KR101838890B1 - Transaction System of Card Information, Payment Server and Card Terminal therefor - Google Patents
Transaction System of Card Information, Payment Server and Card Terminal therefor Download PDFInfo
- Publication number
- KR101838890B1 KR101838890B1 KR1020150110213A KR20150110213A KR101838890B1 KR 101838890 B1 KR101838890 B1 KR 101838890B1 KR 1020150110213 A KR1020150110213 A KR 1020150110213A KR 20150110213 A KR20150110213 A KR 20150110213A KR 101838890 B1 KR101838890 B1 KR 101838890B1
- Authority
- KR
- South Korea
- Prior art keywords
- card
- information
- sector
- request
- key
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention relates to a card information transaction system, which provides a payment server separately disposed from a card terminal, wherein the payment server generates a security access key value capable of hierarchically accessing two or more pieces of card information in the card, And decrypts the encrypted card information received from the card terminal and transmits the decrypted card information to the payment server or the card company server to perform the transaction approval, so that the card information may not be exposed to the card terminal.
Description
The present invention relates to a card information transaction system, more specifically, a card capable of securely managing various information relating to card transaction approval using a payment server formed separately from a card terminal, and capable of providing a payment service using a card using the same An information transaction system, and a payment server and a card terminal for the information transaction system.
Recently, a variety of cards such as credit cards and transportation cards have been used to provide various services such as financial services, transportation services, and e-commerce services.
These cards store card information related to the corresponding service, and services are provided using a card terminal that reads the card information and intermediates information with related service systems (servers, etc.).
For example, when the card is a credit card, various card information such as a credit card number, an expiration date, an issuer (card company) information such as credit card information is stored in the credit card, After reading the card information, credit card authorization and settlement services are performed across the VAN system and the payment system.
In the conventional card transaction technology, the card terminal decrypts and recognizes the card information encrypted and stored in the card when the card is issued, and transmits the card information to the approval server or the payment server. Therefore, Information can be recognized.
In some card services, a unique card terminal is used for each card issuer. In such a case, it is not a big problem that the card terminal recognizes the information of the card. However, since the card terminal management / It is common.
In this manner, in a situation where one card terminal is simultaneously used for providing card services of various issuers and the card terminal management / operating company is different from the card issuing company, it is not preferable that the card terminal recognize card information of all the cards.
More specifically, in Korean Patent No. 270615, an antenna for transmitting and receiving a radio frequency signal for accessing information stored in a memory area of a card, and a reader for detecting the read information of the card by demodulating the radio frequency signal received through the antenna, A plurality of wireless security modules (SAM) for extracting a code number system and its identification number from the card reading information demodulated by the wireless core module to verify the card and generate additional information, A serial or parallel interface between the module and the plurality of wireless security modules is performed to transmit the card read information detected by the wireless core module to a plurality of wireless security modules according to a predetermined information transmission method, And transmits the generated information to the wireless core module, And a wireless multi-access control means for controlling a card memory access operation in the card.
Korean Patent No. 338189 owned by the present applicant discloses that a card terminal includes a plurality of security access modules for a plurality of card issuers and when payment of a card usage fee is requested from a card, A technique is known in which the card information is read out through the connection module and then the payment for the card usage is performed.
As described above, in these conventional systems, since the card terminal reads the card information from the card and transmits the card information to the corresponding service server or the main system, there is a risk of card information leakage according to the card terminal, Can be a big problem in an environment that handles many kinds of cards.
The present invention has been proposed in this respect and is intended to provide a card service without exposing card information to the card terminal.
In view of the above, it is an object of the present invention to provide a system for securely managing card information.
Another object of the present invention is to provide a payment server capable of communicating with a card terminal, wherein the payment server manages approval information such as a security access key for reading card information at various stages of card use, To the card terminal so as not to be exposed to the card terminal.
