KR101838890B1 - Transaction System of Card Information, Payment Server and Card Terminal therefor - Google Patents

Transaction System of Card Information, Payment Server and Card Terminal therefor Download PDF

Info

Publication number
KR101838890B1
KR101838890B1 KR1020150110213A KR20150110213A KR101838890B1 KR 101838890 B1 KR101838890 B1 KR 101838890B1 KR 1020150110213 A KR1020150110213 A KR 1020150110213A KR 20150110213 A KR20150110213 A KR 20150110213A KR 101838890 B1 KR101838890 B1 KR 101838890B1
Authority
KR
South Korea
Prior art keywords
card
information
sector
request
key
Prior art date
Application number
KR1020150110213A
Other languages
Korean (ko)
Other versions
KR20170016738A (en
Inventor
채정희
우윤선
Original Assignee
주식회사 세한알에프시스템
채정희
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 세한알에프시스템, 채정희 filed Critical 주식회사 세한알에프시스템
Priority to KR1020150110213A priority Critical patent/KR101838890B1/en
Publication of KR20170016738A publication Critical patent/KR20170016738A/en
Application granted granted Critical
Publication of KR101838890B1 publication Critical patent/KR101838890B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a card information transaction system, which provides a payment server separately disposed from a card terminal, wherein the payment server generates a security access key value capable of hierarchically accessing two or more pieces of card information in the card, And decrypts the encrypted card information received from the card terminal and transmits the decrypted card information to the payment server or the card company server to perform the transaction approval, so that the card information may not be exposed to the card terminal.

Figure R1020150110213

Description

[0001] The present invention relates to a card information transaction system and a payment server and a card terminal therefor,

The present invention relates to a card information transaction system, more specifically, a card capable of securely managing various information relating to card transaction approval using a payment server formed separately from a card terminal, and capable of providing a payment service using a card using the same An information transaction system, and a payment server and a card terminal for the information transaction system.

Recently, a variety of cards such as credit cards and transportation cards have been used to provide various services such as financial services, transportation services, and e-commerce services.

These cards store card information related to the corresponding service, and services are provided using a card terminal that reads the card information and intermediates information with related service systems (servers, etc.).

For example, when the card is a credit card, various card information such as a credit card number, an expiration date, an issuer (card company) information such as credit card information is stored in the credit card, After reading the card information, credit card authorization and settlement services are performed across the VAN system and the payment system.

In the conventional card transaction technology, the card terminal decrypts and recognizes the card information encrypted and stored in the card when the card is issued, and transmits the card information to the approval server or the payment server. Therefore, Information can be recognized.

In some card services, a unique card terminal is used for each card issuer. In such a case, it is not a big problem that the card terminal recognizes the information of the card. However, since the card terminal management / It is common.

In this manner, in a situation where one card terminal is simultaneously used for providing card services of various issuers and the card terminal management / operating company is different from the card issuing company, it is not preferable that the card terminal recognize card information of all the cards.

More specifically, in Korean Patent No. 270615, an antenna for transmitting and receiving a radio frequency signal for accessing information stored in a memory area of a card, and a reader for detecting the read information of the card by demodulating the radio frequency signal received through the antenna, A plurality of wireless security modules (SAM) for extracting a code number system and its identification number from the card reading information demodulated by the wireless core module to verify the card and generate additional information, A serial or parallel interface between the module and the plurality of wireless security modules is performed to transmit the card read information detected by the wireless core module to a plurality of wireless security modules according to a predetermined information transmission method, And transmits the generated information to the wireless core module, And a wireless multi-access control means for controlling a card memory access operation in the card.

Korean Patent No. 338189 owned by the present applicant discloses that a card terminal includes a plurality of security access modules for a plurality of card issuers and when payment of a card usage fee is requested from a card, A technique is known in which the card information is read out through the connection module and then the payment for the card usage is performed.

As described above, in these conventional systems, since the card terminal reads the card information from the card and transmits the card information to the corresponding service server or the main system, there is a risk of card information leakage according to the card terminal, Can be a big problem in an environment that handles many kinds of cards.

The present invention has been proposed in this respect and is intended to provide a card service without exposing card information to the card terminal.

In view of the above, it is an object of the present invention to provide a system for securely managing card information.

Another object of the present invention is to provide a payment server capable of communicating with a card terminal, wherein the payment server manages approval information such as a security access key for reading card information at various stages of card use, To the card terminal so as not to be exposed to the card terminal.

Another object of the present invention is to provide a payment server separately disposed from a card terminal, wherein the payment server generates a security access key value capable of hierarchically accessing two or more pieces of card information in the card and transmits the security access key value to the card terminal, And transmits the decrypted encrypted card information to the card company server to perform transaction approval, thereby providing a payment server for the card information transaction in which the card information is not exposed to the card terminal.

It is another object of the present invention to provide a payment server separately disposed from a card terminal, wherein the payment server generates modulation confirmation information based on a chip serial number and request time information when transmitting / receiving various information required for card approval, And verifying whether or not the transmitted / received data is forged or falsified by verifying the card information.

Another object of the present invention is to provide a card terminal that is connected to a card in a non-contact manner and intermediates a card transaction, receives a security access key for accessing a security authentication code or encrypted card information stored in a card, It is an object of the present invention to provide a card information transaction system in which a card terminal can not recognize decrypted card information by performing an approval procedure.

