KR20070039372A - System and method for processing security of card payment by using mobile internet communication network, devices for payment and recording medium - Google Patents

Abstract

The present invention relates to a computer-readable recording medium characterized by recording a card payment security processing method and system using a portable internet communication network, a payment terminal device and a program therefor, the card payment using a portable internet communication network according to the present invention. The security processing system generates payment processing related data (payment approval request specialized data), extracts a payment terminal private key from a predetermined terminal side security application module, and electronically signs the payment processing related data (payment approval request specialized data). And extracting a copy of the certificate including the VAN server public key and the payment terminal public key from the terminal-side security application module, generating a predetermined random secret key, and copying the certificate including the electronic signature and the payment terminal public key. Encrypt payment processing related data (payment authorization request data), and randomize Encrypt the secret key with the VAN server public key, and concatenate a copy of the certificate including the encrypted digital signature and the payment terminal public key, payment processing related data (payment authorization request data), and a random secret key encrypted with the VAN server public key. A payment terminal configured to store the upper layer of the portable internet protocol stack, and then add the portable internet based MAC layer and the PHY layer to the portable internet protocol stack and transmit them to the portable internet communication network; After removing the portable Internet based MAC layer and the PHY layer from the portable internet protocol stack transmitted by the payment terminal, changing the portable internet protocol stack to an internet protocol stack, and converting the changed internet protocol stack to a VAN server through a communication network. The portable Internet communication network for transmitting; And after receiving the internet protocol stack transmitted through the portable internet communication network, copy a certificate including the encrypted electronic signature and payment terminal public key, payment processing related data (payment approval request specialized data), and VAN server disclosure. Restores the random secret key encrypted with the key, extracts the VAN server private key from a predetermined server-side security application module, decrypts and reads the random secret key through the VAN server private key, and reads the read random secret key Decrypt the copy of the certificate including the encrypted electronic signature and the payment terminal public key and payment processing related data (payment approval request specialized data), and through the decrypted electronic signature the decrypted payment processing related data (payment approval request) The validity data, and if the validity is authenticated, the decrypted payment processing related data ( Using the first authorization request specialized data) to VAN server performing predetermined billing processing procedure; characterized in that comprises a. As a result, when the high-speed wireless Internet, which is weak in security, is used as a communication network for electronic payment processing, there is an advantage of maintaining high end-to-end security between a payment terminal located in the high-speed wireless Internet and a VAN server.

Mobile, internet, security, payment

Description

A computer-readable recording medium characterized by recording a card payment security processing method and system using a portable internet communication network, a payment terminal device and a program therefor. (System and Method for Processing Security of Card Payment by Using Mobile Internet Communication Network, Devices for Payment and Recording Medium}

1 is a diagram showing a high-speed wireless Internet system configuration according to an embodiment of the present invention.

2 is a diagram illustrating subscriber information generated and managed in a PAR on a high-speed wireless Internet according to an embodiment of the present invention.

3A and 3B illustrate a communication path between a payment terminal and a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

4A, 4B, and 4C are diagrams showing a preferred functional configuration of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

5A, 5B, and 5C illustrate a preferred structure of a communication protocol stack of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

6 is a view showing a preferred structure of the wireless processing unit of the payment terminal according to an embodiment of the present invention.

7 is a diagram illustrating a VAN server function configuration for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

8 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

9 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a symmetric key (or secret key) method according to an embodiment of the present invention.

10 is a diagram illustrating a payment processing process of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

11 is a diagram illustrating a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received at a VAN server by a symmetric key (or secret key) method according to an embodiment of the present invention.

12 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in a symmetric key (or secret key) method in a VAN server according to an embodiment of the present invention.

13 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

14 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by a payment terminal according to an embodiment of the present invention by a symmetric key (or secret key) method.

15 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 16 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a public key based structure according to an embodiment of the present invention.

FIG. 17 is a diagram illustrating a payment processing process of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 18 illustrates a method for decrypting payment processing related data (or payment approval request specialized data) encrypted and received by a VAN server according to an embodiment of the present invention using a public key infrastructure.

FIG. 19 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a public key infrastructure structure in a VAN server according to an embodiment of the present invention.

20 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 21 illustrates a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by a payment terminal according to an embodiment of the present invention using a public key infrastructure.

22 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 23 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in an electronic envelope method according to an embodiment of the present invention. FIG.