Another object of the present invention is to provide a payment server separately disposed from a card terminal, wherein the payment server generates a security access key value capable of hierarchically accessing two or more pieces of card information in the card and transmits the security access key value to the card terminal, And transmits the decrypted encrypted card information to the card company server to perform transaction approval, thereby providing a payment server for the card information transaction in which the card information is not exposed to the card terminal.
It is another object of the present invention to provide a payment server separately disposed from a card terminal, wherein the payment server generates modulation confirmation information based on a chip serial number and request time information when transmitting / receiving various information required for card approval, And verifying whether or not the transmitted / received data is forged or falsified by verifying the card information.
Another object of the present invention is to provide a card terminal that is connected to a card in a non-contact manner and intermediates a card transaction, receives a security access key for accessing a security authentication code or encrypted card information stored in a card, It is an object of the present invention to provide a card information transaction system in which a card terminal can not recognize decrypted card information by performing an approval procedure.
In order to achieve the above object, an embodiment of the present invention sequentially generates a first sector secure connection key generation request signal and a second sector secure connection key generation request signal and transmits the signal to a payment server connected to a communication network, A secure connection key management unit receiving a first sector secure connection key (S0 Key) and a second sector secure connection key (S12 Key) as a response to the first sector secure connection key and the second sector A card information reading unit that reads the security authentication code (Ccode) and the encrypted card information stored in the first sector (So) and the second sector (S12) of the card using the security access key; And an approval processing unit for generating a card approval request signal including the encrypted card information and the transaction information read from the authentication server and transmitting the card approval request signal to the payment server and receiving a card approval result in response thereto, It provides security card for terminal transaction system.
According to another embodiment of the present invention, a first sector secure connection key (S0 Key) and a second sector secure connection key (S12 Key) are generated and transmitted according to a first request and a second request which are sequentially transmitted from a communicating card terminal And generating a first modulation acknowledgment information (ATC1) using a chip serial number (CSN) of a card included in the first request and a first request time (t1) of the first request as variables, And generates second modulation confirmation information (ATC2) using the chip serial number (CSN) of the card included in the second request and the second request time (t2) of the second request as variables, The first modulation acknowledgment information (ATC1) transmitted in the second request, and the second modulation acknowledgment information (ATC1) transmitted in the card approval request signal from the card terminal ATC) to be modulated. (ATC) verification unit, a security verification code (Ccode) verification unit for verifying a security certificate code (Ccode) of a card transmitted in the second request, and a second verification unit And a card information decryption unit for decrypting the encrypted card information included in the card approval request signal and extracting the decrypted card information only when it is verified.
According to another embodiment of the present invention, a card for storing the security authentication code and the encrypted card information in the first sector S0 and the second sector S12, respectively, and a card terminal connected to the card in contact or non- And generates a first sector security access key and a second sector security access key in response to a first request and a second request that are sequentially transmitted from the communicating card terminal and responds to the card terminal, And transmits the encrypted card identification information to the card terminal, verifies the modulation confirmation information transmitted from the card terminal, verifies the security authentication code transmitted from the card terminal, decrypts the encrypted card information transmitted from the card terminal, And a payment server for receiving the payment information.
According to the embodiment of the present invention to be described below, the card terminal recognizes only the chip serial number (CSN) and the security authentication code (C code) of the card in the process of approving the card or accepting the transaction for the card transaction The card information such as the card number, the expiration date, and the password, which are important personal security information used for card authentication, can be obtained only in an encrypted state. Therefore, it is possible to prevent the card information from being leaked It is effective.
In addition, the billing server generates and verifies the modulation / verification information based on the chip serial number and the request time information when transmitting / receiving various information required for card approval, thereby checking whether the transmitted / received data is falsified or not, Can be improved.
1 is an overall configuration diagram of a card information transaction system according to an embodiment of the present invention.
FIG. 2 is a detailed block diagram of a card terminal and a card in a card information transaction system according to an embodiment of the present invention.
