card application to be post-issued through the smart terminal application 520. Dynamic post-issuance method [Fig. 9 (B)]

Etc.

Figure 9 of the present embodiment is a representative method of the smart card service method using the various network card systems as described above, the method for providing a smart card service through the network card 500 in the present invention is only the flow chart and description below It is not limited.

According to the present embodiment, the network connecting the network card terminal 505 and the network card server 540 in (a) and (b) of FIG. 9 is connected through a private network to which a security system is applied, or a public network. Is considered to guarantee the confidentiality, authentication, integrity, and nonrepudiation that the smart card service must provide through a security system such as a public key infrastructure, and understand the smart card service through the network card 500. To assist, the terminal smart card generation unit 535 is considered to be mounted in the network card terminal 505.

9A, the terminal smart card generator 535 dynamically personalizes the common IC chip emulator 510 and uses a smart card of the common IC chip emulator 510 for a smart card application mounted in the smart card management area. This is for the case of batch dynamic post-issuance to the execution region.

When the terminal application 525 of the network card terminal 505 obtains card information from the card via the I / O interface 530 (900), the terminal application 525 is connected to the card through the obtained card information. Certify validity. In this process, the validity authentication for the card includes card authentication for authenticating whether a card interworking with the network card terminal 505 is suitable for use, and card user authentication included in the card.

If the validity of the card is not authenticated in the process (902), the terminal application 525 terminates the provision of the smart card service for the card.

On the other hand, if the validity of the card is authenticated (904), the terminal application 525 of the network card terminal determines whether the card information includes the network routing information through the process of the network card that the card proposed by the present invention Check if it is (500) (906).

If the card is not the network card 500 of the present invention (908), the terminal application 525 is unable to provide a smart card service through the network card 500 of the present invention. Ends the smart card service provision.

On the other hand, if the card is the network card 500 of the present invention (910), the terminal application 525 of the network card is the network card terminal 505 is a network card from the card information obtained from the network card 500 The smart card personalization information of the server 540 and the network routing information for accessing the smart card management area are extracted (912).

When network routing information is extracted from the network card 500 through the above process, the terminal application 525 transmits the network routing information to the terminal smart card generation unit 535 (914).

According to the present invention, when the network routing information for accessing the smart card management area mounted in the network card server 540 is transmitted from the terminal application 525 to the smart terminal application 520, the terminal smart card generation unit 535 ) Dynamically personalizes the common IC chip emulator 510 mounted on the network card terminal 505 and dynamically post-issues a smart card application for providing a smart card service.

Therefore, when network routing information is transmitted from the terminal application 525 to the terminal smart card generation unit 535, the terminal smart card generation unit 535 may perform smart card personalization information of the network card server 540 based on the network routing information. Approach (916).

As described above, the smart card personalization information includes a card user's personal information and / or a personal code, a personal encryption key, an electronic signature key, a public certificate, and the like. The terminal smart card generation unit 535 is included in network routing information. The validity of the smart card personalization information is authenticated by comparing the card authentication information and / or the card authentication information used in the card validity authentication step with the smart card personalization information.

According to the invention, the process of authenticating the validity of the smart card personalization information of the network card server 540, the terminal smart card generation unit 535 through the smart card management program 545 of the network card server 540 As a process of obtaining smart card personalization information and access rights to the smart card management area, the terminal smart card generation unit 535 uses the card authentication information including the network card server 540 login information or a promised encryption key. From the smart card management program 545, the authority to access the smart card personalization information and the smart card management area is obtained.

For example, if a specific encryption key is used as the card authentication information and the terminal smart card generation unit 535 calculates the encryption key using a given algorithm, the terminal corresponds to the encryption key included in the smart card personalization information. The smart card generation unit 535 extracts card authentication information from the card, performs a series of encryption operations, and compares and analyzes the encryption key included in the smart card personalization information to access the network accessed by the terminal smart card generation unit 535. Validate the smart card personalization information on the card server 540.

If it is not possible to authenticate the validity of the smart card personalization information in the above process (920), the terminal smart card generation unit 535 outputs a validity error message of the smart card personalization information to the network card terminal 505, public IC By returning the chip emulator 510 to the initialization state, the smart card service provision using the network card 500 is terminated.

On the other hand, if the validity of the smart card personalization information is authenticated (922), the terminal smart card generation unit 535 extracts the smart card personalization information from the network card server 540, and then is mounted on the network card terminal 505 The IC chip emulator 510 is dynamically personalized (924).

According to the present invention, the process of dynamically personalizing the common IC chip emulator 510 of the network card terminal 505 by the terminal smart card generating unit 535 may include a null file on the common IC chip emulator 510. Each smart card personalization information file existing as [a file exists but the data in the file is empty] is stored in the card user's personal information and / or personal code and personal encryption key, electronic It is replaced with a smart card personalization information file on the network card server 540 that includes a signature key, a public certificate, and the like.