24 is a diagram illustrating a payment processing procedure of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 25 illustrates a method for decrypting payment processing related data (or payment approval request specialized data) encrypted and received by a VAN server according to an embodiment of the present invention by an electronic envelope method.

FIG. 26 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in an electronic envelope method in a VAN server according to an embodiment of the present invention.

27 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

FIG. 28 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by a payment terminal according to an embodiment of the present invention by an electronic envelope method.

29 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

30A and 30B illustrate a method of encrypting and transmitting payment processing related data (or payment approval request specialized data) by an electronic signature and a key exchange method according to an embodiment of the present invention.

31 is a diagram illustrating a payment processing process of a VAN server for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

32A and 32B illustrate a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received by a VAN server according to an embodiment of the present invention using an electronic signature and a key exchange method.

33 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a digital signature and a key exchange method in a VAN server according to an embodiment of the present invention.

34 is a diagram illustrating a payment processing procedure of a payment terminal for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

35A and 35B illustrate a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received at a payment terminal according to an embodiment of the present invention by an electronic signature and a key exchange method.

100: operator network 105: VAN server

110: Authentication, Authorization and Accounting (AAA) Server

115: FA (Foreign Agent)

120: HA (Home Agent)

125: management server (Network Management System)

130: packet access router

135: base station

140: payment terminal

The present invention relates to a card payment security processing method and system and a payment terminal using a portable Internet communication network.

Due to the rapid development of information and communication technology, certain payment means are provided in a media including an MS (Magnetic Stripe) card and / or an IC (Integrated Circuit) card and / or an IC chip mounted or detached from a predetermined wireless terminal. In the case of payment on and off-line, an electronic payment system for payment processing using a payment means provided in the medium has become popular.

The electronic payment system is a user-owned medium having at least one valid payment means (e.g. MS card, IC card, IC chip, etc.), and recognizes the medium and reads the valid payment means information from the medium is predefined It comprises a merchant payment terminal for performing a payment processing procedure, a payment server for approving the payment processing for the payment means, and a payment network connecting the payment terminal and the payment server.

The conventional payment network constituting the electronic payment system includes a value added network (VAN) that leases a wired backbone network and / or uses a high-cost leased line as a closed network. The payment network using the wired backbone network and / or the leased line further includes a circuit switched mobile communication network and / or a packet switched wireless data communication network.

Recently, due to the need for high-speed wireless data communication, high-speed wireless Internet corresponding to the IEEE 802.16 series standard has been developed, thereby including the high-speed wireless Internet in a wide range of payment networks for providing the electronic payment system. It is expected to be.

Referring to the IEEE 802.16 series standard, the high-speed wireless Internet system accesses the high-speed wireless Internet by using a privacy key manager (PKM) message in a medium access control (MAC) layer based on an X.509 certificate. The authority for the wireless terminal is verified, and the verified wireless terminal can be initially connected to the high speed wireless Internet system.

However, the security system is limited to a wireless section, the wired section of the high-speed wireless Internet is characterized in that it consists of an open network directly connected to the conventional Internet (Internet), whereby the high-speed wireless Internet of the electronic payment system When used as a payment network, a serious security problem is exposed to hacking such as sniffing or spoofing.

An object of the present invention is to provide a computer-readable recording medium characterized by recording a card payment security processing method and system using a portable Internet communication network, a payment terminal device and a program therefor.

The card payment security processing system using a portable Internet communication network according to the present invention generates payment processing related data (payment approval request specialized data), extracts a payment terminal private key from a predetermined terminal-side security application module, and relates to the payment processing. Digitally sign the data (payment approval request specialized data), extract a copy of the certificate including the VAN server public key and the payment terminal public key from the terminal-side security application module, and generate a predetermined random secret key to generate the electronic signature. And encrypting the copy of the certificate including the payment terminal public key and payment processing related data (payment authorization request data), encrypting the random secret key with the VAN server public key, and including the encrypted electronic signature and payment terminal public key. Encrypted copy of the certificate, payment processing related data (payment authorization request data), and VAN server public key A payment terminal for concatenating a random secret key and storing it in an upper layer of the portable internet protocol stack, and then adding the portable internet based MAC layer and the PHY layer to the portable internet protocol stack and transmitting them to the portable internet communication network; After removing the portable internet based MAC layer and the PHY layer from the portable internet protocol stack transmitted by the payment terminal, changing the portable internet protocol stack to an internet protocol stack, and converting the changed internet protocol stack into a VAN server through a communication network. The mobile Internet communication network for transmitting to; And after receiving the internet protocol stack transmitted through the portable internet communication network, copy a certificate including the encrypted digital signature and payment terminal public key, payment processing related data (payment approval request specialized data), and VAN server disclosure. Restores the random secret key encrypted with the key, extracts the VAN server private key from a predetermined server-side security application module, decrypts and reads the random secret key through the VAN server private key, and reads the read random secret key Decrypt the copy of the certificate including the encrypted electronic signature and the payment terminal public key and payment processing related data (payment approval request specialized data), and through the decrypted electronic signature the decrypted payment processing related data (payment approval request) The validity data, and if the validity is authenticated, the decrypted payment processing related data ( Using the first authorization request specialized data) to VAN server performing predetermined billing processing procedure; characterized in that comprises a.

