KR101583156B1 - Card reader, terminal and method for processing payment information thereof - Google Patents
Card reader, terminal and method for processing payment information thereof Download PDFInfo
- Publication number
- KR101583156B1 KR101583156B1 KR1020140131078A KR20140131078A KR101583156B1 KR 101583156 B1 KR101583156 B1 KR 101583156B1 KR 1020140131078 A KR1020140131078 A KR 1020140131078A KR 20140131078 A KR20140131078 A KR 20140131078A KR 101583156 B1 KR101583156 B1 KR 101583156B1
- Authority
- KR
- South Korea
- Prior art keywords
- card
- information
- encryption key
- key
- password
- Prior art date
Links
Images
Abstract
The present invention relates to a card reader, a terminal, and a payment information processing method using the same, wherein the card reader includes: a connector connected to be able to communicate with an external terminal; A reader unit for acquiring IC card (Integrated Circuit Card) information; A layer configuration unit configured to randomly configure a key input layer in which a plurality of keys for inputting a password are arranged; An interface for transmitting information on a randomly configured key input layer to an external terminal and receiving positional information on an IC card password input on a key input layer from an external terminal; And a password detector for processing received location information to detect a password input from an external terminal.
Description
The present invention relates to a method of processing payment information using a card reader connectable to a terminal such as a mobile phone.
Typically, a card payment terminal is equipped with a magnetic stripe reader (MSR) module for reading the encoded card information on the magnetic strip of the card. At this time, the card information read through the magnetic strip reader is in the form of an analog signal and is in an unencrypted plaintext information state.
In addition, an IC card called a smart card is a card having a microprocessor and a memory, and can store and process information in the card, thereby minimizing the risk of forgery and alteration of the magnetic card and providing a variety of services . The storage capacity is higher than that of the conventional magnetic card, so that it is possible to perform various additional functions requiring additional information storage, and the security problem can be improved.
IC card is divided into contact type and non-contact type depending on the method of use. The contact type IC card is a type of IC card having a metal pattern on the front face of a card. The contactless type IC card includes a module and an antenna So that card information can be read through an IC card reader provided in the card payment terminal.
Such a card settlement terminal is generally connected to a relay server or a VAN company server through a dedicated on / off line to perform a credit card settlement service. However, in recent years, there has been an increasing demand for credit card payment service in connection with a conventional mobile terminal rather than a dedicated payment terminal.
The present invention provides a card reader, a terminal, and a payment information processing method using the card reader, which can improve security for card related information.
A card reader according to an embodiment of the present invention includes: a connector communicably connected to an external terminal; A reader unit for acquiring IC card (Integrated Circuit Card) information; A layer configuration unit configured to randomly configure a key input layer in which a plurality of keys for inputting a password are arranged; A first encryption key for encrypting layout information of the randomly configured key input layer is received through the connector and the layout information for the randomly configured key input layer is encrypted with the first encryption key, An interface for receiving location information on an IC card password input on the key input layer from the external terminal; And a password detector for processing the received location information to detect a password input from the external terminal.
According to another aspect of the present invention, there is provided a terminal comprising: a connection port including at least one terminal connected to a card reader for acquiring IC card information; A first encryption key generator for generating a first encryption key; Wherein the card reader transmits the first encryption key to the card reader through the connection port, and the card reader transmits layout information on the randomly configured key input layer encrypted with the first encryption key, Encrypts the position information of the IC card password input on the input layer with the second encryption key and transmits the encrypted information to the card reader, and transmits a transaction approval request including the detected password using the transmitted position information An interface for receiving a message from the card reader; And a communication module for transmitting the received transaction approval request telegram to a relay server for card settlement.
According to another aspect of the present invention, there is provided a payment information processing method for processing payment information in a card reader including a connector communicably connected to an external terminal and a reader for acquiring card information, the method comprising: Randomly configuring a key input layer in which a plurality of keys for inputting a password are arranged; Receiving a first encryption key for encrypting placement information for the key input layer; Generating a second encryption key for encrypting location information on an IC card password input on the key input layer; Encrypting layout information for the second encryption key and the key input layer using the first encryption key and transmitting the encryption information to the external terminal; Receiving location information on an IC card password input on the key input layer encrypted with the second encryption key from the external terminal; Processing the received location information to detect a password input from the external terminal; And generating a transaction approval request message including the detected password and transmitting the transaction approval request message to the external terminal.