In order to achieve the above object, an embodiment of the present invention sequentially generates a first sector secure connection key generation request signal and a second sector secure connection key generation request signal and transmits the signal to a payment server connected to a communication network, A secure connection key management unit receiving a first sector secure connection key (S0 Key) and a second sector secure connection key (S12 Key) as a response to the first sector secure connection key and the second sector A card information reading unit that reads the security authentication code (Ccode) and the encrypted card information stored in the first sector (So) and the second sector (S12) of the card using the security access key; And an approval processing unit for generating a card approval request signal including the encrypted card information and the transaction information read from the authentication server and transmitting the card approval request signal to the payment server and receiving a card approval result in response thereto, It provides security card for terminal transaction system.

According to another embodiment of the present invention, a first sector secure connection key (S0 Key) and a second sector secure connection key (S12 Key) are generated and transmitted according to a first request and a second request which are sequentially transmitted from a communicating card terminal And generating a first modulation acknowledgment information (ATC1) using a chip serial number (CSN) of a card included in the first request and a first request time (t1) of the first request as variables, And generates second modulation confirmation information (ATC2) using the chip serial number (CSN) of the card included in the second request and the second request time (t2) of the second request as variables, The first modulation acknowledgment information (ATC1) transmitted in the second request, and the second modulation acknowledgment information (ATC1) transmitted in the card approval request signal from the card terminal ATC) to be modulated. (ATC) verification unit, a security verification code (Ccode) verification unit for verifying a security certificate code (Ccode) of a card transmitted in the second request, and a second verification unit And a card information decryption unit for decrypting the encrypted card information included in the card approval request signal and extracting the decrypted card information only when it is verified.

According to another embodiment of the present invention, a card for storing the security authentication code and the encrypted card information in the first sector S0 and the second sector S12, respectively, and a card terminal connected to the card in contact or non- And generates a first sector security access key and a second sector security access key in response to a first request and a second request that are sequentially transmitted from the communicating card terminal and responds to the card terminal, And transmits the encrypted card identification information to the card terminal, verifies the modulation confirmation information transmitted from the card terminal, verifies the security authentication code transmitted from the card terminal, decrypts the encrypted card information transmitted from the card terminal, And a payment server for receiving the payment information.

According to the embodiment of the present invention to be described below, the card terminal recognizes only the chip serial number (CSN) and the security authentication code (C code) of the card in the process of approving the card or accepting the transaction for the card transaction The card information such as the card number, the expiration date, and the password, which are important personal security information used for card authentication, can be obtained only in an encrypted state. Therefore, it is possible to prevent the card information from being leaked It is effective.

 In addition, the billing server generates and verifies the modulation / verification information based on the chip serial number and the request time information when transmitting / receiving various information required for card approval, thereby checking whether the transmitted / received data is falsified or not, Can be improved.

1 is an overall configuration diagram of a card information transaction system according to an embodiment of the present invention.
FIG. 2 is a detailed block diagram of a card terminal and a card in a card information transaction system according to an embodiment of the present invention.
3 is a block diagram of internal functions of a payment server in a card information transaction system according to an embodiment of the present invention.
4 shows an information flow in a card information transaction system according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. In the drawings, like reference numerals are used to denote like elements throughout the drawings, even if they are shown on different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

In describing the components of the present invention, terms such as first, second, A, B, (a), and (b) may be used. These terms are intended to distinguish the components from other components, and the terms do not limit the nature, order, order, or number of the components. When a component is described as being "connected", "coupled", or "connected" to another component, the component may be directly connected or connected to the other component, Quot; intervening "or that each component may be" connected, "" coupled, "or " connected" through other components.

1 is an overall configuration diagram of a card information transaction system according to an embodiment of the present invention.

The card information transaction system according to an embodiment of the present invention includes a card 100, a card terminal 200 connected to the payment server in a contactless or non-contact manner with the payment server through a wireless communication network, And a payment server 300 for performing a function of generating a security access key by the card terminal, a function of generating and verifying the modulation confirmation information, a function of decrypting the encrypted card information from the card terminal, and the like.

In addition, the payment server 300 may further include a card issuer server 400 that is connected to the payment server 300 through a dedicated communication network and performs credit card or transaction approval using the decrypted card information transmitted from the payment server.

Hereinafter, each component constituting the card information transaction system according to the embodiment of the present invention will be described in detail.

The card 100 includes all kinds of cards capable of performing financial services, transportation services, etc. in contact or non-contact with the card terminal such as a general credit card, a postponed type transportation card, and the like.

The card 100 may include at least one chip and may be an RF type card that is connected to the card terminal in a non-contact manner by near field wireless communication and can exchange data.

The short-range wireless communication that connects the card 100 and the card terminal 200 is not limited to RF, infrared communication, PAN communication, and Bluetooth communication, but is preferably a communication method conforming to the NFC (Near Field Communication) protocol.

   Meanwhile, the storage space (110 in FIG. 2) inside the chip included in the card 100 or the card is divided into two or more sectors, and hierarchical card-related information according to the degree of security can be stored in each sector.

More specifically, the storage space of the card includes a first sector (112 in FIG. 2) and a second sector (114 in FIG. 2) that can be represented by S12, A security certificate code (C code) for performing a second authentication process according to the invention is stored, and encrypted card information is stored in the second sector S12.

The security authentication code (Ccode) is data having a certain length (Byte) and can be expressed by the first authentication information, and is a value uniquely assigned to the card.

In addition, in the second sector, in addition to the security authentication code, card issuer information which is information on an issuer of the card may be additionally stored.

The encrypted card information stored in the second sector S12 is information necessary for card transaction approval such as a card number, an expiration date, and a password. Since the card information is important security information, it is encrypted And is stored in the second sector S12.