According to the present invention, the VAN server receives payment approval data corresponding to the payment processing related data (payment approval request specialized data) from a card company server, and extracts the VAN server private key from the server-side security application module. Digitally sign the payment approval data corresponding to the payment approval data, extract a copy of the certificate including the public terminal and the VAN server public key of the payment terminal from the server-side security application module, and generate a predetermined random secret key. Encrypting the copy of the certificate including the digital signature and the VAN server public key and the payment approval specialized data, encrypting the random secret key with the public key of the payment terminal, and including the encrypted digital signature and the VAN server public key Copy the certificate, payment approval data, and random secret key encrypted with the payment terminal public key It is stored in the upper layer of the roto-call stack, characterized in that for transmission to the portable Internet communication network.

In addition, the portable Internet communication network, and changes the Internet protocol stack transmitted by the VAN server to a portable Internet protocol stack, and adds the portable Internet-based MAC layer and PHY layer to the changed portable Internet protocol stack to transmit to the payment terminal. It is characterized by.

In addition, the payment terminal, after receiving the portable Internet protocol stack transmitted through the portable Internet communication network, the certificate including the encrypted digital signature and the VAN server public key, payment approval data, and payment terminal public key Restores an encrypted random secret key, extracts a payment terminal private key from the terminal-side security application module, decrypts and reads the random secret key through the payment terminal private key, and reads the random secret key through the read random secret key Decrypt the copy of the certificate including the encrypted digital signature and the VAN server public key and payment approval specialized data, and authenticate the validity of the decrypted payment approval specialized data through the decrypted electronic signature, if the validity is authenticated, the decryption Outputting the approved payment approval data through a predetermined screen output device and / or printing device. It features.

According to the present invention, the payment terminal, the data generation unit for generating payment processing related data (payment approval request specialized data); Extracts the payment terminal private key from a predetermined terminal-side security application module and electronically signs the payment processing-related data (payment approval request specialized data), and the VAN server public key and the payment terminal public key from the terminal-side security application module. Extracts a copy of the certificate, generates a predetermined random secret key, encrypts the copy of the certificate including the digital signature and the payment terminal public key and payment processing related data (payment authorization request data), and encrypts the random secret key. Encrypting with a VAN server public key, extracting a payment terminal private key from the terminal-side security application module, decrypting and reading the encrypted random secret key transmitted from the VAN server through the payment terminal private key, and reading the read A copy of the certificate including the encrypted digital signature and the VAN server public key through a random secret key A decoding and encryption processing for authenticating the validity of the decoded data on the payment authorization specialized decoding the electronic signature; And a copy of the certificate including the encrypted electronic signature and the payment terminal public key, a payment processing related data (payment approval request specialized data), and a random secret key encrypted with the VAN server public key, to a higher layer of the mobile Internet protocol stack. After storing, the portable Internet protocol stack adds a portable Internet based MAC layer and a PHY layer to the portable internet communication network, receives the portable internet protocol stack transmitted through the portable internet communication network, and then receives the encrypted electronics. And a communication processing unit for restoring a copy of the certificate including the signature and the VAN server public key, payment authorization data, and a random secret key encrypted with the payment terminal public key.

