KR101726243B1 - Mutual authentication and key exchange method for key renewal of payment system, and key sharing method with third-party servers - Google Patents

Abstract

The present invention relates to a mutual authentication and key exchange method for updating a key of a payment system, and a key sharing method with another server. The present invention relates to a payment server, which is performed by a key management server that issues a unique key necessary for decrypting encrypted data received from an arbitrary payment terminal at the request of a payment server, Receiving a key issuing request including an ID; Determining whether to issue a key based on at least one of an operating entity of the payment server or a device ID of the arbitrary payment terminal; And generating a unique key for the arbitrary payment terminal on the basis of the device ID of the arbitrary payment terminal and the base key stored in the key management server according to a result of the determination, . According to the present invention, it is possible to receive transaction approval from a payment server by different operating entities from a merchant to a single settlement terminal.

Description

TECHNICAL FIELD [0001] The present invention relates to a mutual authentication and key exchange method for updating a key of a billing system, and a method of sharing a key with another server,

The present invention relates to a mutual authentication and key exchange method for updating a key of a payment system and a key sharing method with another server. More particularly, the present invention relates to a method and system for updating a key stored in a payment terminal, To a mutual authentication and key exchange method for updating a key of a payment system that enables a payment procedure to be performed with a plurality of payment server servers using only one settlement terminal through sharing a key with a payment server, .

Korea boasts the world's highest credit card penetration rate and utilization rate. The amount of card use is also rapidly increasing over the years. As a result, the penetration rate of credit card payment terminals and usage rates for offline stores are also increasing. Off-line stores use a credit card payment terminal that is paid by one or more payment agencies (so-called Value Added Network) to sign payment agreements with a credit card company and receive payment by credit card. In addition, the payment agent acts as a payment agent between the offline merchant and the credit card company by operating a system for intermediating credit card transactions originating from the credit card payment terminal.

In this process, the payment agent company's system and the credit card payment terminal transmit and receive sensitive transaction information including credit card information. In the case where such transaction information is captured, a third party who has taken the transaction information obtains an unjust gain by performing settlement using the credit card information of the other party and accepting the transaction, and accordingly, victims of good faith are frequently encountered. Therefore, settlement agencies are devising and using various methods of encryption and decryption of transaction information in order to enhance security during transmission and reception of transaction information.

However, since the conventional encryption / decryption method differs for each settlement agency, transaction information generated at a credit card payment terminal provided by one settlement agency can be decrypted only through the system of the settlement agency. Accordingly, when an error occurs in a network of a specific settlement agency, a merchant holding only a settlement terminal of a settlement agency can not perform credit card settlement until the error is resolved. Therefore, the franchisees having a large size have solved such a network problem by providing a plurality of credit card payment terminals each paid by a plurality of settlement agents. However, since small franchisees have only a payment terminal of one settlement agency, .

Also, when two or more settlement agencies attempt to solve the above-mentioned problem by unifying the encryption decryption method and using a single encryption decryption key for the same settlement terminal, the encryption decryption key is exposed to a plurality of different operating entities, There is a problem that the transaction stability is lowered because the possibility of double approval is increased in different settlement agencies by using one transaction information generated at the settlement terminal.

Or if two or more payment agencies use the same encryption key and use the same encryption key, in order to secure the security, the other payment agent company must request the encryption key every time the transaction is made to the system of one payment agent There was a problem. In this case, if a system error occurs in one settlement agency, the conventional problem that another settlement agency can not perform the settlement can not be solved.

Korean Patent Registration No. 10-0627807 discloses a system and method for managing and managing a mobile terminal payment and reception apparatus in which a dongle is installed in a credit card inquiry device so that credit card information stored in a mobile communication terminal can be transferred to a credit card inquiry device, The present invention relates to a method for enabling transactions to be made using credit card information stored in a mobile communication terminal rather than a credit card.

However, even with this conventional technique, since the encryption decryption method differs depending on the settlement agency that paid the credit card inquiry, the conventional problem of difficulty in replacing the system when a system or network error occurs in the settlement company can not be solved.

Therefore, a mutual authentication and key exchange method for updating a key of a settlement system and a key sharing method with another server are required to solve the above problems.

On the other hand, the background art described above is technical information acquired by the inventor for the derivation of the present invention or obtained in the derivation process of the present invention, and can not necessarily be a known technology disclosed to the general public before the application of the present invention .

Therefore, an embodiment of the present invention proposes a method of sharing an encryption key for a payment terminal among settlement agencies so that a credit card settlement can be stably performed even if a network error occurs in some settlement agencies The present invention provides a mutual authentication and key exchange method for updating a key of a payment system, and a key sharing method with another server.

In addition, an embodiment of the present invention provides a mutual authentication and key exchange method for updating a key of a payment system that can maintain sufficient security even when different settlement agencies share an encryption key for a payment terminal, The purpose of the key sharing method is to provide.

It is another object of the present invention to provide a mutual authentication and key exchange method for updating a key of a billing system enabling on-line registration and updating of an encryption key, and a key sharing method with another server.

In an embodiment of the present invention, in transmitting sensitive information such as transaction information from a payment terminal to a server, a mutual authentication and key exchange method for updating a key of a payment system capable of protecting transmission data, There is a purpose in providing a sharing method.

According to a first aspect of the present invention, there is provided a key management system for issuing a unique key necessary for decrypting encrypted data received from a payment terminal by a payment server, Receiving, by the server, a key issuing request transmitted from the payment server, the key issuing request including a device ID of the arbitrary payment terminal; Determining whether to issue a key based on at least one of an operating entity of the payment server or a device ID of the arbitrary payment terminal; And generating a unique key for the arbitrary payment terminal on the basis of the device ID of the arbitrary payment terminal and the base key stored in the key management server according to a result of the determination, .

According to another aspect of the present invention, the determining step may include determining to issue a unique key for the payment terminal if the principal of the payment server is a predetermined operator.