3 is a block diagram of internal functions of a payment server in a card information transaction system according to an embodiment of the present invention.
4 shows an information flow in a card information transaction system according to an embodiment of the present invention.
Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. In the drawings, like reference numerals are used to denote like elements throughout the drawings, even if they are shown on different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.
In describing the components of the present invention, terms such as first, second, A, B, (a), and (b) may be used. These terms are intended to distinguish the components from other components, and the terms do not limit the nature, order, order, or number of the components. When a component is described as being "connected", "coupled", or "connected" to another component, the component may be directly connected or connected to the other component, Quot; intervening "or that each component may be" connected, "" coupled, "or " connected" through other components.
1 is an overall configuration diagram of a card information transaction system according to an embodiment of the present invention.
The card information transaction system according to an embodiment of the present invention includes a
In addition, the
Hereinafter, each component constituting the card information transaction system according to the embodiment of the present invention will be described in detail.
The
The
The short-range wireless communication that connects the
Meanwhile, the storage space (110 in FIG. 2) inside the chip included in the
More specifically, the storage space of the card includes a first sector (112 in FIG. 2) and a second sector (114 in FIG. 2) that can be represented by S12, A security certificate code (C code) for performing a second authentication process according to the invention is stored, and encrypted card information is stored in the second sector S12.
The security authentication code (Ccode) is data having a certain length (Byte) and can be expressed by the first authentication information, and is a value uniquely assigned to the card.
In addition, in the second sector, in addition to the security authentication code, card issuer information which is information on an issuer of the card may be additionally stored.
The encrypted card information stored in the second sector S12 is information necessary for card transaction approval such as a card number, an expiration date, and a password. Since the card information is important security information, it is encrypted And is stored in the second sector S12.
On the other hand, as will be described later, the
A chip serial number (CSN), which is unique identification information of a chip included in the
In recent years, when a portable electronic device such as a smart phone has a built-in card function, the
The
The
That is, the first sector secure key (SO key) and the second sector secure key (S12 Key) of the present invention are stored in the first sector S0 and the second sector S12 of the card storage space, And is stored in the first sector S0 and the second sector S12 of the card only by the first sector security key SO and the second sector security key S12 Key, It is possible to extract a certificate code (C code) and encrypted card information.
The first sector security key (SO Key) and the second sector security key (S12 Key) may be calculated by a specific security access key generation algorithm according to the chip serial number (CSN), as described later.
Accordingly, the security access key generation algorithm is stored in the
The
The
In the present specification, the first sector secure connection request signal (SO Key Req.) And the second sector secure connection request signal (S12 Key Req.) Are abbreviated as "first request" and "second request" can do.
(CSN) of the corresponding card may be included in the first request or the first sector security access key request signal (SO Key Req.), And the second sector security access key request signal (S12 Key Req.) May include the chip serial number The first modulation acknowledgment information (ATC1) received from the payment server in response to the first sector secure connection key request and the first request time t1 information in which the first request is made .
As described in more detail below, the modulation confirmation information used in the present invention is information for confirming integrity or modulation of data transmitted and received in the first request, second request, etc., and includes a request time and a chip serial number (ATC) including an Authorization Code (AC) and a Transaction Code (TC) generated by a modulation acknowledgment information arithmetic algorithm specific to a Chip Serial Number (CSN).
This modulation acknowledgment information (ATC) is generated by the
On the other hand, the modulation acknowledgment information calculation algorithm for generating the modulation acknowledgment information (ATC) based on the chip serial number (CSN) and the request time (t) is not limited.
Also, an authorization code (AC) and a transaction code (TC) constituting the modulation acknowledgment information (ATC) indicate whether the first request or the second request is approved, completed or failed Information, and the transaction code TC may be information for identifying the first request and the second request.
However, such an AC code and a transaction code TC may not be distinguished from each other, and may be integrally expressed as string data of a predetermined length.