According to the present invention, the VAN server, after receiving the Internet protocol stack transmitted through the portable Internet communication network, the copy of the certificate including the encrypted digital signature and payment terminal public key and payment processing related data (payment approval) Request message data), and a receiving unit for restoring a random secret key encrypted with a VAN server public key; Extract the VAN server private key from a server-side security application module, decrypt and read the random secret key through the VAN server private key, and publish the encrypted electronic signature and payment terminal through the read random secret key. Decrypt the certificate copy including the key and payment processing related data (payment approval request specialized data), and verify the validity of the decrypted payment processing related data (payment approval request specialized data) through the decrypted electronic signature; Extracting the VAN server private key from the server-side security application module and electronically signing the payment approval specialized data corresponding to the payment approval data, and including the public key and the VAN server public key of the payment terminal from the server-side security application module. Extract a copy of the certificate, generate a predetermined random secret key and include the digital signature and the VAN server public key. Standing encrypt the copy of payment authorization specialized data, and an encryption unit that encrypts with the public key of the payment terminal to the random secret key; A payment processing unit which performs a predetermined payment processing procedure by interworking with a card company server by using the payment processing related data (payment approval request specialized data) decrypted through the encryption unit; And a copy of the certificate including the encrypted digital signature and the VAN server public key, payment approval specialized data, and a random secret key encrypted with the payment terminal public key, stored in an upper layer of the Internet protocol stack, and transmitted to the portable Internet communication network. And a transmission unit.

On the other hand, the card payment security processing method using a portable Internet communication network according to the present invention, the step of generating payment processing related data (payment approval request specialized data) in the payment terminal; Extracting a payment terminal private key from the terminal-side security application module at the payment terminal and electronically signing the payment processing related data (payment approval request specialized data); Extracting a copy of a certificate including a VAN server public key and the payment terminal public key from a terminal-side security application module at the payment terminal; Generating a random secret key in the payment terminal and encrypting a copy of the certificate including the electronic signature and the payment terminal public key and payment processing related data (payment approval request specialized data); Encrypting the random secret key with a VAN server public key at the payment terminal; A copy of the certificate including the electronic signature encrypted in the payment terminal and the payment terminal public key, payment processing related data (payment authorization request data), and a random secret key encrypted with the VAN server public key are concatenated to form a higher layer of the mobile Internet protocol stack. Storing in a layer; In the mobile terminal, a copy of the certificate including the encrypted electronic signature and the payment terminal public key, payment processing related data (payment authorization request data), and a random secret key encrypted with the VAN server public key are stored in the portable Internet protocol stack. Adding a portable internet based MAC layer and a PHY layer to the base station on the portable internet communication network; The base station on the portable internet communication network removes the portable internet protocol based MAC layer and the PHY layer from the portable internet protocol stack, changes the portable internet protocol stack to an internet protocol stack, and then changes the changed internet protocol stack through a communication network. Transmitting to; After receiving the internet protocol stack from the VAN server, a copy of the certificate including the encrypted digital signature and the payment terminal public key, payment processing related data (payment approval request specialized data), and a random secret key encrypted with the VAN server public key Restoring; Extracting a VAN server private key from a server-side security application module in the VAN server; Decrypting and reading the random secret key through the VAN server private key in the VAN server; Decrypting a copy of a certificate including the encrypted electronic signature and a payment terminal public key and payment processing related data (payment authorization request specialized data) through the random secret key decrypted by the VAN server; Authenticating validity of the payment processing related data (payment approval request specialized data) decrypted through the electronic signature decrypted by the VAN server; And if the validity is authenticated, performing a predetermined payment processing procedure using the decrypted payment processing related data (payment approval request specialized data) in the VAN server.

According to the present invention, the step of performing a predetermined payment processing process using the decrypted payment processing related data (payment approval request specialized data) in the VAN server, the payment processing related data (from the card company server in the VAN server) Receiving payment approval data corresponding to payment approval request specialized data); Extracting the VAN server private key from the server-side security application module in the VAN server and digitally signing the payment approval specialized data corresponding to the payment approval data; Extracting a copy of a certificate including a public key of the payment terminal and a VAN server public key from a server-side security application module in the VAN server; Generating a predetermined random secret key in the VAN server and encrypting a copy of the certificate including the digital signature and the VAN server public key and payment authorization data; Encrypting, at the VAN server, the random secret key with the public key of the payment terminal; A base station on a mobile Internet communication network by storing a copy of a certificate including an electronic signature encrypted in the VAN server and a public key of the VAN server, payment approval data, and a random secret key encrypted with the payment terminal public key and storing them in an upper layer of the Internet protocol stack. Transmitting to; Changing the internet protocol stack to a portable internet protocol stack by a base station on the portable internet communication network, and adding a portable internet based MAC layer and a PHY layer to the changed portable internet protocol stack to transmit to the payment terminal; Restoring a copy of the certificate including the encrypted electronic signature and the VAN server public key, payment authorization data, and a random secret key encrypted with the payment terminal public key after receiving the portable Internet protocol stack at the payment terminal; Extracting a payment terminal private key from the terminal-side security application module at the payment terminal; Decrypting and reading the random secret key through the payment terminal private key in the payment terminal; Decrypting a copy of the certificate including the encrypted electronic signature and the VAN server public key and payment approval text data through the random secret key decrypted by the payment terminal; Authenticating the validity of the decrypted payment approval text data through the electronic signature decrypted by the payment terminal; If the validity is authenticated, the payment terminal outputs the decrypted payment approval professional data through a predetermined screen output device and / or printing device; characterized in that it comprises a.