According to the present invention, in the determining step, when the subject who paid the arbitrary payment terminal is a predetermined operator based on the device ID of the arbitrary payment terminal, the unique key is issued to the arbitrary payment terminal And a step of determining the number

Further, in the present invention, the determining may include determining to issue a unique key for the arbitrary payment terminal if the device ID of the arbitrary payment terminal is a device ID previously registered in the key management server have.

According to a second aspect of the present invention, there is provided a payment terminal, which requests a unique key required for the payment terminal to encrypt data at the request of the payment terminal to the key management server and is performed by the terminal registration server provided to the payment terminal Receiving a key issuance or update request transmitted from the payment terminal, the request including a device ID of the payment terminal; Requesting the key management server to issue a unique key to the payment terminal using the device ID of the payment terminal included in the key issuance or update request; And transmitting the encrypted data 2 generated by encrypting the unique key to the payment terminal when the unique key for the payment terminal is issued from the key management server.

Here, the key issuance or update request received from the payment terminal includes encrypted data 1 encrypted with a value including the server authentication information stored in the payment terminal and the time stamp generated by the payment terminal, the device ID of the payment terminal, And a variable value required to generate a temporary key used to encrypt the encrypted data 1, the method further comprising verifying the time stamp obtained by decrypting the encrypted data 1 with the temporary key and the server authentication information .

The encrypted data 2 may include a time stamp generated by the terminal registration server, a device ID of the payment terminal, and data obtained by encrypting the unique key.

The method may further include generating a temporary key using the variable value and the device ID of the payment terminal.

According to a third aspect of the present invention, there is provided a payment server for performing a transaction approval procedure according to a payment request of a payment terminal, the method comprising: receiving a payment request from the payment terminal; Retrieving a unique key for the payment terminal using the device ID of the payment terminal included in the payment request; Transmitting a key issuing request including the device ID of the payment terminal to the key management server if the unique key for the payment terminal is not stored; Storing a received unique key in a cache when the unique key corresponding to the key issuance request is received from the key management server; And decrypting the encrypted data included in the settlement request using the inherent key.

The method may further comprise determining a decoding method based on a format of the payment request received in the receiving step or a device ID included in the payment request, Selectively searching for the unique key, transmitting the key issuing request, storing the unique key in the cache, and decrypting the encrypted data, selectively only in the case of the first mode set .

The step of decrypting the encrypted data may include: calculating a built-in key set corresponding to the payment terminal using the unique key and the key serial number included in the payment request; And decrypting the encrypted data with an encryption key calculated using the computed built-in key set.

Wherein the key serial number includes transaction counter information generated by the payment terminal and indicating a device ID of the payment terminal and a transaction count of the payment terminal, . ≪ / RTI >

According to a fourth aspect of the present invention, there is provided a terminal management system comprising: a payment terminal that requests a unique key issuance or update to a terminal registration server, Issuing or updating a unique key including the encrypted data 1 encrypted with a value including the generated time stamp, the device ID of the payment terminal, and a variable value required to generate the temporary key used to encrypt the encrypted data 1 Sending a request; Receiving encrypted data 2 including an encrypted unique key from the terminal registration server; Decrypting the received encrypted data 2 with the temporary key to obtain the unique key; And computing a built-in key set using the unique key and storing the built-in key set.

Here, the encrypted data 2 includes a time stamp generated by the terminal registration server, a device ID of the payment terminal, and data obtained by encrypting the unique key, the method comprising: And verifying the time stamp generated by the terminal registration server and the device ID of the payment terminal.

According to a fifth aspect of the present invention, there is provided a billing system, comprising: a settlement terminal that requests a settlement request to a plurality of settlement servers including a first settlement server and a second settlement server, Sending a first payment request to the server; A built-in key set and a key serial number to generate a second payment request for the first payment server when a response to the first payment request is not received from the second payment server or a network error signal is received Loading; Calculating an encryption key using the loaded built-in key set and the key serial number, and encrypting the plaintext data including the financial transaction card information with the encryption key to generate encrypted data; And transmitting a second payment request including the encrypted data and the key serial number to the first payment server.

The method may further include updating the built-in key set using the encryption key, and updating the transaction counter information included in the key serial number, after the step of generating the encrypted data.

If the built-in key set for generating the second payment request is not stored or the issuance of a unique key for the entire update of the built-in key set is required, the loading step may include: Sending a key issuance or update request including the device ID of the device; Receiving a unique key for the payment terminal from the terminal registration server; And computing and storing the built-in key set using the inherent key.

According to one of the above-mentioned objects of the present invention, an embodiment of the present invention proposes a method of sharing an encryption key for a payment terminal among settlement agencies, So that the credit card settlement can be performed stably.

In addition, an embodiment of the present invention allows sufficient security to be maintained even if different settlement agencies share the encryption key for the settlement terminal.

Further, an embodiment of the present invention may enable the on-line registration and update of the encryption key.

In addition, one embodiment of the present invention can protect transmission data in delivering sensitive information such as transaction information from a payment terminal to a server.

The effects obtained by the present invention are not limited to the above-mentioned effects, and other effects not mentioned can be clearly understood by those skilled in the art from the following description will be.

1 is a diagram illustrating a network configuration of a payment system according to an embodiment of the present invention.
FIG. 2 is a flowchart illustrating a settlement process using a settlement system according to an embodiment of the present invention. Referring to FIG.
3 is a diagram showing a configuration of a key serial number of a payment system according to an embodiment of the present invention.
4 is a diagram illustrating a terminal registration process using a payment system according to an embodiment of the present invention.
5 is a diagram illustrating a general transaction process using a payment system according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "electrically connected" with another part in between . Also, when an element is referred to as "comprising ", it means that it can include other elements as well, without departing from the other elements unless specifically stated otherwise.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram illustrating a network configuration of a payment system according to an embodiment of the present invention. As shown in FIG. 1, the payment system according to an embodiment of the present invention includes encryption key management and security for encryption / decryption of plain text data (for example, credit card number, payment amount, card merchant point information, A key management server 20 which is responsible for a management function and provides a remote manager with a security management function such as a security policy and a system operating environment setting in the form of a GUI, and a security library capable of encrypting the above- And a payment server 30 for securely decrypting data using the same encryption key as the payment terminal 10 and the payment terminal 10. Here, the respective configurations, that is, the key management server 20, the payment terminal 10, and the payment server 30 exchange data through the network N. [

The network N may be a local area network (LAN), a wide area network (WAN), a value added network (VAN), a personal area network (PAN) wireless networks such as mobile radio communication network, Wibro (Wireless Broadband Internet), Mobile WiMAX, HSDPA (High Speed Downlink Packet Access) or satellite communication network. Further, the network N may include two or more different communication networks.