In addition, the
In addition to the encrypted card information read out, the card approval request signal includes the second modulation confirmation information (ATC2) received from the payment server as a response to the second request, the chip serial number (CNS) of the card and the second request time t2) information can be further included.
The
FIG. 2 is a detailed block diagram of a card terminal and a card in a card information transaction system according to an embodiment of the present invention.
Referring to FIG. 2, the internal structure of the card terminal according to the present embodiment will be further described.
The
The
Among them, the
More specifically, the
The secure access
The secure access
As described above, the first modulation confirmation information (ATC1) and the second modulation confirmation information (ATC2) allow the
The functions of the components constituting the card terminal will be described in more detail in a time series.
First, when there is a transaction request from the card, the security access
Next, the card
The secure access
The card
Then, the
The card approval result message may include an approval number and transaction number information, and the
If the
The
3 is a block diagram of internal functions of a payment server in a card information transaction system according to an embodiment of the present invention.
The
Referring to FIG. 3, the detailed configuration of the
The
The encryption decryption security access module server (EDSAM) 320 may be implemented as a single server or a system in a physical or software manner, May be implemented as a software module.
The encryption / decryption security access module server (EDSAM) 320 further includes a security access
The secure connection
The manner in which the security access
For example, if the chip serial number (CSN) is 12345678 and the secure access key generation algorithm is (SNx3) +126 / 250, the security access key value is Quot; 3703716 ". Here, the example of the security access key generation algorithm is described by a simple numerical operation structure. However, when various symbols and characters are applied and a complicated operation scheme is applied, the security of the card security access key value can be further strengthened.
In the security access key generation algorithm, the same algorithm may be stored in the
Accordingly, when the card terminal receives the first sector secure connection key (S0 Key) in response to the first request and then attempts to access the first sector of the card using the first sector secure connection key (S0 Key), the card responds to its first sector The first sector security access key (S0 Key) is generated in real time and compared with the first sector security access key (S0 Key) stored in advance or can be compared with the previously stored first sector secure access key (S0 Key).
Also, the security association key generation algorithm for generating the first sector security association key and the second sector security association key must be configured with different algorithms, respectively.
That is, in order to make the first sector security connection key and the second sector security connection key calculated from the same chip serial number (CSN) different from each other, the first sector security association key generation algorithm and the second sector security association key The generation algorithm for generation must be different.
The modulation confirmation
The modulation confirmation
The verification method of the modulation confirmation
Similarly, the modulation confirmation
Of course, the present invention is not limited to this scheme. The first and second modulation confirmation information (ATC1) and the second modulation confirmation information (ATC2) generated by the payment server in the operations according to the first request and the second request, (ATC1) and the second modulation confirmation information (ATC2) transmitted from the card terminal in the second request and the card approval request in a manner matching with the number (CNS) It is also possible to compare them.
The security authentication code (Ccode)
The
Accordingly, the security authentication
The card
To this end, the card
The card
At this time, an approval number and transaction information may be included in the card approval response signal transmitted from the
On the other hand, when the
This is because when an unauthorized card terminal reads an encrypted card information from a card and transmits an abnormal acknowledgment request or when a transmission time of an acknowledgment request signal abnormally increases due to a problem of a communication network or the like, .
For this, the
Accordingly, when the time difference between the confirmed second modulation confirmation information generation time or the second request time t2 and the current time point at which the card approval request signal is transmitted is equal to or larger than a predetermined threshold value, To respond.
In the present specification, it is assumed that the second request time t2 at which the second sector secure connection key generation request signal is transmitted and the second modulation acknowledgment information generation time at which the payment server generates the second modulation confirmation information are the same based on the second request time t2 .
In this case, the predetermined threshold value of the time difference may be determined to be a predetermined time, for example, 30 seconds to 3 minutes, and the time setting
1, a short-range wireless communication network such as NRC, Bluetooth, or the like may be used between the
Further, a 3G wireless communication network such as WCDMA or a next generation wireless communication network such as LTE (Long-Term Evolution) or LTE-A may be used between the
The
According to the method of the present invention as described above, when the
4 shows an information flow in a card information transaction system according to an embodiment of the present invention.