On the other hand, the present invention includes a computer-readable recording medium, characterized in that for recording the program for executing the card payment security processing method using the portable Internet communication network described above.

On the other hand, the payment terminal device according to the present invention, the payment means reading unit for reading the card information; An information input unit configured to process input of predetermined payment related data; A data generation unit generating predetermined payment processing related data (payment approval request specialized data) based on the card information read out by the payment means reading unit and the payment related data input through the information input unit; Extracts the payment terminal private key from a predetermined terminal-side security application module and electronically signs the payment processing-related data (payment approval request specialized data), and the VAN server public key and the payment terminal public key from the terminal-side security application module. Extracts a copy of the certificate, generates a predetermined random secret key, encrypts the copy of the certificate including the digital signature and the payment terminal public key and payment processing related data (payment authorization request data), and encrypts the random secret key. An encryption processing unit to encrypt the VAN server public key; And a copy of the certificate including the encrypted electronic signature and the payment terminal public key, a payment processing related data (payment approval request specialized data), and a random secret key encrypted with the VAN server public key, to a higher layer of the mobile Internet protocol stack. And after storing, a communication processor for adding a portable internet based MAC layer and a PHY layer to the portable internet protocol stack and transmitting the portable internet protocol network to the portable internet communication network.

On the other hand, the present invention includes a computer-readable recording medium, characterized in that for recording the program for executing the function of the above described payment terminal device component.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be based on the contents throughout the present title.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It's just

1 is a diagram showing a high-speed wireless Internet system configuration according to an embodiment of the present invention.

More specifically, Figure 1 is a 2.3GHz high-speed wireless Internet network based on HPi (High-Speed Portable Internet) that provides high-speed wireless access technology including mobility of 60 km / h or more and a transmission speed of 1 Mbps.

The high-speed wireless Internet system of the 2.3 GHz frequency band is a cellular network configuration using an Orthogonal Frequency Division Multiple Access (OFDMA) / Time Division Duplex (TDD) scheme and a network configuration of IP-based wireless data services. It can effectively adapt to the downlink asymmetric transmission characteristics, support handoff to ensure cell-to-cell mobility without interruption of service, dynamically or statically assign IP to portable terminals, and more efficiently access unauthorized system access. It prevents authentication and guarantees quality of service against delay and packet loss for high speed transmission of various types of IP-based packet data such as streaming video, FTP, mail, chat, etc. It is made, including.

Referring to FIG. 1, the high-speed wireless Internet system includes at least one payment terminal 140 (eg, an access terminal (AT) or a portable subscriber station (PSS)) and a base station 135 (eg, supporting high-speed wireless Internet). A service provider network (100) connecting the access point (AP) or radio access station (RAS), a packet access router (PAR), and at least one or more PARs (130). It is done. In addition, the operator network 100 includes a home agent (HA) 120 for mobility of IP to the payment terminal 140 and an authentication, authorization and accounting (AAA) server 110 for authentication and billing of a user. ), And a management server 125 and a foreign agent (FA) 115 that interoperates with an external wireless network, at least according to the operator's intention and / or additional service type. It will be possible for more than one component to be added.

The payment terminal 140 is an endpoint of a wireless channel in the high-speed wireless Internet system, and communicates with the base station 135 in an OFDMA manner, the wireless channel transmission and reception function, MAC processing function, handover function, user authentication and encryption function, Performs radio link control management.