The payment system according to the embodiment of the present invention may further include a terminal registration server 30 '. The terminal registration server 30 'can be implemented by hardware or independent hardware that is the same as the above-described payment server 30. The terminal registration server 30' is provided with a built-in key for generating an encryption key, And registers the built-in key or the initial key assigned to each settlement terminal 10 in the settlement terminal 10, as shown in FIG. At this time, the terminal registration server 30 'assigns a new built-in key or a new initial key to each payment terminal 10 at predetermined intervals (at the time of initial use) or after the payment terminal 10 The built-in key set stored in the storage unit 10 can be updated.

The encryption key, the built-in key, and the initial key described above will be supplemented later.

Meanwhile, the payment system shown in FIG. 1 may include a plurality of payment terminals 10. Each payment terminal 10 reads data from a financial transaction card used by users such as a credit authorization terminal (CAT), a point of sale (POS) terminal, an ATM (Automated Teller Machine) And communicates with the network N in a wired or wireless manner as an information processing apparatus that requests the payment server 30 to make a settlement. The settlement terminal 10 is provided with a security library as described above, and the settlement terminal 10 manages a built-in key set, generates a one-time encryption key from a built-in key set each time a transaction is performed, Encrypt plaintext data such as transaction card information and payment information.

At this time, the payment terminal 10 is a terminal to be provided to the credit card merchant by each of the payment agencies operating the payment server 30, which will be described later. The payment terminal 10 includes any one of the plurality of payment servers 30 (The payment server 30 operated by the operating entity that paid the terminal to the merchant). However, if the payment server 30 or the network attempting to communicate or the network does not respond or if the response includes an error signal, the data is transmitted to another payment server 30 to request payment approval.

The payment system shown in FIG. 1 may include a plurality of payment servers 30. Here, the plurality of payment servers 30 does not mean that the number of hardware configurations constituting the payment server 30 is plural, and it means that one or more payment servers 30 operated by the same operating entity may be referred to as a group of payment When viewed by the server 30, means that at least two payment servers 30 of each group are operated by different operating entities. At this time, each payment server 30 operated by each operating entity issues a built-in key or an initial key corresponding to each payment terminal 10 from the key management server 20, A decryption agent that computes a one-time encryption key necessary for decrypting the encrypted data included in the received payment request is installed. The decryption agent receives the initial key or the built-in key of the settlement terminal 10 that has transmitted the settlement request by requesting the above-described key management server 20 to receive the same built-in key set built in the settlement terminal 10 A key set can be generated and cached. And decrypts the encrypted data received from the payment terminal 10 by using the received payment information and financial transaction card information to perform settlement.

At this time, some of the plurality of payment servers 30 may be a server operated by a payment agency or a server directly operated by a card company.

Here, when a settlement request is received from the specific settlement terminal 10, the decryption agent uses the built-in key set corresponding to the settlement terminal 10 if the settlement server 30 has already generated the built-in key set, When a payment request is first received from the key management server 10, the key management server 20 is accessed to acquire necessary data.

In particular, in the present invention, the payment terminal 10 storing a security library by a specific operating entity, for example, a second operating entity, makes a payment request to the second payment server 32, which is a payment server of the second operating entity, (N), it is possible to send a payment request to another operating entity, for example, the first payment server 31 of the first operating entity, to attempt to make a payment have.

In this case, when it is discriminated that the payment request is received from the payment terminal 10 containing the security library of the first operating entity, the second payment server 32 executes the above-described decryption agent And decrypt the encrypted data included in the received payment request. At this time, if the second payment server 30 does not already have the initial key or the built-in key necessary for the calculation of the encryption key necessary for decryption, the decryption agent requests the key management server 20 to acquire it.

That is, by allowing the second payment server 30 to access the key management server 20 managed by the first operating entity and the encryption key operation using the information provided by the key management server 20, The settlement server 30 by different operating entities can perform settlement in place of settlement, thereby enhancing stability.

At this time, the key management server 20 receives the initial key necessary for the calculation of the encryption key for the specific settlement terminal 10 from the settlement server by the operating entity other than the first operating entity, for example, the second settlement server 32 When the provision of the built-in key is requested, the operating entity of the second payment server 32 that has requested the built-in key is identified, the operating entity that paid the payment terminal 10 requesting settlement to the second payment server 32 is identified, It is possible to selectively determine whether a key or a built-in key is provided.

For example, if it is determined that the payment terminal 10 is the payment terminal 10 paid by the first operating entity, regardless of the operating entity of the payment server 30 requesting the key providing, And can provide the settlement server 30 with the initial key or the built-in key for the corresponding settlement terminal 10. At this time, if the settlement terminal 10 is not paid by the first operating entity, the key management server 20 may determine whether to provide the key by identifying the operating entity of the payment server 30 requesting the key providing. Alternatively, at this time, the key management server 20 may determine whether to provide a key based on the device ID (to be described later) of the payment terminal 10.

Alternatively, the key management server 20 may transmit the initial key or the built-in key for the payment terminal 10, depending on who is the principal of the payment server 30 that requested the key providing, regardless of the principal who paid the payment terminal 10 And to provide it to the payment server 30.

At this time, the key management server 20 and the payment server 30 can communicate through the secure channel.

In addition, the key management server 20 may be formed in one hardware configuration common to a plurality of payment servers 30, and may be provided separately for each payment server 30. [ Only a plurality of key management servers 20 connected to the first payment server 30 are provided as the main key management server 20 in the case where a plurality of the key management servers 20 are provided for each of the payment servers 30, And the remaining key management servers 20 are connected to the main key management server 20 through a secure channel so that each time the generation of the initial key for each payment terminal 10 is requested, You may be offered temporary skiing or you may be provided initial keys.