On the other hand, as will be described later, the payment server 300 stores a decryption algorithm corresponding to the encryption algorithm used to encrypt the card information.

A chip serial number (CSN), which is unique identification information of a chip included in the card 100, may be separately stored in the storage space of the card, and the chip serial number may be data of 4 bytes in length have.

In recent years, when a portable electronic device such as a smart phone has a built-in card function, the card 100 should be understood as a concept including such portable electronic devices, and a chip serial number (CSN) ), A security certificate code (Ccode), and encrypted card information.

The card terminal 200 is a terminal for accessing the card 100 and mediating the service using the information stored in the card. The card terminal 200 includes a general credit card terminal connected to the existing VAN communication network, a traffic card terminal , Or any other type of wireless card terminal or dongle terminal.

The card terminal 200 accesses the card 100 in the course of a transaction service, extracts various information stored in the card, and transmits the extracted information to the payment server. In particular, After receiving the connection key (SO Key) and the second sector security connection key (S12 Key), it can access the first sector (So) and the second sector (S12) of the card storage space.

That is, the first sector secure key (SO key) and the second sector secure key (S12 Key) of the present invention are stored in the first sector S0 and the second sector S12 of the card storage space, And is stored in the first sector S0 and the second sector S12 of the card only by the first sector security key SO and the second sector security key S12 Key, It is possible to extract a certificate code (C code) and encrypted card information.

The first sector security key (SO Key) and the second sector security key (S12 Key) may be calculated by a specific security access key generation algorithm according to the chip serial number (CSN), as described later.

Accordingly, the security access key generation algorithm is stored in the card 100, so that the security access key generation algorithm can be generated in real time based on the chip serial number of the card 100. In addition, The key (S0 Key, S12 Key) may be stored in a certain storage space.

The card terminal 200 also includes a chip serial number (CSN) of a card transmitted from the card to receive a first sector security connection key (SO Key) from the payment server 300 when there is connection from the card (SO Key Req.) To the payment server 300. The first sector security access key request signal (SO Key Req.

The card terminal 200 extracts a security authentication code (Ccode) stored in the first sector of the card 100 using the first sector security access key (SO Key) received from the payment server 300, (S12 Key Req.) Req.) To the payment server 300 and transmits the generated second sector secure connection request signal S12 Key Req. Req.

In the present specification, the first sector secure connection request signal (SO Key Req.) And the second sector secure connection request signal (S12 Key Req.) Are abbreviated as "first request" and "second request" can do.

(CSN) of the corresponding card may be included in the first request or the first sector security access key request signal (SO Key Req.), And the second sector security access key request signal (S12 Key Req.) May include the chip serial number The first modulation acknowledgment information (ATC1) received from the payment server in response to the first sector secure connection key request and the first request time t1 information in which the first request is made .

As described in more detail below, the modulation confirmation information used in the present invention is information for confirming integrity or modulation of data transmitted and received in the first request, second request, etc., and includes a request time and a chip serial number (ATC) including an Authorization Code (AC) and a Transaction Code (TC) generated by a modulation acknowledgment information arithmetic algorithm specific to a Chip Serial Number (CSN).

This modulation acknowledgment information (ATC) is generated by the payment server 300, and when the first request is received from the card terminal, the transmitted chip serial number (CSN) and the first request time t1 The first modulation confirmation information ATC1 and the second modulation confirmation information ATC2 derived uniquely according to the transmitted chip serial number CSN and the second request time t2 when there is a second request from the card terminal .

On the other hand, the modulation acknowledgment information calculation algorithm for generating the modulation acknowledgment information (ATC) based on the chip serial number (CSN) and the request time (t) is not limited.

Also, an authorization code (AC) and a transaction code (TC) constituting the modulation acknowledgment information (ATC) indicate whether the first request or the second request is approved, completed or failed Information, and the transaction code TC may be information for identifying the first request and the second request.

However, such an AC code and a transaction code TC may not be distinguished from each other, and may be integrally expressed as string data of a predetermined length.

In addition, the card terminal 200 reads out the encrypted card information stored in the second sector of the card in response to the second request, and then generates a card approval request signal including the transaction information through the card, 300).

In addition to the encrypted card information read out, the card approval request signal includes the second modulation confirmation information (ATC2) received from the payment server as a response to the second request, the chip serial number (CNS) of the card and the second request time t2) information can be further included.

The card terminal 200 receives the card approval result from the payment server 300 as a response to the card approval request signal, and ends the card service (payment, etc.) only when a normal card approval result is received.

FIG. 2 is a detailed block diagram of a card terminal and a card in a card information transaction system according to an embodiment of the present invention.

Referring to FIG. 2, the internal structure of the card terminal according to the present embodiment will be further described.

The card terminal 200 according to the present invention may be a general credit card terminal or a transportation card terminal, but may be a wireless terminal or a dongle terminal connected to the card 100 by a short distance communication method such as NFC.

The card terminal 200 according to the present invention may be implemented in the form of a user's smart phone or other wireless portable device. In this case, the card terminal 200 includes a terminal operation SW unit 210 such as Android or iOS, An NFC communication unit 230 for NFC communication with the card, and an authentication application unit 220 for performing various functions according to the present invention.

Among them, the authentication application unit 220 has functions of extracting security authentication information (Ccode) or encrypted card information using various functions according to the present invention, i.e., a secure access key (So Key, S12 Key) Generates a request, transmits the request to a payment server and receives a response, and performs a card approval using the derived encrypted card information.

More specifically, the authentication application unit 220 may include a security access key management unit 222, a card information reading unit 224, and an approval processing unit 226, It can be implemented in some module form.