The base station 135 performs wired / wireless channel conversion function to transfer information (or data) received from the payment terminal 140 to the PAR 130 or vice versa. And converts them into OFDMA-based radio signals and delivers them to the payment terminal 140, and also provides packet retransmission for error-free packet transmission and reception, packet scheduling and radio bandwidth allocation for efficient operation of radio resources, and lanes. It performs connection control, handover control, and PAR 130 access function related to a ranging function, packet call connection establishment, maintenance, and release.

The PAR 130 is connected to and manages a plurality of base stations 135 and performs a handover control function to ensure high-speed mobility in the PAR 130. To this end, the base station 135 and the PAR 130 is connected based on the IP protocol, and is preferably configured based on a gigabit Ethernet switch for high-speed packet transmission.

In addition, the high-speed wireless Internet system in order to provide high-speed wireless communication Uh interface between the payment terminal 140 and the base station 135, Ah interface between the base station 135 and the PAR 130, PAR 130 and PAR The Ph interface, the PAR 130 and the IAA interface between the AAA and the HA 120 of the operator network 100 are provided between the 130.

The Uh interface provided between the payment terminal 140 and the base station 135 conforms to the physical layer (PHYsical) and media access control (MAC) standards of HPi, and the physical layer and the MAC standard are LOS. (Line Of Sight) is based on the 2.3GHz band having a non-guaranteed multipath channel environment, and provides mobility based on the wireless access standard of the IEEE 802.16 series.

According to an embodiment of the present invention, the physical layer standard of the Uh interface includes all items corresponding to Orthogonal Frequency Division Multiple Access (OFDMA) in the IEEE802.16 standard, and the changed parts of the IEEE 802.16 frame structure, uplink And OFDMA subcarrier allocation and channel coding for downlink. Additional additions include Transmit / Receive Transition Gap (TGT), Receive / Transmit Transition Gap (RTG), and RF parameters to accommodate a maximum radius of 1km. In addition, the MAC standard is optimized for the OFDMA PHY. The ranging and bandwidth request procedures are modified to fit the OFDMA PHY, and a handover function for mobility support is added. In addition, a sleep mode function for reducing power consumption of the terminal and a mechanism for checking a communication interruption state and recovering resources allocated in case of a disconnection have been added.

The Ah interface between the base station 135 and the PAR 130 uses an Access Network Application PAR (130) t (ANAP) protocol that defines control messages for smooth communication between the base station 135 and the PAR 130. In addition, the Ph interface between the PAR 130 and the PAR 130 is a PPAP (PAR 130-PAR 130 Application PAR 130) protocol defining control messages for smooth communication between the PAR 130. This is used.

The standard for the Ih interface between the PAR 130 and the AAA is based on the IETF Diameter Base protocol, and also refers to the IETF Diameter MIP Application and the IETF Diameter Extensible Authentication Protocol (EAP). In addition, the standard for the Ih interface between the PAR 130 and the HA 120 is based on MIP (Mobile IP) of IETF RFC 3344, MIP NAI (Network Access Identification) extension, MIP CHA (120) llenge / It adds response extension, AAA Registration Key extension, MIP extension for AAA NAI, and MIP extension for Reverse Tunneling.

According to an embodiment of the present invention, an integrated payment terminal 140 having a built-in OFDMA-based wireless access function in a predetermined card terminal to perform high-speed wireless Internet-based electronic payment processing, a predetermined card terminal and the OFDMA-based wireless access Modular payment terminal 140 is connected to a wireless terminal having a function to perform high-speed wireless Internet-based electronic payment processing, interlocked payment for performing the electronic payment processing by interworking a predetermined card terminal and an OFDMA-based wireless terminal It is preferable to include at least one terminal 140, the preferred embodiment of the payment terminal 140 will be described in detail with reference to Figures 4a, 4b and 4c.

The payment terminal 140 is connected to a predetermined value added network (VAN) server through a high-speed wireless Internet system including at least one of a predetermined base station 135 and a PAR 130. The server 105 is preferably connected with at least one card company server to perform the electronic payment approval procedure. A preferred embodiment of a communication path between the payment terminal 140 and the VAN server 105 for performing the electronic payment process based on the high speed wireless Internet will be described in detail with reference to FIGS. 3A and 3B.

According to the exemplary embodiment of the present invention, the VAN server 105 may be directly connected to the high-speed wireless Internet through a predetermined dedicated line, and / or connected through the Internet, and the present invention is not limited thereto. No.

2 is a diagram illustrating subscriber information generated and managed in the PAR 130 on the high-speed wireless Internet according to an embodiment of the present invention.