Specifically, the following scheme is applied to implement the payment system according to the embodiment of the present invention.

(1) The key management server 20 is separately installed on the operating entity side of the payment server 30 and connected to the payment server 30, or the existing key management server 20 ).

(2) A decryption agent for performing a payment method according to an embodiment of the present invention, specifically, mutual authentication for key update and key exchange method, is installed in the payment server 30. At this time, the payment server 30 may include the terminal registration server 30 'as described above.

(3) The unique key for each settlement terminal 10 is generated using the key management server 20. Here, the unique key can be generated based on the device ID of each payment terminal 10 and the base key managed only by the key management server 20, and can be the above-mentioned initial key. The unique key generated by the key management server 20 can be transmitted to the payment terminal 10 through the payment server 30 or the terminal registration server 30 '.

Optionally, the key management server 20 may be provided with a device ID or a device ID of the payment terminal 10 to which the initial key is to be issued, in response to a request from the payment server 30, At least a part of the data can be registered and when the payment server 30 requests the issuance of the initial key for the specific payment terminal 10, the key management server 20 registers the device ID of the payment terminal 10 And can only issue the initial key if it is already registered. In addition, the key management server 20 may determine whether the specific settlement terminal 10 has been paid by the operating entity to the merchant, and determine whether to issue the initial key.

(4) A security library for performing the mutual authentication and key exchange method according to the embodiment of the present invention is installed in each settlement terminal 10.

(5) The key management server 20 securely stores the unique key for each settlement terminal 10, and distributes the unique key to the settlement server 30 through a secure channel. The target receiving the unique key distributed here may be the payment server 30 or the terminal registration server 30 '.

(6) The payment terminal 10 and the payment server 30 (or the terminal registration server 30 ') transmit the unique key for each payment terminal 10 to the payment terminal 10 through a secure mutual authentication channel.

(7) Important information (financial transaction card information and payment information, etc.) of the settlement terminal 10 is encrypted through the security library and decrypted through a decryption agent installed in the payment server 30, thereby proceeding with secure settlement.

When the payment server 30 and the terminal registration server 30 'are separately provided, the unique key for each payment terminal 10 is received from the key management server 20, stored therein, and transmitted to the payment terminal 10 The terminal registration server 30 'performs the role of distribution, but the payment server 30 can integrally perform the role of the terminal registration server 30' as described above.

In the following, detailed functions of each of the above-described configurations are summarized in the table.

division main function The details The key management server 20 - Initial key generation
- Initial key distribution
- Initial key management - Initial key generation for each primary and billing terminal (10)
- Initial key management by primary key and billing terminal (10)
- Initial key distribution to the payment server (30) or terminal registration server (30)
- Manage logs related to key management
- access control to payment server (30) The payment server 30,
+ Terminal registration server 30 - Request to generate initial key
- Initial key distribution
- Use initial key
- Data decoding
- Terminal mutual authentication - Request to generate initial key
- Initial key distribution in conjunction with key management server (20)
- Built-in key generation and management
- Encryption key generation
- Data decoding
- Terminal mutual authentication The payment terminal 10, - Initial key injection
- Use initial key
- Data Encryption
- Server mutual authentication - initial key injection in the terminal
- Built-in key set creation using initial key
- Encryption key generation with built-in key set
- Built-in key set and key serial number Import / Export
- Data Encryption
- Server mutual authentication

The functions summarized in the above table will be described in detail with reference to Fig. 2 below. FIG. 2 is a flowchart illustrating a settlement process using a settlement system according to an embodiment of the present invention. Referring to FIG.

A process of registering a new payment terminal 10 between the payment terminal 10 and the terminal registration server 30 'and the key management server 20 will be described with reference to FIG. Here, the terminal registration server 30 'may be a configuration that is substantially indistinguishable from the payment server 30, and may be installed in the same hardware as the payment server 30 as a program or a program module.

1-1. The payment terminal 10 requests the terminal registration server 30 'to register the terminal or the administrator of the terminal registration server 30' requests registration of the specific payment terminal 10 through the administrator terminal (not shown) . Here, the terminal registration request may include a device ID (Identification) of the corresponding terminal or a key serial number to be described later.

Here, the key serial number may include a device ID and a transaction counter.

Specifically, the key serial number may have a configuration as shown in FIG. 3 is a diagram showing the configuration of the key serial number for each field.

The key serial number is data having a total capacity of 10 bytes and is unique to each settlement terminal 10 and can be stored and operated in a nonvolatile storage of each settlement terminal 10. [

As shown in FIG. 3, the key serial number includes a 7-byte device ID including a 1-byte update number identifier and a 6-byte terminal unique identifier, and includes a 3-bit null value, And may include a counter value.

The update number identifier is used to indicate whether the initial key for generating a built-in key or a built-in key in the payment terminal 10 has not been updated since the first injection, or updated, and how many times the update has been performed It is an identifier.

And the counter represents the number of cumulative transactions using the key serial number.

The base key is stored in the key management server 20 only as a unique key that is basically necessary for the operation of the key management server 20 It is not exposed to the outside. The initial keys for all settlement terminals 10 are generated based on the base key.

The initial key is generated by the key management server 20 as a unique key for each payment terminal 10. The key management server 20 generates an initial key of each settlement terminal 10 by using the device ID and the base key of each settlement terminal 10. [ The initial key is a value for generating a built-in key to be described later and is transmitted to the payment server 30 and the payment terminal 10 respectively and is used to generate a built-in key using the initial key in the payment server 30 and the payment terminal 10 The settlement server 30 and the settlement terminal 10 are deleted. That is, the initial key is generated by the key management server 20 and is transmitted to the payment server 30 and the payment terminal 10, but is deleted after the built-in key is generated, thereby minimizing exposure of the initial key.

On the other hand, the built-in key is a key generated by the payment terminal 10 using the initial key and the key serial number, and can be constituted by a built-in key set including a plurality of keys. Particularly, at this time, the built-in key can be generated using the initial key and the counter value included in the key serial number.