The secure access key management unit 222 sequentially generates a first sector security access key generation request signal S0 Key Req. And a second sector secure access key generation request signal S12 Key Req. And receives a first sector security access key (S0 Key) and a second sector security access key (S12 Key) as a response thereto.

The secure access key management unit 222 receives first modulation acknowledgment information (ATC1) transmitted from the payment server 300 as a response to the first sector secure access key generation request signal and the second sector secure access key generation request signal, And second modulation confirmation information (ATC2).

As described above, the first modulation confirmation information (ATC1) and the second modulation confirmation information (ATC2) allow the payment server 300 to use the chip serial number (CSN) of the card and the request times t1 and t2 as input values And is a value calculated by the modulation confirmation information calculation algorithm.

The functions of the components constituting the card terminal will be described in more detail in a time series.

First, when there is a transaction request from the card, the security access key management unit 222 reads the chip serial number (CSN) from the card, generates a first sector secure connection key generation request signal (S0 Key Req.), Server 300 and receives the first sector security access key (S0 Key) and the first modulation confirmation information (ATC1) generated as a response thereto.

Next, the card information reading unit 224 accesses the first sector S0 of the card by using the first sector security access key (S0 Key) received, and then transmits a certificate code (Ccode ).

The secure access key management unit 222 then transmits the first request time t1 information, which is the time of transmitting the security authentication code (Ccode), the chip serial number (CSN), the first sector secure connection key generation request (first request) And a second sector secure connection key generation request signal (S12 Key Req.) Including the first modulation acknowledgment information (ATC1) received from the payment server to the payment server 300, And receives the second sector secure connection key (S12 Key) and the second modulation confirmation information (ATC2).

The card information reading unit 224 accesses the second sector S12 of the card using the received second sector security connection key S12 Key and extracts the encrypted card information stored in the second sector S12.

Then, the approval processing unit 226, together with the extracted encrypted card information and transaction information, transmits a second request time t2 (second request time) which is a time at which the chip serial number (CSN), the second sector secure connection key generation request ) Information and second modulation confirmation information (ATC2) received from the payment server, and transmits the card approval request signal to the payment server 300, and receives the card approval result message in response thereto.

The card approval result message may include an approval number and transaction number information, and the approval processing unit 226 receives the normal card approval result and completes the final card transaction.

If the card terminal 200 recognizes only the card serial number (CSN) and the security certificate code (C code) of the card in the process of approving the card or accepting the transaction for the card transaction The card information such as the card number, the expiration date, and the password, which are important security information, can be obtained only in an encrypted state, so that it is possible to prevent the card information from being leaked by the card terminal.

The authentication application unit 200 may be in the form of a smartphone application developed by a card issuer or a payment server operating company. When a user downloads an appropriate application from an application store or the like to a smart phone functioning as a card terminal As shown in FIG.

3 is a block diagram of internal functions of a payment server in a card information transaction system according to an embodiment of the present invention.

The payment server 300 according to the present invention generates a first sector security connection key and a second sector security connection key in response to a request from the card terminal 200 connected to the communication and responds to the card terminal, (ATC1, ATC2), verifies the modulation confirmation information (ATC1, ATC2) transmitted from the card terminal, verifies the security authentication code (Ccode) transmitted from the card terminal, and transmits the verification information And decrypts the transmitted encrypted card information to receive card approval from the card issuer server.

Referring to FIG. 3, the detailed configuration of the payment server 300 of the present invention will be described below.

The settlement server 300 according to the present invention is also provided with a settlement company server 310 functioning as a general server function internally and a part of the settlement company server 310 performing a secure access key generation, And an Encryption / Decryption Secure Access Module Server 320 that performs an information decryption function or the like.

The encryption decryption security access module server (EDSAM) 320 may be implemented as a single server or a system in a physical or software manner, May be implemented as a software module.

The encryption / decryption security access module server (EDSAM) 320 further includes a security access key management unit 322, a modulation confirmation information generation unit 324, a modulation confirmation information verification unit 326, and a security verification code (Ccode) verification unit 328 And a card information decoding unit 329 and the like.

The secure connection key management unit 322 receives a first sector security access key (S0 Key) and a second sector security access key (S12 Key) in response to a first request and a second request sequentially transmitted from the card terminal (200) And generates a response.

The manner in which the security access key management unit 322 generates the security access key (S0 Key, S12 Key) can adopt the configuration disclosed in Korean Patent No. 338189, which is the prior patent of the present applicant. That is, the secure access key may be generated by a specific algorithm using the chip serial number (CSN) of the transmitted card as an input value.

For example, if the chip serial number (CSN) is 12345678 and the secure access key generation algorithm is (SNx3) +126 / 250, the security access key value is Quot; 3703716 ". Here, the example of the security access key generation algorithm is described by a simple numerical operation structure. However, when various symbols and characters are applied and a complicated operation scheme is applied, the security of the card security access key value can be further strengthened.

In the security access key generation algorithm, the same algorithm may be stored in the card 100 in addition to the payment server 300.

Accordingly, when the card terminal receives the first sector secure connection key (S0 Key) in response to the first request and then attempts to access the first sector of the card using the first sector secure connection key (S0 Key), the card responds to its first sector The first sector security access key (S0 Key) is generated in real time and compared with the first sector security access key (S0 Key) stored in advance or can be compared with the previously stored first sector secure access key (S0 Key).

Also, the security association key generation algorithm for generating the first sector security association key and the second sector security association key must be configured with different algorithms, respectively.