More specifically, FIG. 2 illustrates at least one wireless communication service according to quality of service (QoS) and / or traffic rate for at least one payment terminal 140 accessing the high-speed wireless Internet for a predetermined electronic payment process. It illustrates a preferred implementation method for the desired subscriber information stored and managed in the PAR 130, including the policy to provide.

Referring to FIG. 2, the subscriber information includes predetermined subscriber profile information and at least one service flow information. When the payment terminal 140 accesses the high-speed wireless Internet, the AAA server 110 is provided. Obtained from the, the service flow information is generated by the PAR 130 when a service request via the high-speed wireless Internet in the payment terminal 140.

The subscriber profile item includes a context ID which is a unique identifier between the base station 135 and the PAR 130, IP address information indicating an internet address of the payment terminal 140, and hardware recognition of the payment terminal 140. A Message Authentication Code (MAC) address, which is an address, the number of flows serviced to the payment terminal 140, the current service state of the payment terminal 140, and the service level provided to the payment terminal 140. The number, service class name, subscriber name, address type serviced by the payment terminal 140, and a cell ID of a place where the payment terminal 140 is located, the service flow information is preferably included. Information required for providing at least one service to a given payment terminal 140, wherein the service flow item is uniquely identified between the base station 135 and the PAR 130. Consisting of a web context ID, a flow ID that uniquely identifies a service flow, a service class name, a quality of service (QoS) type, a maximum sustained traffic rate, a maximum traffic burst, a minimum reserved traffic rate, a flow schedule type, and allowed jitter. desirable.

According to the method of the present invention, the subscriber profile information is transmitted to the subscriber (or payment terminal 140) accessing the high speed wireless Internet from the AAA server 110 when the payment terminal 140 accesses the high speed wireless internet. After the authentication is completed, it is preferable to be provided to the PAR 130 from the AAA server 110, and then to the PAR 130 until the service for the subscriber (or payment terminal 140) is released. It is desirable to be managed. In addition, when the payment terminal 140 requests a predetermined service through the high-speed wireless Internet, the PAR 130 is generated based on the service request information, session information and / or connection information, and a new service is requested. It is generated and managed every time, thereby making it possible to provide at least one or more services to the payment terminal 140. When the service for the subscriber (or payment terminal 140) is released and the subscriber profile information is deleted in the PAR 130, the service flow information associated with the subscriber profile information is also deleted.

3A and 3B illustrate communication paths between the payment terminal 140 and the VAN server 105 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIGS. 3A and 3B include a PAR 130 shown in FIG. 2 and use the high-speed wireless Internet system shown in FIG. 1 as a predetermined payment network for payment for high-speed wireless Internet-based electronic payment processing. The preferred embodiment of the communication path between the terminal 140 and the VAN server 105, specifically, Figure 3a is a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system FIG. 3B illustrates a communication path passing through, and FIG. 3B illustrates a communication path not passing through a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system. Those skilled in the art to which the present invention pertains may refer to the communication paths illustrated in FIGS. 3A and 3B, and the high-speed wireless Internet-based electronic payment processing may be performed without violating the core technical matters of the present invention. Various implementation methods for the communication path between the payment terminal 140 and the VAN server 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 3A illustrating a communication path via a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system, the payment terminal 140 may include a predetermined base station 135 and a PAR. 130 is shown as connecting the communication path with the VAN server 105 through the relay server 300 provided on the operator network 100, the communication path is passed through the operator network 100 It is preferable to via at least one router and / or gateway in the. Accordingly, the payment processing related data (or payment approval request specialized data) transmitted from the payment terminal 140 is transmitted to the VAN server 105 through the base station 135, the PAR 130, and the relay server 300. The payment processing result data (or payment approval data) transmitted from the VAN server 105 is received to the payment terminal 140 through the relay server 300, the PAR 130, and the base station 135. It is desirable to be.

According to an embodiment of the present invention, the data transmitted and received between the payment terminal 140 and the VAN server 105 for the high-speed wireless Internet-based electronic payment processing must include a high degree of security. The communication path is preferably via a predetermined relay server 300 that processes data transmission and reception requiring high security on the high-speed wireless Internet, and the relay server 300 is configured to authenticate the terminal on the high-speed wireless Internet. And / or an AAA server 110 for performing user authentication and / or charging, and / or a firewall server (not shown), and / or an HA 120 server and / or NMS for managing and maintaining the high speed wireless Internet. Implemented in a secure server (not shown) that is included and provided, and / or defined to transmit and receive data for maintaining high security over the high speed wireless Internet. It is preferable.