First, when a user connects a card to a card terminal to use a specific card service such as a payment service, the card terminal reads the card and reads the chip serial number (CSN) of the card. (S415)
Next, the card terminal generates a first sector secure connection request signal (S0 Key Req.) And transmits it to the payment server (S420). At this time, the first sector secure connection request signal (S0 Key Req.) Includes a chip serial CSN, and the time when the first sector secure connection request signal S0 Key Req. Is transmitted and received by the payment server is the first request time t1.
The first request time t1 may be determined as the time when the payment server receives the first request, but the card terminal may include the transmission time of the first request in the first request in the form of a timestamp will be.
The payment server receiving the first request generates a first sector secure connection key (S0 Key) using the first sector secure connection key generation algorithm using the received chip serial number (CSN) as an input value (S425).
In addition, the payment server generates the first modulation confirmation information ATC1 using the modulation confirmation information calculation algorithm based on the received chip serial number (CSN) and the first request time t1 (S425)
At this time, the modulation confirmation information calculation algorithm is a certain calculation scheme that uses the chip serial number (CSN) and the first request time t1 as input values, and is distinguished from the security access key generation algorithm described above.
The payment server generates a response signal (S0 Key Res.) Including the generated first sector security access key (S0 Key) and first modulation acknowledgment information (ATC1) and transmits it to the card terminal (S430)
The card terminal receives the response signal (S0 Key Res.) From the payment server, accesses the first sector of the card using the first sector security access key (S0 Key) included therein, and transmits the security authentication code (Ccode) (S440)
The card terminal generates a second sector secure connection key generation request signal (S12 Key Req.) Including the read security authentication code (Ccode) and transmits it to the payment server. (S445)
In addition to the security authentication code (Ccode), the second request signal (S12 Key Req.) Includes information on the chip serial number (CSN) of the card, the first request time t1 which transmitted the first request, The first modulation confirmation information (ATC1) received in response to the first modulation acknowledgment (ATC1) may be included.
Upon receipt of the second request, the payment server transmits the verification result of the first modulation confirmation information (ATC), the verification of the security authentication code (Ccode), the generation of the second sector security authentication key (S12 Key) And performs a generation operation. (S450)
The four operations performed after the payment server receives the second request will be described in detail as follows.
First, by verifying the integrity of the first modulation confirmation information (ATC1), it is determined whether or not the transmitted / received data is forged or falsified.
That is, the payment server uses the modulation confirmation information verifying unit to calculate the value derived from the modulation confirmation information calculation algorithm using the chip serial number (CSN) and the first request time t1 information included in the second request as variables, 2 request and directly received first modulation acknowledgment information (ATC1) are compared with each other, it can be determined that the first modulation acknowledgment information (ATC1) is verified only when they are the same.
Also, the payment server extracts the security authentication code (Ccode) of the card previously stored in the storage unit using the security authentication code (Ccode) verification unit, compares the security authentication code (Ccode) included in the second request with the value of the received security authentication code , It is determined that the authentication is successful only in the same case.
In addition, the payment server generates a second sector secure connection key (S12 Key) using the second sector secure connection key generation algorithm based on the chip serial number (CSN) included in the second request. In addition, the payment server generates the second modulation confirmation information ATC2 by applying the modulation confirmation information calculation algorithm based on the chip serial number CSN and the second request time t2.
Then, the payment server generates a response signal (S12 Key Res.) Including the generated second sector secure connection key (S12 Key) and the second modulation confirmation information (ATC2) to the card terminal (S455)
The card terminal receives the response signal (S12 Key Res.) From the payment server, accesses the second sector of the card by using the second sector security connection key (S12 Key) included therein, (Card number, expiration date, password, etc.) (S460)
Then, the card terminal generates a card approval request signal including the read encrypted card information and transaction information, and transmits the card approval request signal to the payment server. (S465)
At this time, in addition to the encrypted card information, the card approval request signal includes the chip serial number (CSN) of the card, the second request time t2, and the second modulation confirmation information ATC2 ) May be included.