That is, in order to make the first sector security connection key and the second sector security connection key calculated from the same chip serial number (CSN) different from each other, the first sector security association key generation algorithm and the second sector security association key The generation algorithm for generation must be different.

The modulation confirmation information generating unit 324 generates the first modulation confirmation information ATC1 using the chip serial number CSN of the card included in the first request and the first request time t1 as a variable, And generates second modulation confirmation information ATC2 using the chip serial number CSN of the card included in the second request and the second request time t2 as variables and transmits the second modulation confirmation information ATC2 to the card terminal.

The modulation confirmation information verifying unit 326 verifies whether or not the first modulation confirmation information ATC1 and the second modulation confirmation information ATC2 are included and transmitted in the second request and the card approval request transmitted from the card terminal 200, As shown in FIG.

The verification method of the modulation confirmation information verifying unit 326 can be implemented in various ways. As one example of the verification method, the chip serial number (CSN) and the first request time t1, which are included in the second request, The first modulation confirmation information ATC1 included in the second request is directly compared with the value derived from the modulation confirmation information calculation algorithm to determine that the first modulation confirmation information ATC1 has been verified .

Similarly, the modulation confirmation information verifying unit 326 verifies the chip serial number (CSN) and the second request time (t2) information included in the card approval request as variables and a value derived from the modulation confirmation information calculation algorithm, It can be determined that the second modulation confirmation information ATC2 has been verified by comparing the received directly received second modulation confirmation information ATC2 included in the request.

Of course, the present invention is not limited to this scheme. The first and second modulation confirmation information (ATC1) and the second modulation confirmation information (ATC2) generated by the payment server in the operations according to the first request and the second request, (ATC1) and the second modulation confirmation information (ATC2) transmitted from the card terminal in the second request and the card approval request in a manner matching with the number (CNS) It is also possible to compare them.

The security authentication code (Ccode) verification unit 328 performs a function of verifying a security certificate code (Ccode) transmitted in the second request.

The payment server 300 may further include a storage unit 330. In the storage unit 330, a chip serial number (CSN) of a card issued by a plurality of card issuers and a unique security The authentication code (Ccode) can be matched and stored. The storage unit 330 of the payment server 300 accesses a chip serial number CSN of a card issued from a plurality of card issuers and a first sector S0 and a second sector S12 of the corresponding card The first sector security access key (S0 Key) and the second sector security access key (S12 Key), which can be stored in the first sector, can be matched and stored.

Accordingly, the security authentication code verifying unit 328 verifies the security authentication information (Ccode) included in the second request from the card terminal and the chip serial number (CSN) transmitted in the second request, It is possible to compare the values of the security authentication information read by the security authentication unit 300 and judge that they are verified if they are the same.

The card information decryption unit 329 decrypts the encrypted card information included in the card approval request and extracts the decrypted card information only when the second modulation confirmation information (ATC2) is verified.

To this end, the card information decryption unit 329 must be able to store and apply a decryption algorithm corresponding to the encryption algorithm used by the card issuer in encrypting the card information when issuing the card to a specific card.

The card information decryption unit 329 transmits the decrypted card information (card number, expiration date, password, etc.) and transaction information to the card company server 400 to request card approval, and after receiving the response signal, And to transmit the card approval result to the card terminal 200 again.

At this time, an approval number and transaction information may be included in the card approval response signal transmitted from the card issuer server 400 to the payment server 300, and the card approval result transmitted from the payment server 300 to the card terminal 200 Authorization number and transaction number information.

On the other hand, when the payment server 300 determines that the time when the card terminal 200 has read the encrypted card information from the card or the time when the card approval request signal is transmitted from the second request time t2 when the second request is transmitted is longer than a predetermined time It is possible to further have a time management function that does not allow the card approval even if the card information is valid.

This is because when an unauthorized card terminal reads an encrypted card information from a card and transmits an abnormal acknowledgment request or when a transmission time of an acknowledgment request signal abnormally increases due to a problem of a communication network or the like, .

For this, the payment server 300 may further include a time setting management unit 327. The time setting management unit 327 receives the card approval request signal from the second modulation confirmation information (ATC2) Or a second request time (t2) included in the card approval request and transmitted, and performs a function of decrypting the card information only when the difference is within a certain range.

Accordingly, when the time difference between the confirmed second modulation confirmation information generation time or the second request time t2 and the current time point at which the card approval request signal is transmitted is equal to or larger than a predetermined threshold value, To respond.

In the present specification, it is assumed that the second request time t2 at which the second sector secure connection key generation request signal is transmitted and the second modulation acknowledgment information generation time at which the payment server generates the second modulation confirmation information are the same based on the second request time t2 .

In this case, the predetermined threshold value of the time difference may be determined to be a predetermined time, for example, 30 seconds to 3 minutes, and the time setting management unit 327 may provide a function of allowing the user to variably set the threshold value.

1, a short-range wireless communication network such as NRC, Bluetooth, or the like may be used between the card 100 and the card terminal 200. FIG.

 Further, a 3G wireless communication network such as WCDMA or a next generation wireless communication network such as LTE (Long-Term Evolution) or LTE-A may be used between the card terminal 200 and the payment server 300, It is preferable that the data transmitted and received by the RSA or the payment company is encrypted and transmitted by a specific encryption method.

The payment server 300 and the card issuer server 400 may be connected to each other through a dedicated communication network generally used between financial systems.

According to the method of the present invention as described above, when the card terminal 200 receives only the chip serial number (CSN) of the card and the security code (C code) The card information such as the card number, the expiration date, and the password, which are important security information, can be obtained only in the encrypted state, so that the problem of card information leakage by the card terminal can be prevented at its source.