In addition, after providing the smart card service through the terminal smart card, the process of deleting the smart card personalization information on the common IC chip emulator 510 is to return the smart card personalization information files to a null file with empty data. .

When the common IC chip emulator 510 mounted on the network card terminal 505 is dynamically personalized through the above process, the terminal smart card generation unit 535 is interworked with the smart card personalization information based on the network routing information. Dynamic post-issuance of smart card applications loaded in the smart card management area on the network card server 540 to the smart card execution area of the common IC chip emulator 510 mounted inside the network card terminal 505 collectively. (926).

According to the present embodiment, the terminal smart card generation unit 535 is mounted in the smart card management area of the network card server 540 as the smart card execution area of the common IC chip emulator 510 mounted in the network card terminal 505. The dynamic post-issuance process of batch smart card applications is performed by collectively copying smart card applications mounted in the smart card management area of the network card server 540 to the smart card execution area of the common IC chip emulator 510. Afterwards, the smart card management area information included in the smart card management program 545 and the smart card application information loaded in the smart card management area and the like are stored in the IC chip emulator management program and / or virtual of the common IC chip emulator 510. It is to be mounted as COS before.

According to the present invention, the smart card management area of the network card server 540 and the smart card execution area of the common IC chip emulator 510 mounted in the network card terminal 505 are smart of the smart card on which the physical IC chip is mounted. Since the same structure and functions are provided based on the card application area, the smart card application mounted in the smart card management area as described above is copied to the smart card execution area of the common IC chip emulator 510, and the smart card management program is executed. The common IC chip emulator 510 only transfers the smart card management area information and the smart card application information mounted in the 545 to the IC chip emulator management program and / or the virtual COS of the common IC chip emulator 510. The smart card application dynamic post-issue process for may be performed.

According to the present embodiment, when the size of the smart card execution region of the common IC chip emulator 510 is fixed in the above process, the size of the smart card execution region is larger than the smart card management region of the network card server 540. If the size of the smart card execution region is variable, the condition that the smart card execution region can be variably allocated on the network card terminal 505 is satisfied.

If the process of dynamically post-issuing the smart card application to the smart card execution region of the common IC chip emulator 510 mounted in the network card terminal 505 is not normally performed, the terminal smart card generation according to the present invention is generated. If this fails (928), the terminal smart card generation unit 535 outputs an error message to the network card terminal 505, and returns the common IC chip emulator 510 to an initial state (930), the network card 500 Ends the smart card service provision using).

On the other hand, the process of dynamically post-issuing the smart card application to the smart card execution region of the common IC chip emulator 510 mounted in the network card terminal 505 is normally performed, thereby successfully generating the terminal smart card of the present invention. 932, the terminal smart card generation unit 535 dynamically personalizes the common IC chip emulator 510 with the smart terminal application 520, and dynamically post-issues the smart card application, thereby providing a network card terminal 505. In operation 934, the terminal smart card capable of providing a smart card service is dynamically generated.

According to the present invention, if a terminal smart card capable of providing a smart card service in the network card terminal 505 is dynamically generated, the smart terminal application 520 mounted in the corresponding network card terminal 505 is a physical IC. As a smart card service is provided through a smart card on which a chip is mounted, a smart card service may be provided through a terminal smart card dynamically generated inside the network card terminal 505.

When the terminal smart card capable of providing the smart card service is dynamically generated in the network card terminal 505 as described above, the smart terminal application 520 selects the smart card service to be provided through the terminal smart card (936). The smart terminal application 520 instructs 938 smart card application information and / or data extraction to provide the selected smart card service to the terminal smart card via a CAD emulator 515.

According to the present invention, the above process is that the smart terminal application 520 mounted on the physical smart card terminal instructs the smart card application information and / or data extraction to the physical smart card through the physical CAD, the network card terminal Smart card application 520 extracts smart card application information and / or data into a terminal smart card dynamically generated in the corresponding network card terminal 505 through the CAD emulator 515 in which the smart terminal application 520 is implemented in software. Virtually to command.

When the smart card application information and / or data extraction command is transmitted to the terminal smart card dynamically generated in the network card terminal 505 through the above process, the IC chip emulator management program and / or virtual COS of the terminal smart card is By interpreting the smart card application information and / or data extraction command, the server validates the validity of the smart card application dynamically issued to the smart card execution region (940).