The payment server receiving the card approval request signal performs verification of the second modulation confirmation information (ATC) and decryption of the card information. (S470)
More specifically, the payment server uses a modulation acknowledgment information verifying unit to verify the chip serial number (CSN) and the second request time (t2) information included in the card approval request signal as variables and a value derived from the modulation confirmation information calculation algorithm And the second modulation confirmation information (ATC2) included in the card approval request signal and directly received, and determines that the second modulation confirmation information (ATC2) is verified only when they are the same.
Only when the second modulation confirmation information (ATC2) is verified, the payment server decrypts the received card information using a known decryption algorithm, and stores the decrypted card information, that is, the card number, The card information is extracted.
Then, the payment server transmits the decrypted card information and the transaction information to the card company server to request card approval, and receives the result. (S475) The approval result message received from the card company server includes approval information, approval number, May be included.
The payment server generates a card approval result signal based on the approval result information received from the card issuer server and transmits it to the card terminal. (S480) At this time, an approval number and transaction number information may be included in the card approval result signal transmitted from the payment server to the card terminal.
Of course, as described above, in step S470, when the time difference between the confirmed second modulation confirmation information generation time or the second request time t2 and the current time point at which the card approval request signal is transmitted is greater than or equal to a predetermined threshold value It is possible to respond to reject the card approval without decrypting the card information or requesting card approval from the card company server.
As described above, in the card information transaction system according to the embodiment of the present invention, when the card terminal confirms the card serial number (CSN) and the certificate authentication code Ccode) can be recognized, and card information such as a card number, an expiration date, and a password, which are important personal security information used for card approval, can be obtained only in an encrypted state. Therefore, There is an effect that it can be prevented originally.
In addition, the billing server generates and verifies the modulation / verification information based on the chip serial number and the request time information when transmitting / receiving various information required for card approval, thereby checking whether the transmitted / received data is falsified or not, Can be improved.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the appended claims. , Separation, substitution, and alteration of the invention will be apparent to those skilled in the art. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.
100: card 200: card terminal
300: payment server 400: card company server
112: first sector (S0) 114: second sector (S12)
320: Encryption Decryption Secure Access Module Server (EDSAM)
220: authentication application unit 222: security access key management unit
224: card information reading unit 226:
322: security access key management unit 324: modulation confirmation information generation unit
326: Modulation confirmation information verifying unit 327: Time setting management unit
328: Security Authentication Code Verification Unit 329: Card Information Decryption Unit
Claims (13)
The secure authentication code (Ccode) stored in the first sector (S0) and the second sector (S12) of the card and the encrypted authentication code (Ccode) stored in the second sector (S12) of the card using the first sector secure connection key and the second sector secure connection key transmitted from the payment server A card information reading unit for reading information;
Second modulation confirmation information (ATC2) received in response to the encrypted card information read out from the second sector of the card, the transaction information, and the second sector secure connection key generation request signal, Generates a card approval request signal including a serial number (CSN) of the second sector and a second request time (t2) of the second sector secure connection key generation request signal, and transmits the card approval request signal to the payment server, An acceptance processing unit for receiving the request;
And a card terminal for a card information transaction system.
The second sector secure connection key generation request signal includes first security confirmation code (Ccode), first modulation acknowledgment information (ATC1) received in response to the first sector secure connection key generation request signal, A serial number (CSN) and a first request time (t1) of the first sector secure connection key generation request signal.