The payment information processing method may be embodied as a computer-readable recording medium on which a program for execution by a computer is recorded.
According to an embodiment of the present invention, a key input layer for inputting a password is randomly configured in a card reader for inputting and processing a card password, The terminal encrypts the location information of the password input by the user with the encryption key received from the card reader and transmits the encrypted location information to the card reader so as to prevent mutual leakage of the password in a multi- The security can be greatly improved.
1 is a system configuration diagram illustrating a payment method of a terminal using a card reader according to an embodiment of the present invention.
2 is a perspective view illustrating an embodiment of a connection method between a mobile terminal and a card reader.
3 is a block diagram illustrating a configuration of a terminal according to an embodiment of the present invention.
4 is a block diagram showing a configuration of a card reader according to an embodiment of the present invention.
5 is a flowchart illustrating a payment information processing method according to an embodiment of the present invention.
6 is a timing chart showing an embodiment of operations of a card reader, a terminal, and relay servers for processing IC card payment information.
7 is a diagram showing an example of a key input layer for inputting a password.
8 is a graph showing an example of location information of an inputted password.
9 is a timing chart showing an operation of a card reader, a terminal, and relay servers for processing magnet card payment information according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
First, the terms used in the specification of the present invention will be briefly defined, and then an embodiment of the present invention will be described.
The term " terminal "described in this specification may include a mobile phone, a smart phone, a laptop computer, a digital broadcast terminal, a PDA (Personal Digital Assistants), a PMP (Portable Multimedia Player) The present invention is not limited thereto, and may be various devices capable of user input and information display.
The term "relay server" refers to a server of a VAN company that relays a credit card electronic payment. However, various types of servers related to credit card electronic payment may also be applicable. The actual payment relay function and other additional functions may be separated into separate server types.
1 is a block diagram of a terminal settlement system using a card reader according to an embodiment of the present invention.
An electronic payment system according to an embodiment of the present invention includes a
For example, the
The
The
However, the present invention is not limited to this, but may be a server for relaying only the purchase of a paper other than a server for payment by the
In the embodiment of the present invention, the seller's
The
When the transaction is approved or canceled using the
In the embodiment of the present invention, the
Also, the
In the embodiment of the present invention, the
Thereafter, when a predetermined password is received from the seller's
If the
Although the
For example, a seller may access an affiliate site on the Internet or an application market such as an Android market or an app store, enter information of a seller and a seller terminal, join a member, 110 may be downloaded from the web.
At this time, the uploading, updating information or other management of the
Hereinafter, a connection relationship between the
2, the
For example, the
The
When the
The card information read by the
At this time, the card information read through the
The
For example, in the case of a contactless IC card, an IC card reader provided in the
The IC card may be an IC chip conforming to the EMV standard and a card having the application embedded therein. The EMV is an international standard for credit and debit transactions established jointly by card companies of Europay / MasterCard / Visa. It means the standard for the transaction used.
In the case of the IC card, the
The
The
The
The
3 is a block diagram illustrating a configuration of a terminal 100 according to an embodiment of the present invention.