4 shows an information flow in a card information transaction system according to an embodiment of the present invention.

First, when a user connects a card to a card terminal to use a specific card service such as a payment service, the card terminal reads the card and reads the chip serial number (CSN) of the card. (S415)

Next, the card terminal generates a first sector secure connection request signal (S0 Key Req.) And transmits it to the payment server (S420). At this time, the first sector secure connection request signal (S0 Key Req.) Includes a chip serial CSN, and the time when the first sector secure connection request signal S0 Key Req. Is transmitted and received by the payment server is the first request time t1.

The first request time t1 may be determined as the time when the payment server receives the first request, but the card terminal may include the transmission time of the first request in the first request in the form of a timestamp will be.

The payment server receiving the first request generates a first sector secure connection key (S0 Key) using the first sector secure connection key generation algorithm using the received chip serial number (CSN) as an input value (S425).

In addition, the payment server generates the first modulation confirmation information ATC1 using the modulation confirmation information calculation algorithm based on the received chip serial number (CSN) and the first request time t1 (S425)

At this time, the modulation confirmation information calculation algorithm is a certain calculation scheme that uses the chip serial number (CSN) and the first request time t1 as input values, and is distinguished from the security access key generation algorithm described above.

The payment server generates a response signal (S0 Key Res.) Including the generated first sector security access key (S0 Key) and first modulation acknowledgment information (ATC1) and transmits it to the card terminal (S430)

The card terminal receives the response signal (S0 Key Res.) From the payment server, accesses the first sector of the card using the first sector security access key (S0 Key) included therein, and transmits the security authentication code (Ccode) (S440)

The card terminal generates a second sector secure connection key generation request signal (S12 Key Req.) Including the read security authentication code (Ccode) and transmits it to the payment server. (S445)

In addition to the security authentication code (Ccode), the second request signal (S12 Key Req.) Includes information on the chip serial number (CSN) of the card, the first request time t1 which transmitted the first request, The first modulation confirmation information (ATC1) received in response to the first modulation acknowledgment (ATC1) may be included.

Upon receipt of the second request, the payment server transmits the verification result of the first modulation confirmation information (ATC), the verification of the security authentication code (Ccode), the generation of the second sector security authentication key (S12 Key) And performs a generation operation. (S450)

The four operations performed after the payment server receives the second request will be described in detail as follows.

First, by verifying the integrity of the first modulation confirmation information (ATC1), it is determined whether or not the transmitted / received data is forged or falsified.

That is, the payment server uses the modulation confirmation information verifying unit to calculate the value derived from the modulation confirmation information calculation algorithm using the chip serial number (CSN) and the first request time t1 information included in the second request as variables, 2 request and directly received first modulation acknowledgment information (ATC1) are compared with each other, it can be determined that the first modulation acknowledgment information (ATC1) is verified only when they are the same.

Also, the payment server extracts the security authentication code (Ccode) of the card previously stored in the storage unit using the security authentication code (Ccode) verification unit, compares the security authentication code (Ccode) included in the second request with the value of the received security authentication code , It is determined that the authentication is successful only in the same case.

In addition, the payment server generates a second sector secure connection key (S12 Key) using the second sector secure connection key generation algorithm based on the chip serial number (CSN) included in the second request. In addition, the payment server generates the second modulation confirmation information ATC2 by applying the modulation confirmation information calculation algorithm based on the chip serial number CSN and the second request time t2.

Then, the payment server generates a response signal (S12 Key Res.) Including the generated second sector secure connection key (S12 Key) and the second modulation confirmation information (ATC2) to the card terminal (S455)

The card terminal receives the response signal (S12 Key Res.) From the payment server, accesses the second sector of the card by using the second sector security connection key (S12 Key) included therein, (Card number, expiration date, password, etc.) (S460)

Then, the card terminal generates a card approval request signal including the read encrypted card information and transaction information, and transmits the card approval request signal to the payment server. (S465)

At this time, in addition to the encrypted card information, the card approval request signal includes the chip serial number (CSN) of the card, the second request time t2, and the second modulation confirmation information ATC2 ) May be included.

The payment server receiving the card approval request signal performs verification of the second modulation confirmation information (ATC) and decryption of the card information. (S470)

More specifically, the payment server uses a modulation acknowledgment information verifying unit to verify the chip serial number (CSN) and the second request time (t2) information included in the card approval request signal as variables and a value derived from the modulation confirmation information calculation algorithm And the second modulation confirmation information (ATC2) included in the card approval request signal and directly received, and determines that the second modulation confirmation information (ATC2) is verified only when they are the same.

 Only when the second modulation confirmation information (ATC2) is verified, the payment server decrypts the received card information using a known decryption algorithm, and stores the decrypted card information, that is, the card number, The card information is extracted.

Then, the payment server transmits the decrypted card information and the transaction information to the card company server to request card approval, and receives the result. (S475) The approval result message received from the card company server includes approval information, approval number, May be included.

The payment server generates a card approval result signal based on the approval result information received from the card issuer server and transmits it to the card terminal. (S480) At this time, an approval number and transaction number information may be included in the card approval result signal transmitted from the payment server to the card terminal.

Of course, as described above, in step S470, when the time difference between the confirmed second modulation confirmation information generation time or the second request time t2 and the current time point at which the card approval request signal is transmitted is greater than or equal to a predetermined threshold value It is possible to respond to reject the card approval without decrypting the card information or requesting card approval from the card company server.