Generates first modulation acknowledgment information (ATC1) using the chip serial number (CSN) of the card included in the first request and the first request time (t1) of the first request as variables, 2 generates second modulation acknowledgment information (ATC2) using the chip serial number (CSN) of the card included in the second request and the second request time (t2) of the second request as parameters and generates modulation acknowledgment information for transmission to the card terminal part;
A modulation acknowledgment (ATC1) for verifying whether or not the second modulation acknowledgment information (ATC2) included in the card grant request signal transmitted from the card terminal and modulated by the first modulation acknowledgment information An information (ATC) verification unit;
A security authentication code (Ccode) of a card transmitted in the second request and a security authentication code (CID) read in a storage unit based on a chip serial number (CSN) of the card transmitted in the second request A security verification code (Ccode) verifying unit for verifying a security certificate code (Ccode) of a card included in the second request by comparing the value of information;
A card information decryption unit for decrypting the encrypted card information included in the card approval request signal and extracting the decrypted card information only when the second modulation confirmation information (ATC2) is verified;
And a payment server for the card information transaction system.
Further comprising an approval processor for transferring the decrypted card information and transaction information to a card company server to perform a card approval procedure.
The first sector secure connection key (S0 Key) is a key for the card terminal to extract a security certificate code (Ccode) stored in the first sector (S0) of the card,
Wherein the second sector secure connection key (S12 Key) is a key for the card terminal to connect to the second sector (S12) of the card and extract the encrypted card information stored in the second sector Payment server for the system.
The secure connection key management unit manages a first sector security access key (SES) by using a chip sector serial number (CSN) of the card as an input value and a first sector security access key generation algorithm and a second sector security access key generation algorithm, S0 Key) and a second sector secure connection key (S12 Key).
The second request includes a chip serial number (CSN) and a first request time (t1)
The modulation confirmation information (ATC) verification unit may be configured to determine a value derived from the modulation confirmation information calculation algorithm using the chip serial number (CSN) and the first request time (t1) information included in the second request as variables, 2 request and compares directly received first modulation confirmation information (ATC1), and determines that the first modulation confirmation information (ATC1) is verified only when they are identical.
The card approval request signal includes a chip serial number (CSN) and a second request time (t2)
Wherein the modulation confirmation information (ATC) verifying unit is configured to determine a value derived from the modulation confirmation information calculation algorithm using the chip serial number (CSN) and the second request time (t2) information included in the card approval request signal as variables, The second modulation confirmation information (ATC2) included in the card approval request signal is directly compared with the second received modulation confirmation information (ATC2), and it is determined that the second modulation confirmation information (ATC2) .
The payment server compares the second request time (t2) included in the card approval request and transmitted and the present time, and adds a time setting management unit for managing card information decryption only when the difference is within a certain range And a payment server for the card information transaction system.
And sequentially generates a first request and a second request for requesting generation of a first sector secure connection key (S0 Key) and a second sector secure connection key (S12 Key) And reads the security authentication code and encrypted card information stored in the card using the first sector security access key (S0 Key) and the second sector security access key (S12 Key) received as a response thereto A card terminal for transmitting to the payment server;
A first sector security access key and a second sector security access key are generated in response to the first request and the second request which are sequentially transmitted from the card terminal connected and communicated in order to respond to the card terminal, And generates and transmits modulation confirmation information to the card terminal based on the chip serial number CSN of the first request and the first request time t1 of the first request or the second request time t2 of the second request, Verifying the modulation confirmation information transmitted in the first request and the second request transmitted from the terminal, verifying the security authentication code transmitted from the card terminal, decrypting the encrypted card information transmitted from the card terminal A payment server;