Referring to FIG. 1, a terminal 100 includes a
The terminal 100 includes a
The
The
The
The card
At this time, the card
The
Herein, the PIN information may be authenticated by the
The card
When the terminal 100 includes the
The card
The credit card
The
The
For this purpose, the
On the other hand, the first encryption
The first encryption key may be transmitted to the
The first encryption
Then, the encryption /
Accordingly, the card
4 is a block diagram illustrating a configuration of a
4, the
On the other hand, the
The
Also, the
The
For example, in the case of an IC card, it is necessary to input a PIN (Personal Identification Number) for payment. The
The arrangement information for the keys randomly arranged in this way can be encrypted in the encryption /
Accordingly, the
On the other hand, the second encryption
Then, the encryption /
The
The
Thereafter, the terminal 100 transmits the second encryption key encrypted with the received first encryption key and the layout information on the randomly configured key input layer encrypted with the first encryption key to the first encryption key through the
When the user inputs the PIN using the password input screen of the terminal 100, the position information on the inputted password is encrypted with the second encryption key through the
According to the embodiment of the present invention, the password information transmitted to the
The encryption /
The
According to an embodiment of the present invention as described above, a key input layer for inputting a password may be randomly configured in the
For example, even if a person hackes an interface, a connector, a communication port, or the like, security can be maintained because the private key corresponding to the first encryption key is not present or the symmetric key corresponding to the second encryption key is unknown. Only the location information of the key input layer and the location information of the password can be known, and the password itself is not leaked, so that the security can be formed in a multi-layered structure.
Meanwhile, the
The
The
The transaction approval request message may be generated according to the EMV (Europay Mastercard Visa) standard.
The
The
The
The
When the
On the other hand, in a state where the
That is, in the standby state, the
The
Accordingly, when the
Therefore, the
FIG. 5 is a flowchart illustrating a payment information processing method according to an embodiment of the present invention. Referring to FIG. 5, a method of processing the payment information shown in FIG. 4 includes a configuration of a
Referring to FIG. 5, the
In step S2, the
Here, the first encryption key may be a public key generated in the terminal 100, and a private key corresponding to the first encryption key may be stored in the
Thereafter, the second encryption
Here, the generated second encryption key may be a symmetric key, and the second encryption key to be transmitted may be copied and stored in the
Then, the encryption /
The
The terminal 100 decrypts the encrypted layout information about the key input layer using the private key corresponding to the first encryption key, outputs the randomly configured key input layer using the decrypted private key, Location information on the IC card password can be obtained. The terminal 100 may encrypt the location information of the IC card password with the second encryption key and transmit the encrypted location information to the
Then, the encryption /
The
Meanwhile, the
In this case, the transaction approval request message generated by the
Hereinafter, embodiments of the payment information processing method according to the present invention will be described in detail with reference to FIGS. 6 to 9. FIG.
6 is a timing diagram illustrating an operation of a card reader, a terminal, and relay servers for processing IC card payment information.
Referring to FIG. 6, the terminal 100 executes a
The
It is to be noted that the
At this time, the terminal 100 can recognize the magnetic strip reader (MSR) 251 and the
Thereafter, when the seller inserts or brings the
The
Then, the terminal 100 transmits the information on the payment amount and the first encryption key, which is a public key, to the
The
The encryption /
Then, the
The terminal 100 decrypts the information encrypted with the first encryption key received from the
FIG. 7 shows an example of a configuration of a password input screen displayed on the terminal 100 using the key input layer. Numerical keys for inputting a password are randomly arranged on the screen.
The arrangement of the numeric keys as shown in FIG. 7 is determined by a key input layer randomly configured in the layer
Then, the encryption /
As described above, the second encryption key may be an encryption key of a symmetric key scheme, and accordingly, the
In step S23, the
Referring to FIG. 8, the
In this case, the coordinate values (x1, y1), (x2, y2), (x3, y3) and (x4, y4) of the contact points are input to the
Then, the
Then, in accordance with the EMV standard, the
The
FIG. 9 is a timing diagram illustrating an operation of a card reader, a terminal, and relay servers for processing magnet card payment information.
The
Referring to FIG. 9, the terminal 100 executes a
The
At this time, the terminal 100 can recognize the magnetic strip reader (MSR) 251 of the
When the seller slides the
The
After receiving the payment amount from the user in step S55, the terminal 100 confirms the transaction including the card information received from the
The terminal 100 performs an approval request to the
The above-described payment information processing method according to the present invention may be stored in a computer-readable recording medium. The computer-readable recording medium may be a ROM, a RAM, a CD-ROM , A magnetic tape, a floppy disk, an optical data storage device, and the like, and may also be implemented in the form of a carrier wave (for example, transmission over the Internet).