Likewise, the payment server 30 also receives the initial keys of each of the plurality of payment terminals 10 from the key management server 20 and acquires the settlement terminal 10 using the key serial number and the initial key of each payment terminal 10 10) can be calculated and retained in the same manner. At this time, the payment server 30 stores the built-in key of each payment terminal 10 in the cache, and when a payment request is received from the specific payment terminal 10, the payment server 30 uses the built-in key of the corresponding payment terminal 10 stored in the cache The related data can be decoded. If the payment server 30 does not have a built-in key for the specific payment terminal 10 at this time, the key management server 20 requests and receives the initial key for the corresponding terminal, . In this embodiment, the initial key may be held in the cache of the payment server 30. [

On the other hand, the encryption key is a key used to generate the encrypted data by encrypting the plaintext data including the financial transaction card information acquired at the payment terminal 10 or payment information related to settlement, for example, payment amount or merchant information And at the same time, the payment server 30 which receives the encrypted data from the payment terminal 10 decrypts the encrypted data and obtains the plain text data including the financial transaction card information and the payment information again. At this time, the settlement terminal 10 may increment the counter value included in the key serial number by one every time the encryption key is newly calculated.

1-2. Meanwhile, when the key serial number of the payment terminal 10 is received by the terminal registration server 30 'as described above, the terminal registration server 30' can extract the device ID from the key serial number. However, if the device ID is received from the payment terminal 10 or the administrator terminal in step 1-1, the process may be omitted.

1-3. Subsequently, the terminal registration server 30 'requests the key management server 20 for the initial key for the corresponding payment terminal 10, using the device ID.

1-4. Accordingly, the key management server 20 generates the initial key of the corresponding settlement terminal 10 using the device ID and the base key received from the terminal registration server 30 '.

1-5. Subsequently, the key management server 20 transmits the created initial key to the terminal registration server 30 '.

1-6. The terminal registration server 30 'receives the initial key of the settlement terminal 10 to be registered from the key management server 20 and delivers the initial key to the settlement terminal 10. The terminal registration server 30 'may also transmit the generated initial key to the payment server 30.

1-7. Meanwhile, the settlement terminal 10 receives the initial key from the terminal registration server 30 '.

1-8. At this time, the payment terminal 10 calculates a key serial number stored in the payment terminal 10 together with the initial key to calculate a built-in key using the received initial key. In particular, the settlement terminal 10 can use the counter value included in the key serial number.

1-9. Subsequently, the settlement terminal 10 discards the temporarily stored initial key when the operation of the built-in key is completed.

Meanwhile, the registration process of the settlement terminal 10, in which the built-in key is stored or updated in the settlement terminal 10, can be performed not only when the settlement terminal 10 is newly registered but also when the settlement terminal 10 is registered Or may be repeatedly performed each time the transaction number of the payment terminal 10 exceeds a predetermined number of times as described above. At this time, when a new initial key is given to the already registered payment terminal 10 to update the built-in key stored in the payment terminal 10, the base key is changed or the calculation method of the initial key is changed to the same settlement terminal 10 So that the built-in key can be substantially updated by issuing a new initial key.

The following describes a process in which the settlement terminal 10 transfers a settlement request to the settlement server 30 after the built-in key is calculated and stored in the settlement terminal 10.

2-1. The settlement terminal 10 calculates the one-time encryption key by calculating the key serial number with the built-in key included in the built-in key set. At this time, when the settlement terminal 10 calculates the encryption key, the settlement terminal 10 can select and use some of the plurality of built-in keys included in the built-in key set by referring to the transaction counter value included in the key serial number . At this time, in computing the encryption key from the built-in key set, the settlement terminal 10 may use not only the transaction counter but also a security key to be described later as another key factor.

On the other hand, when the encryption key is calculated, the payment terminal 10 can increment the counter value stored in the key serial number by one.

2-2. Then, the settlement terminal 10 encrypts plaintext data including payment information and financial transaction card information using an encryption key, and generates encrypted data.

2-3. Then, the settlement terminal 10 may include the above-mentioned encrypted data and the key serial number in the settlement request and transmit the same to the settlement server 30. When it is determined that there is an error in the communication with the first payment server 31 that is set in advance among the plurality of payment servers 30, the settlement terminal 10 sends a payment request to another payment server 30, for example, the second payment server 32 ) To deliver the payment request.

2-4. On the other hand, the payment server 30 that received the payment request from the payment terminal 10 parses the data received from the payment terminal 10 and divides the data into the encrypted data and the key serial number.

2-5. The payment server 30 can read the device ID from the distinguished key serial number and can request the key management server 20 to use the initial key. Of course, if the built-in key for the payment terminal 10 is already stored in the payment server 30, this process can be omitted.

2-6. The key management server 20 receiving the initial key transmission request including the specific device ID from the payment server 30 calculates the initial key by calculating the base key and the device ID together. When the initial key for the device ID is already calculated and stored, it may not be calculated separately.

2-7. Subsequently, the key management server 20 transfers the calculated initial key to the payment server 30 again.

2-8. Upon receiving the initial key corresponding to the settlement terminal 10 requesting payment from the key management server 20, the payment server 30 calculates the built-in key by calculating the initial key and the key serial number together, do. Of course, when the built-in key for the payment terminal 10 that has requested settlement is already stored in the cache of the payment server 30, the above steps 2-5 to 2-8 may be omitted.

2-9. Meanwhile, the payment server 30 calculates the key serial number received from the built-in key and the payment terminal 10 to calculate an encryption key. This process can be performed in the same manner as the process 2-1 in which the encryption key is calculated in the terminal.

2-10. The payment server 30 can obtain plaintext data including payment information and financial transaction card information by decrypting the encrypted data received from the payment terminal 10 using the calculated encryption key, Procedure can be performed.

On the other hand, in the settlement method described with reference to FIG. 2, the payment server 30, the terminal registration server 30 ', and the key management server 20 communicate with each other using the formed secure channel, The security of the time can be maintained.