The card information transaction system comprising:
The modulation acknowledgment information includes an acknowledgment code generated by a modulation acknowledgment information arithmetic algorithm with the request time (t1, t2) of the first request or the second request and the chip serial number (CSN) of the card as variables An Authorization Code (AC), and a Transaction Code (TC).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150110213A KR101838890B1 (en) | 2015-08-04 | 2015-08-04 | Transaction System of Card Information, Payment Server and Card Terminal therefor |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150110213A KR101838890B1 (en) | 2015-08-04 | 2015-08-04 | Transaction System of Card Information, Payment Server and Card Terminal therefor |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170016738A KR20170016738A (en) | 2017-02-14 |
KR101838890B1 true KR101838890B1 (en) | 2018-03-15 |
Family
ID=58121252
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150110213A KR101838890B1 (en) | 2015-08-04 | 2015-08-04 | Transaction System of Card Information, Payment Server and Card Terminal therefor |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101838890B1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113936363B (en) * | 2021-11-15 | 2024-01-16 | 武汉虹信技术服务有限责任公司 | IC card data encryption method and system based on multi-sector encryption |
CN115471952B (en) * | 2022-09-29 | 2024-04-05 | 石家庄科林电气股份有限公司 | Card swiping authentication method for charging pile, charging pile and charging management system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100866608B1 (en) * | 2007-02-15 | 2008-11-04 | 고려대학교 산학협력단 | System and Method for mutual authentication between a remote user and a server using a mobile device, Recording medium thereof |
KR101481407B1 (en) * | 2014-02-04 | 2015-01-14 | 신남규 | Method for transacting financial by using smart card |
-
2015
- 2015-08-04 KR KR1020150110213A patent/KR101838890B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100866608B1 (en) * | 2007-02-15 | 2008-11-04 | 고려대학교 산학협력단 | System and Method for mutual authentication between a remote user and a server using a mobile device, Recording medium thereof |
KR101481407B1 (en) * | 2014-02-04 | 2015-01-14 | 신남규 | Method for transacting financial by using smart card |
Also Published As
Publication number | Publication date |
---|---|
KR20170016738A (en) | 2017-02-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107925572B (en) | Secure binding of software applications to communication devices | |
US8346672B1 (en) | System and method for secure transaction process via mobile device | |
EP2526514B1 (en) | Method, device and system for securing payment data for transmission over open communication networks | |
US20200394657A1 (en) | Method and system for authenticating iot device using mobile device | |
KR101330867B1 (en) | Authentication method for payment device | |
AU2012265824B2 (en) | A transaction system and method for use with a mobile device | |
US20160182543A1 (en) | Software tampering detection and reporting process | |
CN107784499B (en) | Secure payment system and method of near field communication mobile terminal | |
CN104838398A (en) | System and method for secure remote access and remote payment using a mobile device and a powered display card | |
US20120303534A1 (en) | System and method for a secure transaction | |
US20230252451A1 (en) | Contactless card with multiple rotating security keys | |
US20180240113A1 (en) | Determining legitimate conditions at a computing device | |
CN104835038A (en) | Networking payment device and networking payment method | |
KR101838890B1 (en) | Transaction System of Card Information, Payment Server and Card Terminal therefor | |
US10616262B2 (en) | Automated and personalized protection system for mobile applications | |
KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
KR20200013494A (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
KR20150017374A (en) | Method for Settlement by using IC Chip | |
US10248947B2 (en) | Method of generating a bank transaction request for a mobile terminal having a secure module | |
KR101626962B1 (en) | Transaction System of Card Information and Encryption/Decryption Server therefor | |
KR101700833B1 (en) | Card User Authentication System and Authentication Server and Portable Device for the same | |
WO2014104434A1 (en) | Method for processing issuance of mobile credit card | |
JP2006215699A (en) | Authentication apparatus, authentication system, authentication support system and function card | |
KR101682678B1 (en) | Card Transaction System and Encryption/Decryption Server for the same | |
KR20140007628A (en) | Method for mobile banking of account transfer using security confirmation processing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
A302 | Request for accelerated examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application | ||
J201 | Request for trial against refusal decision | ||
J301 | Trial decision |
Free format text: TRIAL NUMBER: 2016101003724; TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20160624 Effective date: 20180123 |
|
S901 | Examination by remand of revocation | ||
GRNO | Decision to grant (after opposition) | ||
GRNT | Written decision to grant |