The computer readable recording medium may be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner. And, functional programs, codes and code segments for implementing the above method can be easily inferred by programmers of the technical field to which the present invention belongs.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention.
Claims (16)
A reader unit for acquiring IC card (Integrated Circuit Card) information;
A layer configuration unit configured to randomly configure a key input layer in which a plurality of keys for inputting a password are arranged;
And a controller for receiving a first encryption key for encrypting layout information of the randomly configured key input layer through the connector and transmitting layout information on the randomly configured key input layer encrypted with the first encryption key to the external terminal An interface for receiving location information on an IC card password input on the key input layer from the external terminal; And
And a password detector for processing the received location information to detect a password input from the external terminal.
Further comprising a second encryption key generating unit for generating a second encryption key for encrypting, by the external terminal, positional information on an IC card password inputted through the key input layer,
Wherein the interface unit transmits the second encryption key encrypted with the first encryption key and the arrangement information on the randomly configured key input layer encrypted with the first encryption key to the external terminal.
Wherein the second encryption key is an encryption key of a symmetric key method different from the encryption method of the first encryption key.
The interface unit
And receives from the external terminal location information on the IC card password input on the key input layer encrypted with the second encryption key.
And a decryption unit for extracting, based on the second encryption key, position information on the IC card password input on the key input layer.
Wherein the first encryption key is a public key encryption key generated in the external terminal, and the private key corresponding to the first encryption key is stored in the external terminal.
Wherein the key input layer is coordinate information of points at which the user touches the screen for inputting the password on the screen of the external terminal displayed with the key input layer.
Further receiving settlement amount information from the external terminal,
And the reader acquires the IC card information based on the payment amount information and the detected password.
Further comprising a professional generating unit for generating a transaction approval request message including the obtained IC card information, the detected password, and the received payment amount information according to an EMV (Europay Mastercard Visa) standard,
Wherein the generated transaction approval request message is transmitted to a relay server for payment of a card through the external terminal.
A magnetic strip reader for acquiring magnetic card information,
The obtained magnetic card information is transmitted to the external terminal,
Wherein the transaction approval request message including the magnetic card information and the payment amount information is generated in the external terminal and then transmitted to the relay server for payment of the card.
A first encryption key generator for generating a first encryption key;
Wherein the card reader transmits the first encryption key to the card reader through the connection port, and the card reader transmits layout information on the randomly configured key input layer encrypted with the first encryption key, And transmits the location information on the IC card password input on the key input layer encrypted with the second encryption key to the card reader, and transmits a transaction approval request message including the detected password using the location information An interface unit for receiving the card from the card reader; And
And a communication module for transmitting the received transaction approval request message to a relay server for card settlement.
A memory for storing a private key corresponding to the first encryption key; And
Further comprising: a decryption unit for decrypting the arrangement information for the key input layer encrypted with the first encryption key and the second encryption key encrypted using the first encryption key using the private key.
Further comprising a display unit for displaying a screen for inputting a password by using a key input layer received from the card reader,
Wherein the location information includes coordinate information of points contacted by a user on the password input screen.
Randomly configuring a key input layer in which a plurality of keys for inputting a password are arranged;
Receiving a first encryption key for encrypting placement information for the key input layer;
Generating a second encryption key for encrypting location information on an IC card password input on the key input layer;
Encrypting layout information for the second encryption key and the key input layer using the first encryption key and transmitting the encryption information to the external terminal;
Receiving location information on an IC card password input on the key input layer encrypted with the second encryption key from the external terminal;
Processing the received location information to detect a password input from the external terminal; And
Generating a transaction approval request message including the detected password, and transmitting the transaction approval request message to the external terminal.
Wherein the first encryption key is a public key generated by the RSA method in the external terminal, and the second encryption key is a DES symmetric key.