Also, when the payment terminal 10 communicates with the terminal registration server 30 ', a mutual authentication method can be used. Reference is made to FIG. 4 to describe this in more detail. 4 is a diagram illustrating a terminal registration process using a payment system according to an embodiment of the present invention.

Hereinafter, a process in which the payment terminal 10 receives the initial key from the terminal registration server 30 'and generates a built-in key in the payment terminal 10 will be described in more detail.

The settlement terminal 10 loads the device ID, generates a random value (S101), and issues a temporary key (S102).

Next, the settlement terminal 10 creates an authentication token to be transmitted to the server using the stored server authentication information, the random value, and the device ID (S103 to S105).

More specifically, after generating the time stamp 1 at the time of the payment terminal 10 (S103), the server authentication information stored in the payment terminal 10, the random value used for issuing the temporary key, the time stamp 1, With the provisional key to generate encrypted data 1 (S104).

At this time, the terminal registration server 30 'can generate and manage' terminal authentication information 'separately from the' server authentication information '. The terminal authentication information is unique to the terminal registration server 30 'and is a value obtained from the first random number generated uniquely for each payment terminal 10. For example, a certain number of digits may be obtained from a random number of 1024 Bytes And may be a value generated by arranging them in a specific order. At this time, the terminal registration server 30 'may store the terminal authentication information generated for each payment terminal 10. The payment terminal 10 may store the first random number used to generate the terminal authentication information for the payment terminal 10. Such terminal authentication information may be inserted together with the encrypted data 1 or an authentication token to be described later and used by the terminal registration server 30 'to verify the authentication token of the payment terminal 10.

More specifically, the payment terminal 10 may store the first random number used in generating the terminal authentication information, rather than the terminal authentication information itself, at the time of manufacturing the payment terminal 10, Information on a specific order to be extracted from the first random number and information on a specific order in which the terminal authentication information is to be arranged are defined so that the terminal authentication information can be obtained from the stored first random number . Thus, the terminal authentication information can be obtained from the first random number stored at the time of manufacture of the payment terminal (10).

That is, since only the first random number with the terminal authentication information hidden is transmitted to the manufacturer of the payment terminal 10, the manufacturer can know the terminal authentication information stored in the terminal registration server 30 'corresponding to each payment terminal 10 none. It is possible to acquire the terminal authentication information by installing the security library in which information necessary for acquiring the terminal authentication information is defined in the payment terminal 10 in the future.

At this time, the settlement terminal 10 may acquire the terminal authentication information from the stored first random number, and may generate the encrypted data 1 or the authentication token as described above.

Meanwhile, the payment terminal 10 may generate a new random number (hereinafter, referred to as a second random number) after acquiring the terminal authentication information. Then, the security key can be generated by extracting the specific digits from the second random number and arranging them in a specific order. Here, the settlement terminal 10 may use the generated security key as a key factor in computing an authentication key from a built-in key set together with a transaction counter.

Then, the settlement terminal 10 encrypts the already-calculated terminal authentication information by using the secret key, and inserts the encrypted terminal authentication information into a certain number of digits in a random value in a specific order. Thus, by storing the encrypted terminal authentication information and the second random number concealing the security key in the non-volatile memory of the settlement terminal 10, it is possible to prevent the server authentication information and the security key from being exposed to the outside.

This security key can be used to encrypt various security-required files stored in the payment terminal 10. For example, the settlement terminal 10 may calculate hash data of each file for self-verification of files requiring security, and may encrypt the calculated hash data and store it together with the file. At this time, the hash data of each file can be encrypted and stored using the above-described security key. Whenever the self-verification of the file is required, the encrypted hash data stored together with the file can be decrypted with the security key. At this time, the security key can be extracted and used whenever necessary at the second random number.

Then, the settlement terminal 10 recalculates the hash data of the file to be verified, and compares the hash data with the decrypted hash data to check whether or not they match. That is, when verifying the file, the payment terminal 10 calculates 1) the hash data of the file, 2) extracts the security key at the second random number, decrypts the encrypted hash data stored together with the file, and 3) The two hash data calculated through the processes 1) and 2) are compared and if they do not match, it is confirmed that the security file is tampered and the corresponding file can be destroyed.

Meanwhile, the payment terminal 10 generates an authentication token including encrypted data 1, a device ID, and a random value (S105).

Subsequently, the settlement terminal 10 transmits the generated authentication token to the terminal registration server 30 '(S106).

Accordingly, the terminal registration server 30 'verifies the authentication token received at the payment terminal 10 (S301 to S305).

Specifically, after separating the device ID, the random value, and the encrypted data 1 (S301), a temporary key is generated using the device ID and the random value (S302). The encrypted data 1 is decrypted with the provisional key to obtain the server authentication information, the random value, the time stamp 1, and the device ID (S303).

The terminal registration server 30 'verifies the decrypted time stamp 1 (S304), checks whether the server authentication information obtained by decrypting the authentication token matches the authentication information stored in the terminal registration server 30' (S305).

If the verification is successful, the terminal registration server 30 'requests the key management server 20 for the initial key using the device ID (S306).

Accordingly, the key management server 20 generates the initial key corresponding to the payment terminal 10 using the received device ID in step S306 (S201), and transmits the initial key to the terminal registration server 30 '. At this time, the key management server 20 may perform steps S201 to S202 only if the device ID received in step S306 is a previously registered device ID or conforms to the pre-registered condition.

Subsequently, when the terminal registration server 30 'receives the initial key from the key management server 20, the terminal registration server 30' generates a server authentication token using this key (S307 to S308).

That is, a time stamp 2 is generated at the time of the terminal registration server 30 '(S307), and the time stamp 2, the random value, and the initial key are encrypted with the temporary key calculated by the terminal registration server 30' (S308). Here, the encrypted data 2 becomes the server authentication token.

Then, the terminal registration server 30 'transmits the generated server authentication token to the payment terminal 10 (S309).

Meanwhile, the settlement terminal 10 verifies the server authentication token received from the terminal registration server 30 '(S107 to S109).

Specifically, after decrypting the encrypted encrypted data 2 including the time stamp 2, the random value, and the initial key using the temporary key (S107), the time stamp 2 is verified (S108).