According to the present invention, the process of authenticating the validity of the smart card application dynamically issued in the smart card execution region of the terminal smart card may include smart cards such as ISO 7816, ISO / IEC 10536, ISO / IEC 14443, and EMV. The terminal smart card dynamically generated inside the network card terminal 505 guarantees the confidentiality, authentication, integrity, and nonrepudiation that the smart card service must provide in the process of using the physical smart card based on the standard regulations. To apply.

If the validity authentication for the smart card application dynamically issued to the terminal smart card is failed in the above process (942), the terminal smart card generation unit 535 outputs an error message to the network card terminal 505, and the common IC. By returning the chip emulator 510 to the initialization state (930), the smart card service provision using the network card 500 is terminated.

On the other hand, if the validation of the smart card application dynamically post-issued to the terminal smart card succeeds (944), the terminal smart card extracts and processes the smart card application information and / or data like the existing physical smart card and generates a CAD emulator (515). In step 946, the smart terminal application 520 is transmitted to the smart terminal application 520.

According to the present invention, the process of the terminal smart card in response to the command to extract the smart card application information and / or data, based on the smart card standard regulations such as ISO 7816, ISO / IEC 10536, ISO / IEC 14443, and EMV The same process as the physical smart card responds to the command to extract the smart card application information and / or data.

When the smart card application information and / or data is extracted and transmitted to the smart terminal application 520 as described above, the smart terminal application 520 provides a smart card service through the smart card application information and / or data (948) ).

According to the present invention, the process of providing the smart card service through the smart card application information and / or data transmitted from the terminal smart card, the smart terminal application 520, ISO 7816, ISO / IEC 10536, ISO / IEC 14443, The smart terminal application 520 mounted on the physical smart card terminal based on the smart card standard such as EMV is the same as the process of providing the smart card service.

If an error occurs in the process of providing a smart card service as described above (950), the smart terminal application 520 outputs an error message to the network card terminal 505 and initializes the common IC chip emulator 510. Returning to (930), the smart card service using the network card 500 is terminated.

On the other hand, if the smart card service providing process is normally completed (952), the smart terminal application 520 and the smart card personalization information from the terminal smart card dynamically generated in the network card terminal 505 through the terminal smart card generation unit 535 By deleting the dynamic post-issued smart card application, the terminal smart card is returned to the common IC chip emulator 510 (954), and then the smart card service proposed by the present invention is normally terminated.

In FIG. 9B, the terminal smart card generator 535 dynamically personalizes the common IC chip emulator 510 and selects a smart card application to be dynamically issued through the smart terminal application 520. This is for the case of selectively post-issuing a smart card application.

When the terminal application 525 of the network card terminal 505 obtains card information from the card through the I / O interface 530 (900), the terminal application 525 as shown in FIG. Through the process of authenticating the validity of the card through the obtained card information (904), and whether or not the network information is included in the card information (908) through the process of the network card 500 proposed by the card according to the present invention (910).

If the card is the network card 500 of the present invention, as shown in FIG. 9A, the terminal application 525 of the network card 500 extracts network routing information from the card information (912). The smart card generator 535 transmits the smart card generator 535 to the smart card generator 535, and the terminal smart card generator 535 accesses the smart card personalization information of the network card server 540 based on the network routing information. Validate the information (918). On the other hand, if the card is not the network card 500 of the present invention (920), the terminal application 525 terminates the smart card service proposed by the present invention.

If the validity of the smart card personalization information is authenticated (922), the terminal smart card generation unit 535 extracts the smart card personalization information from the network card server 540 as shown in FIG. The common IC chip emulator 510 mounted on the terminal 505 is dynamically personalized (924). On the other hand, if the validity of the smart card personalization information is not authenticated (926), the terminal smart card generator 535 outputs an error message, and after returning the common IC chip emulator 510 to the initial state (928), The smart card service proposed by the invention is terminated.

[Above, the above description is the same as in (a) of FIG. 9].

When the common IC chip emulator 510 mounted on the network card terminal 505 is dynamically personalized through the above process (930), the terminal smart card generating unit 535 is a smart terminal application (520) (525) to the common IC The personalization result of the chip emulator 510 is communicated (932).

According to the present embodiment, a process of dynamically post-issuing a smart card application through a process in which the terminal smart card generation unit 535 delivers the common IC chip emulator 510 personalization result to the smart terminal application 520 is started.

When the personalization result of the common IC chip emulator 510 is transferred to the smart terminal application 520 as described above, the smart terminal application 520 provides a smart card service to be provided through the corresponding network card 500 and a terminal smart card. The smart card application corresponding to the smart card service is selected through the generator 535 in the smart card management area of the network card server 540 (934).

According to the present embodiment, the terminal smart card generating unit 535 may include at least one smart card application among smart card applications mounted in the smart card management area of the network card server 540 to provide the smart card service selected as described above. Select.