How to process payment information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140131078A KR101583156B1 (en) | 2014-09-30 | 2014-09-30 | Card reader, terminal and method for processing payment information thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140131078A KR101583156B1 (en) | 2014-09-30 | 2014-09-30 | Card reader, terminal and method for processing payment information thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20140128912A KR20140128912A (en) | 2014-11-06 |
KR101583156B1 true KR101583156B1 (en) | 2016-01-08 |
Family
ID=52454658
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020140131078A KR101583156B1 (en) | 2014-09-30 | 2014-09-30 | Card reader, terminal and method for processing payment information thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101583156B1 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101560720B1 (en) * | 2015-03-24 | 2015-10-16 | 주식회사지니 | Payment processing system using encrypted payment information and method for processing thereof |
KR101691170B1 (en) * | 2015-06-18 | 2016-12-30 | 한국정보통신주식회사 | A portable terminal, a method for processing card information using it |
KR101957885B1 (en) * | 2017-05-25 | 2019-03-13 | 주식회사 코밴 | Method of payment processing and security card reader device performing the same |
KR101872261B1 (en) * | 2017-08-30 | 2018-06-29 | 한국인증서비스 주식회사 | Ic card information security transmission system and online payment method using the same |
CN113450110A (en) * | 2020-03-26 | 2021-09-28 | 苏州佳世达光电有限公司 | Secure payment system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100725146B1 (en) | 2005-12-08 | 2007-06-04 | 주식회사 케이티프리텔 | System and method for settlement by using card recognition equipment |
KR101282474B1 (en) | 2011-11-30 | 2013-07-04 | 에스케이씨앤씨 주식회사 | Payment system for supporting contactless payment with NFC card and payment method thereof |
-
2014
- 2014-09-30 KR KR1020140131078A patent/KR101583156B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100725146B1 (en) | 2005-12-08 | 2007-06-04 | 주식회사 케이티프리텔 | System and method for settlement by using card recognition equipment |
KR101282474B1 (en) | 2011-11-30 | 2013-07-04 | 에스케이씨앤씨 주식회사 | Payment system for supporting contactless payment with NFC card and payment method thereof |
Also Published As
Publication number | Publication date |
---|---|
KR20140128912A (en) | 2014-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101492054B1 (en) | Card reader, terminal and method for processing payment information thereof | |
JP7204705B2 (en) | Validation of online access to secure device functions | |
US9129199B2 (en) | Portable E-wallet and universal card | |
US9218557B2 (en) | Portable e-wallet and universal card | |
US9177241B2 (en) | Portable e-wallet and universal card | |
US8671055B2 (en) | Portable E-wallet and universal card | |
WO2013112839A1 (en) | Portable e-wallet and universal card | |
KR101143856B1 (en) | Card reader, mobile terminal and payment method using the same | |
KR101583156B1 (en) | Card reader, terminal and method for processing payment information thereof | |
CN105103174A (en) | Systems, methods and devices for transacting | |
JP2016511864A (en) | Authentication device and related method | |
JP2022501875A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
US20190095902A1 (en) | System and method of processing payment transactions via mobile devices | |
KR101677803B1 (en) | Card reader, terminal and method for processing payment information thereof | |
KR101743116B1 (en) | A multi card reader module and an appratus using it | |
KR101695097B1 (en) | Method for Providing Simple Payment based on One Time Password Card | |
KR101547937B1 (en) | A portable terminal, a method for processing card information using it and a card reader | |
KR101691172B1 (en) | A portable terminal, a method for processing information using it | |
KR101691170B1 (en) | A portable terminal, a method for processing card information using it | |
KR101691171B1 (en) | A portable terminal, a method for processing card information using it | |
KR200481097Y1 (en) | A card reader appratus for a transaction and a portable terminal | |
KR101691173B1 (en) | A portable terminal, a method for processing transaction information using it | |
KR20180040869A (en) | Method for processing payment, potable terminal and payment system thereof | |
KR20170007601A (en) | Complex financial terminal, Complex financial services system using Complex financial terminal and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
FPAY | Annual fee payment |
Payment date: 20181206 Year of fee payment: 4 |
|
FPAY | Annual fee payment |
Payment date: 20191114 Year of fee payment: 5 |