Next, the random number generated by the payment terminal 10 is compared with the decoded random value to verify the integrity (S109).

If the server authentication is successful, the settlement terminal 10 generates a built-in key using the decrypted initial key (S110), and stores it in the nonvolatile storage (S111).

Subsequently, the settlement terminal 10 stores the key serial number (S112) and deletes the initial key (S113).

As described above, in the embodiment of the present invention, the payment terminal 10 and the terminal registration server 30 'communicate with each other in mutual authentication method. The terminal registration server 30 'verifies the integrity using the time stamp and the server authentication information, and the payment terminal 10 verifies the integrity using the time stamp and the random value.

Here, the payment terminal 10 and the terminal registration server 30 'are mutually authenticated using the mutual authentication method, thereby not only issuing the initial registration of the settlement terminal 10 but also newly issuing the initial key and updating the built-in key And the update of the security library installed in the payment terminal 10 or the updating of the software can be performed online while maintaining the security.

Hereinafter, the process of the settlement server 30 processing the settlement request of the settlement terminal 10 in the settlement method described with reference to FIG. 2 will be described in more detail. See FIG. 5 for this purpose. 5 is a diagram illustrating a general transaction process using a payment system according to an embodiment of the present invention.

When the payment terminal 10 is activated, the embedded key set and the key serial number stored in the non-volatile storage are loaded (S121).

The settlement terminal 10 generates an encryption key using the loaded built-in key set, the key serial number, and the security library stored in the settlement terminal 10 (S122). At this time, the settlement terminal 10 updates the counter value and the built-in key set included in the key serial number and stores it in the non-volatile storage again. At this time, the built-in key set is updated each time a new encryption key is generated.

Subsequently, the settlement terminal 10 encrypts the plaintext data using the generated encryption key (S123).

The settlement terminal 10 transmits the encrypted plaintext data, that is, the encrypted data and the key serial number to the payment server 30 (S124).

 Accordingly, the payment server 30 receives and stores the encrypted data and the key serial number, and extracts the device ID included in the key serial number (S321).

Subsequently, the payment server 30 retrieves the initial key stored in the cache by using the extracted device ID (S322).

If the initial key is not found (S323), the key management server 20 can be separately requested (S324) and stored in the cache (S325). The payment server 30 can request the initial key by transmitting the device ID of the payment terminal 10 to the key management server 20. [

Here, the key management server 20 may generate the initial key (S221) and provide the initial key to the payment server 30 (S222) only when the device ID is pre-registered or meets predetermined conditions. It is needless to say that an initial key may be generated and provided for all requests according to the embodiment.

The payment server 30 calculates a built-in key set for the payment terminal 10 using the initial key (S326), and calculates an encryption key using the built-in key and the key serial number (S327).

Subsequently, the payment server 30 decrypts the encrypted data using the calculated encryption key (S328). Accordingly, the payment server 30 can directly or indirectly determine whether the transaction has been approved by using the acquired plain text data, and transmit the approval or disapproval of the transaction to the settlement terminal 10.

The key management server 20 according to the embodiment of the present invention generates the encryption decryption key and transmits it to the payment terminal 10 or the payment server 30 ) Is an appliance-type key management system that enables encryption and decryption of data linked with an application program installed in the Internet.

Specifically, with respect to key generation, storage, and revocation, a password or certificate use method is adopted for administrator authentication, and security is ensured by adopting a proven cryptographic module or digital signature method, respectively.

The electronic signature system is also verified for authentication when communicating with an application program installed in the payment server 30 and uses a base key to generate the initial key issued to the payment server 30 or the payment terminal 10 Separate the base key so that it is not exposed to the outside. Also, do not store the initial key separately, and use a base key whenever necessary to perform a new operation.

Further, the validated cryptographic module is used for storing the key stored in the payment server 30.

Meanwhile, in the embodiment of the present invention, the key management server 20 is constructed in a redundant structure and can include two independent hardware servers, so that even if one server fails, another server can be driven have. To do this, you can have two servers and a hotline between them so that the two servers are automatically synchronized.

Embodiments of the present invention may also be embodied in the form of a recording medium including instructions executable by a computer, such as program modules, being executed by a computer. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium can include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes any information delivery media, including computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transport mechanism.

Embodiments of the invention may also be embodied in a computer program (or computer program product) containing instructions executable by a computer. A computer program includes programmable machine instructions that are processed by a processor and can be implemented in a high-level programming language, an object-oriented programming language, an assembly language, or a machine language . The computer program may also be recorded on a computer readable recording medium of a type (e.g., memory, hard disk, magnetic / optical medium or solid-state drive).

Thus, embodiments of the present invention may be implemented by a computer program as described above being executed by a computing device. The computing device may include a processor, a memory, a storage device, a high-speed interface connected to the memory and a high-speed expansion port, and a low-speed interface connected to the low-speed bus and the storage device. Each of these components is connected to each other using a variety of buses and can be mounted on a common motherboard or mounted in any other suitable manner.

Where the processor may process instructions within the computing device, such as to display graphical information to provide a graphical user interface (GUI) on an external input, output device, such as a display connected to a high speed interface And commands stored in memory or storage devices. As another example, multiple processors and / or multiple busses may be used with multiple memory and memory types as appropriate. The processor may also be implemented as a chipset comprised of chips comprising multiple independent analog and / or digital processors.

The memory also stores information within the computing device. In one example, the memory may comprise volatile memory units or a collection thereof. In another example, the memory may be comprised of non-volatile memory units or a collection thereof. The memory may also be another type of computer readable medium such as, for example, a magnetic or optical disk.