As described above, when the terminal smart card generation unit 535 selects at least one or more smart card applications from the smart card applications mounted in the smart card management area of the network card server 540, the smart terminal application 520 is a terminal smart card. The generation unit 535 requests the post-issuance of the selected smart card application to the smart card execution region of the common IC chip emulator 510 mounted in the network card terminal 505 (step 936).

When the smart terminal application 520 requests dynamic post-issuance of the smart card application selected as the smart card execution region of the common IC chip emulator 510 mounted in the network card terminal 505, the terminal smart card generation unit 535 On the basis of network routing information, a common IC chip mounted in the network card terminal 505 selectively selects the smart card application mounted in the smart card management area on the network card server 540 linked with the smart card personalization information. Dynamic post-issuance to the smart card execution region of emulator 510 (938).

According to this embodiment, the process and method for dynamically post-issuing the smart card application as described above are the same as described in (a) of FIG. However, in FIG. 9A, all smart card applications mounted in the smart card management area are collectively dynamically post-issued to the smart card execution area of the common IC chip emulator 510. ) Is a dynamic post-issuance of only smart card applications corresponding to the smart card service to be provided at present.

When the terminal smart card that satisfies the optimal condition for providing the smart card service is dynamically generated through the above process, the terminal smart card generator 535 may provide the smart card service in the network card terminal 505. To the smart terminal application 520 that the optimized terminal smart card is dynamically generated.

When the optimal terminal smart card capable of providing a smart card service in the network card terminal 505 is dynamically generated through the above process, the smart terminal application 520 may display the corresponding smart card as shown in FIG. Instructs the smart card application information and / or data extraction for providing the selected smart card service to the terminal smart card via the CAD emulator 515 to provide the service (940), and manages the IC chip emulator of the terminal smart card. The program and / or virtual COS authenticates the smart card application dynamically and post-issued to the smart card execution region by interpreting the smart card application information and / or data extraction command (942).

If validation of the smart card application dynamically post-issued to the terminal smart card succeeds (944), the terminal smart card extracts and processes the smart card application information and / or data like the existing physical smart card and generates a CAD emulator (515). In step 946, the smart terminal application 520 provides a smart card service through corresponding smart card application information and / or data. On the other hand, if validation of the smart card application fails (950), the terminal smart card generator 535 outputs an error message to the network card terminal 505, and by returning the common IC chip emulator 510 to the initial state In operation 928, the smart card service using the network card 500 is terminated.

When the process of providing the smart card service is normally completed as described above (952), the smart terminal application 520 is smart from the terminal smart card dynamically generated in the network card terminal 505 through the terminal smart card generation unit 535 By deleting the card personalization information and the dynamic post-issued smart card application, the terminal smart card is returned to the common IC chip emulator 510 (954), and then the smart card service proposed by the present invention is normally terminated. If an error occurs while providing the smart card service (956), the smart terminal application 520 outputs an error message to the network card terminal 505, and returns the common IC chip emulator 510 to an initial state (928). Then, the smart card service using the network card 500 ends.

According to the present invention, by implementing a smart card that is linked to / interlocked with the network card in the network card terminal, from the point of card issuer, the first can provide a variety of smart card services through the existing card without issuing a new smart card There is this.

Second, it is possible to reduce the shock absorbing costs and large promotional costs incurred in transferring the card to the smart card.

Third, the smart card terminal replacement cost required for the smart card infrastructure construction process can be solved by simply upgrading the existing MS card terminal.

Fourth, the advantage of reducing the cost of creating and issuing large-scale smart cards is to move network card users first to selectively physical smart card users.

Fifthly, it can significantly reduce the cost of building a smart card infrastructure, and can act as a buffer for gradually moving to a physical smart card.

In addition, from the point of view of a card user, first, there is an advantage that a smart card service that provides various additional services through an existing card can be provided.

Second, when using the card number of the card already issued as network routing information, by upgrading the software of the card terminal, by adding a method of interworking the card terminal with the network card server through a gateway on the network, There is an advantage in that a smart card service can be provided without a new card reissue process.

Third, even if the card used as a network card is lost, it is possible to extend the previously provided smart card service through simple reissue of the card and interworking of the IC chip emulator.

In addition, from the standpoint of merchants, there is an advantage in that it is possible to immediately provide various types of smart card services that are not possible with existing cards only by upgrading the network card terminal.

Claims (1)

 Extracting, from the network card, network routing information that allows the card terminal to access the network card server providing the smart card management area including the smart card personalization information and the smart card application; Confirming the smart card personalization information and the smart card application by accessing the smart card personalization information and the smart card application management area of the network card server based on the extracted network routing information from the card terminal; And And receiving a post-issuance of the identified smart card application from a card terminal.

Images