As described above, in the card information transaction system according to the embodiment of the present invention, when the card terminal confirms the card serial number (CSN) and the certificate authentication code Ccode) can be recognized, and card information such as a card number, an expiration date, and a password, which are important personal security information used for card approval, can be obtained only in an encrypted state. Therefore, There is an effect that it can be prevented originally.

In addition, the billing server generates and verifies the modulation / verification information based on the chip serial number and the request time information when transmitting / receiving various information required for card approval, thereby checking whether the transmitted / received data is falsified or not, Can be improved.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the appended claims. , Separation, substitution, and alteration of the invention will be apparent to those skilled in the art. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

100: card 200: card terminal
300: payment server 400: card company server
112: first sector (S0) 114: second sector (S12)
320: Encryption Decryption Secure Access Module Server (EDSAM)
220: authentication application unit 222: security access key management unit
224: card information reading unit 226:
322: security access key management unit 324: modulation confirmation information generation unit
326: Modulation confirmation information verifying unit 327: Time setting management unit
328: Security Authentication Code Verification Unit 329: Card Information Decryption Unit

Claims (13)

Generates a first sector secure connection key generation request signal including a chip serial number (CSN) of a card and transmits the generated first sector secure connection key generation request signal to a payment server connected to a communication network, and as a response thereto a first sector secure connection key (S0 Key) Receives the first modulation confirmation information (ATC1) calculated by the payment server based on the serial number (CSN) and the first request time (t1) of the first sector secure connection key generation request signal, And generates a second sector secure connection key generation request signal including the first sector secure connection key (ATC1) and transmits the second sector secure connection key generation request signal to the payment server, and transmits a second sector secure connection key (S12 Key) A security access key management unit for receiving second modulation confirmation information (ATC2) computed by a payment server based on a second request time (t2) of the second sector secure connection key generation request signal;
The secure authentication code (Ccode) stored in the first sector (S0) and the second sector (S12) of the card and the encrypted authentication code (Ccode) stored in the second sector (S12) of the card using the first sector secure connection key and the second sector secure connection key transmitted from the payment server A card information reading unit for reading information;
Second modulation confirmation information (ATC2) received in response to the encrypted card information read out from the second sector of the card, the transaction information, and the second sector secure connection key generation request signal, Generates a card approval request signal including a serial number (CSN) of the second sector and a second request time (t2) of the second sector secure connection key generation request signal, and transmits the card approval request signal to the payment server, An acceptance processing unit for receiving the request;
And a card terminal for a card information transaction system. delete The method according to claim 1,
The second sector secure connection key generation request signal includes first security confirmation code (Ccode), first modulation acknowledgment information (ATC1) received in response to the first sector secure connection key generation request signal, A serial number (CSN) and a first request time (t1) of the first sector secure connection key generation request signal. delete A secure access key manager for generating and transmitting a first sector security access key (S0 Key) and a second sector security access key (S12 Key) in response to a first request and a second request sequentially transmitted from a card terminal connected to the communication;
Generates first modulation acknowledgment information (ATC1) using the chip serial number (CSN) of the card included in the first request and the first request time (t1) of the first request as variables, 2 generates second modulation acknowledgment information (ATC2) using the chip serial number (CSN) of the card included in the second request and the second request time (t2) of the second request as parameters and generates modulation acknowledgment information for transmission to the card terminal part;
A modulation acknowledgment (ATC1) for verifying whether or not the second modulation acknowledgment information (ATC2) included in the card grant request signal transmitted from the card terminal and modulated by the first modulation acknowledgment information An information (ATC) verification unit;
A security authentication code (Ccode) of a card transmitted in the second request and a security authentication code (CID) read in a storage unit based on a chip serial number (CSN) of the card transmitted in the second request A security verification code (Ccode) verifying unit for verifying a security certificate code (Ccode) of a card included in the second request by comparing the value of information;
A card information decryption unit for decrypting the encrypted card information included in the card approval request signal and extracting the decrypted card information only when the second modulation confirmation information (ATC2) is verified;
And a payment server for the card information transaction system. 6. The method of claim 5,
Further comprising an approval processor for transferring the decrypted card information and transaction information to a card company server to perform a card approval procedure. 6. The method of claim 5,
The first sector secure connection key (S0 Key) is a key for the card terminal to extract a security certificate code (Ccode) stored in the first sector (S0) of the card,
Wherein the second sector secure connection key (S12 Key) is a key for the card terminal to connect to the second sector (S12) of the card and extract the encrypted card information stored in the second sector Payment server for the system. 8. The method of claim 7,
The secure connection key management unit manages a first sector security access key (SES) by using a chip sector serial number (CSN) of the card as an input value and a first sector security access key generation algorithm and a second sector security access key generation algorithm, S0 Key) and a second sector secure connection key (S12 Key). 9. The method of claim 8,
The second request includes a chip serial number (CSN) and a first request time (t1)
The modulation confirmation information (ATC) verification unit may be configured to determine a value derived from the modulation confirmation information calculation algorithm using the chip serial number (CSN) and the first request time (t1) information included in the second request as variables, 2 request and compares directly received first modulation confirmation information (ATC1), and determines that the first modulation confirmation information (ATC1) is verified only when they are identical. 9. The method of claim 8,
The card approval request signal includes a chip serial number (CSN) and a second request time (t2)
Wherein the modulation confirmation information (ATC) verifying unit is configured to determine a value derived from the modulation confirmation information calculation algorithm using the chip serial number (CSN) and the second request time (t2) information included in the card approval request signal as variables, The second modulation confirmation information (ATC2) included in the card approval request signal is directly compared with the second received modulation confirmation information (ATC2), and it is determined that the second modulation confirmation information (ATC2) . 6. The method of claim 5,
The payment server compares the second request time (t2) included in the card approval request and transmitted and the present time, and adds a time setting management unit for managing card information decryption only when the difference is within a certain range And a payment server for the card information transaction system. A card for storing the security authentication code and the encrypted card information in the first sector S0 and the second sector S12, respectively;
And sequentially generates a first request and a second request for requesting generation of a first sector secure connection key (S0 Key) and a second sector secure connection key (S12 Key) And reads the security authentication code and encrypted card information stored in the card using the first sector security access key (S0 Key) and the second sector security access key (S12 Key) received as a response thereto A card terminal for transmitting to the payment server;
A first sector security access key and a second sector security access key are generated in response to the first request and the second request which are sequentially transmitted from the card terminal connected and communicated in order to respond to the card terminal, And generates and transmits modulation confirmation information to the card terminal based on the chip serial number CSN of the first request and the first request time t1 of the first request or the second request time t2 of the second request, Verifying the modulation confirmation information transmitted in the first request and the second request transmitted from the terminal, verifying the security authentication code transmitted from the card terminal, decrypting the encrypted card information transmitted from the card terminal A payment server;
The card information transaction system comprising: 13. The method of claim 12,
The modulation acknowledgment information includes an acknowledgment code generated by a modulation acknowledgment information arithmetic algorithm with the request time (t1, t2) of the first request or the second request and the chip serial number (CSN) of the card as variables An Authorization Code (AC), and a Transaction Code (TC).
KR1020150110213A 2015-08-04 2015-08-04 Transaction System of Card Information, Payment Server and Card Terminal therefor KR101838890B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150110213A KR101838890B1 (en) 2015-08-04 2015-08-04 Transaction System of Card Information, Payment Server and Card Terminal therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150110213A KR101838890B1 (en) 2015-08-04 2015-08-04 Transaction System of Card Information, Payment Server and Card Terminal therefor