And the storage device can provide a large amount of storage space to the computing device. The storage device may be a computer readable medium or a configuration including such a medium and may include, for example, devices in a SAN (Storage Area Network) or other configurations, and may be a floppy disk device, a hard disk device, Or a tape device, flash memory, or other similar semiconductor memory device or device array.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

Claims (17)

A settlement server, and a settlement server, the settlement server performing a settlement process by a key management server that issues a unique key for each settlement terminal shared by the settlement terminal and the settlement server for encrypting the encrypted data transmitted and received between the settlement terminal and the settlement server,
Receiving a key issuing request transmitted from the payment server, the key issuing request including a device ID of an arbitrary payment terminal;
Determining whether or not a key is issued based on at least one of an operating entity of the payment server or a device ID of an arbitrary payment terminal; And
Selectively generating a unique key for an arbitrary payment terminal based on a device ID of a payment terminal and a base key stored in the key management server according to a result of the determining, and providing the unique key to the payment server; / RTI > The method according to claim 1,
Wherein the determining comprises:
If the operating entity of the payment server is a predetermined operating entity, determining to issue the unique key for the arbitrary payment terminal. The method according to claim 1,
Wherein the determining comprises:
And issuing a unique key for the arbitrary payment terminal if the subject paying the arbitrary payment terminal based on the device ID of the arbitrary payment terminal is a predetermined operating entity. . The method according to claim 1,
Wherein the determining comprises:
If the device ID of the arbitrary payment terminal is the device ID registered in the key management server, determining to issue the unique key for the arbitrary payment terminal. The payment terminal and the payment server provide a unique key for each payment terminal shared by the payment terminal and the payment server for encrypting the encrypted data transmitted and received between the payment terminal and the payment server, A terminal registration server for requesting the unique key from the key management server and providing the unique key to the payment terminal,
Receiving a key issuance or update request transmitted from the payment terminal, the request including a device ID of the payment terminal;
Requesting the key management server to issue a unique key to the payment terminal using the device ID of the payment terminal included in the key issuance or update request; And
And providing encrypted data 2 generated by encrypting the unique key to the payment terminal when the unique key for the payment terminal is issued from the key management server. 6. The method of claim 5,
Wherein the key issuing or renewal request received from the settlement terminal includes:
The encrypted data 1 encrypted with the value including the server authentication information stored in the payment terminal and the time stamp generated by the payment terminal, the device ID of the payment terminal, and the temporary key used to encrypt the encrypted data 1 The variable value to be used is included,
The method comprises:
Further comprising the step of verifying the time stamp and the server authentication information obtained by decrypting the encrypted data 1 with the temporary key. The method according to claim 6,
The encrypted data 2 includes,
A time stamp generated by the terminal registration server, a device ID of the payment terminal, and data obtained by encrypting the unique key. The method according to claim 6,
The method comprises:
And generating a temporary key with the variable value and the device ID of the payment terminal. A settlement server that shares a unique key corresponding to the settlement terminal with the settlement terminal for decrypting the encrypted data received from the settlement terminal performs a transaction approval procedure according to a settlement request of the settlement terminal,
Receiving a payment request from the payment terminal;
Retrieving a unique key for the payment terminal using the device ID of the payment terminal included in the payment request;
Transmitting a key issuing request including the device ID of the payment terminal to the key management server if the unique key for the payment terminal is not stored;
Storing a received unique key in a cache when the unique key corresponding to the key issuance request is received from the key management server;
And decrypting the encrypted data included in the payment request using the inherent key. 10. The method of claim 9,
The method comprises:
Further comprising the step of determining a decoding method based on a format of the payment request received in the receiving step or a device ID included in the payment request,
Selectively retrieving the unique key only when the decryption method determined in the determining step is a predetermined first method, transmitting the key issuing request, storing the inherent key in a cache, And decrypting the data. 10. The method of claim 9,
Wherein the step of decrypting the encrypted data comprises:
Calculating a built-in key set corresponding to the payment terminal using the unique key and the key serial number included in the payment request; And
And decrypting the encrypted data with an encryption key calculated using the computed built-in key set. 12. The method of claim 11,
The key-
And transaction counter information generated by the payment terminal and indicating a device ID of the payment terminal and a transaction count of the payment terminal,
And the encryption key is calculated based on the built-in key set and the transaction counter information. Requesting a settlement server sharing a unique key corresponding to the settlement terminal with the settlement terminal to decrypt the encrypted data received from the settlement terminal, and requesting settlement terminal that requests the terminal registration server to issue or update the unique key Lt; / RTI >
The terminal registration server is used to encrypt the encrypted data 1, the device ID of the payment terminal, and the encrypted data 1, the encrypted data 1 including the server authentication information stored in the payment terminal and the time stamp generated by the payment terminal, Transmitting a unique key issuance or update request including a variable value used to generate the temporary key;
Receiving encrypted data 2 including an encrypted unique key from the terminal registration server;
Decrypting the received encrypted data 2 with the temporary key to obtain the unique key; And
Computing a built-in key set using the unique key and storing the built-in key set. 14. The method of claim 13,
The encrypted data 2 includes,
A time stamp generated by the terminal registration server, a device ID of the payment terminal, and data obtained by encrypting the unique key,
The method comprises:
Further comprising the step of verifying the time stamp generated by the terminal registration server obtained by decrypting the encrypted data 2 and the device ID of the payment terminal. A plurality of payment servers including a first payment server and a second payment server for sharing the unique key corresponding to the payment terminal with the payment terminal to decrypt the encrypted data received from the payment terminal, Performed by the payment terminal,
Transmitting a first settlement request to the second settlement server;
A built-in key set and a key serial number to generate a second payment request for the first payment server when a response to the first payment request is not received from the second payment server or a network error signal is received Loading;
Calculating an encryption key using the loaded built-in key set and the key serial number, and encrypting the plaintext data including the financial transaction card information with the encryption key to generate encrypted data; And
And transmitting a second payment request including the encrypted data and the key serial number to a first payment server. 16. The method of claim 15,
The method comprises:
Further comprising the step of updating the built-in key set using the encryption key after the step of generating the encrypted data, and updating the transaction counter information included in the key serial number. 16. The method of claim 15,
Wherein the loading step comprises:
If the built-in key set for generating the second settlement request is not stored or the issuance of a unique key for the entire update of the built-in key set is required, a key including a device ID of the settlement terminal Transmitting an issuing or renewal request;
Receiving a unique key for the payment terminal from the terminal registration server; And
And computing and storing the built-in key set using the inherent key.

Images