Publications (2)

Publication Number Publication Date
KR20170016738A KR20170016738A (en) 2017-02-14
KR101838890B1 true KR101838890B1 (en) 2018-03-15

Family

ID=58121252

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150110213A KR101838890B1 (en) 2015-08-04 2015-08-04 Transaction System of Card Information, Payment Server and Card Terminal therefor

Country Status (1)

Country Link
KR (1) KR101838890B1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113936363B (en) * 2021-11-15 2024-01-16 武汉虹信技术服务有限责任公司 IC card data encryption method and system based on multi-sector encryption
CN115471952B (en) * 2022-09-29 2024-04-05 石家庄科林电气股份有限公司 Card swiping authentication method for charging pile, charging pile and charging management system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100866608B1 (en) * 2007-02-15 2008-11-04 고려대학교 산학협력단 System and Method for mutual authentication between a remote user and a server using a mobile device, Recording medium thereof
KR101481407B1 (en) * 2014-02-04 2015-01-14 신남규 Method for transacting financial by using smart card

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100866608B1 (en) * 2007-02-15 2008-11-04 고려대학교 산학협력단 System and Method for mutual authentication between a remote user and a server using a mobile device, Recording medium thereof
KR101481407B1 (en) * 2014-02-04 2015-01-14 신남규 Method for transacting financial by using smart card

Also Published As

Publication number Publication date
KR20170016738A (en) 2017-02-14

Similar Documents

Publication Publication Date Title
CN107925572B (en) Secure binding of software applications to communication devices
US8346672B1 (en) System and method for secure transaction process via mobile device
EP2526514B1 (en) Method, device and system for securing payment data for transmission over open communication networks
US20200394657A1 (en) Method and system for authenticating iot device using mobile device
KR101330867B1 (en) Authentication method for payment device
AU2012265824B2 (en) A transaction system and method for use with a mobile device
US20160182543A1 (en) Software tampering detection and reporting process
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
CN104838398A (en) System and method for secure remote access and remote payment using a mobile device and a powered display card
US20120303534A1 (en) System and method for a secure transaction
US20230252451A1 (en) Contactless card with multiple rotating security keys
US20180240113A1 (en) Determining legitimate conditions at a computing device
CN104835038A (en) Networking payment device and networking payment method
KR101838890B1 (en) Transaction System of Card Information, Payment Server and Card Terminal therefor
US10616262B2 (en) Automated and personalized protection system for mobile applications
KR102348823B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
KR20200013494A (en) System and Method for Identification Based on Finanace Card Possessed by User
KR20150017374A (en) Method for Settlement by using IC Chip
US10248947B2 (en) Method of generating a bank transaction request for a mobile terminal having a secure module
KR101626962B1 (en) Transaction System of Card Information and Encryption/Decryption Server therefor
KR101700833B1 (en) Card User Authentication System and Authentication Server and Portable Device for the same
WO2014104434A1 (en) Method for processing issuance of mobile credit card
JP2006215699A (en) Authentication apparatus, authentication system, authentication support system and function card
KR101682678B1 (en) Card Transaction System and Encryption/Decryption Server for the same
KR20140007628A (en) Method for mobile banking of account transfer using security confirmation processing

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E902 Notification of reason for refusal
E601 Decision to refuse application
J201 Request for trial against refusal decision
J301 Trial decision

Free format text: TRIAL NUMBER: 2016101003724; TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20160624

Effective date: 20180123

S901 Examination by remand of revocation
GRNO Decision to grant (after opposition)
GRNT Written decision to grant