Referring to FIG. 3B, which illustrates a communication path not passing through a predetermined relay server 300 provided in the operator network 100 of the high-speed wireless Internet system, the payment terminal 140 is connected to a predetermined base station 135. It is shown as connecting a communication path with the VAN server 105 via a PAR 130, the communication path is preferably via at least one router and / or gateway in the course of passing through the operator network 100. Do. Accordingly, payment processing related data (or payment approval request specialized data) transmitted from the payment terminal 140 is transmitted to the VAN server 105 through the base station 135 and the PAR 130, and the VAN server. The payment processing result data (or payment approval specialized data) transmitted from 105 is preferably received by the payment terminal 140 through the PAR 130 and the base station 135.

According to an embodiment of the present invention, the high-speed wireless Internet system to provide a high security for data transmitted and received between the payment terminal 140 and the VAN server 105 in the communication path as shown in Figure 3b (Or at least one server (or device) provided on the high-speed wireless Internet) periodically monitors at least one or more network components (eg, routers) constituting the communication path, thereby allowing the payment terminal 140 and the VAN. It is desirable to maintain a high degree of security for the communication path connecting the server 105.

According to another exemplary embodiment of the present invention, in the communication path as shown in FIG. 3B, only an end-to-end security system between the payment terminal 140 and the VAN server 105 may be used for the communication path. If high security is provided, the high speed wireless Internet system (or at least one server (or device) provided on the high speed wireless Internet) periodically monitors at least one or more network components constituting the communication path. The function may be omitted, and the present invention is not limited thereby.

According to the present invention, the VAN server 105 that connects the payment terminal 140 on the high-speed wireless Internet and the communication path as shown in Figs. 3a and / or 3b is provided in the operator network 100 of the high-speed wireless internet. A predetermined network connection device (eg, a router connecting the operator network 100 and an external network (or a server or a device)) and the Internet and / or a leased line based on Transmission Control Protocol / Internet Protocol (TCP / IP). It is characterized in that the present invention is not limited thereby.

4A, 4B, and 4C are diagrams showing a preferred functional configuration of a payment terminal 140 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

4a, 4b, and 4c show the preferred functional configuration of the payment terminal 140 for providing the electronic payment processing using the high-speed wireless Internet system shown in FIG. FIG. 4 illustrates a preferred functional configuration of the integrated payment terminal 140 in which the OFDMA-based wireless access function is embedded in a predetermined card terminal to perform high-speed wireless Internet-based electronic payment processing. FIG. 4B illustrates a predetermined card terminal 475. ) And the payment terminal 140 having the OFDMA-based wireless access function is connected to the preferred functional configuration of the modular payment terminal 140 to perform the high-speed wireless Internet-based electronic payment processing, Figure 4c Card terminal end 475 and the OFDMA-based wireless terminal end 480 of the interlocking payment terminal 140 to perform the electronic payment process is preferred It shows the twill configuration. Those skilled in the art to which the present invention pertains, various embodiments of the payment terminal 140 for providing the high-speed wireless Internet-based electronic payment processing with reference to Figures 4a, 4b and 4c of the drawings. It can be easily inferred, whereby the present invention is not limited.

Referring to FIG. 4A illustrating a functional configuration of an integrated payment terminal 140 having a built-in OFDMA-based wireless access function in a predetermined card terminal and performing a high-speed wireless Internet-based electronic payment process, the payment terminal 140 may be configured as described above. Control unit 435, card interface 400, security application module 415, memory unit 465 and screen output for realizing the function defined in the payment terminal 140 (for example, high-speed wireless Internet-based electronic payment processing function) Required to perform the functions defined in the unit 405, the key input unit 410, the printing unit 420, the wireless processing unit 470, and the payment terminal 140 (for example, a high-speed wireless Internet-based electronic payment processing function). It is provided with a power supply unit 430 for supplying power to the payment terminal 140.

The control unit 435 controls the overall operation of the payment terminal 140, manages the flow of information or data between each component, and is provided in the payment terminal 140 for high-speed wireless Internet-based electronic payment processing A functional configuration comprising controlling and managing at least one component, wherein at least one processor and at least one memory loading data including a central processing unit (CPU) / micro processing unit (MPU) are loaded in hardware Execution memory (for example, register and / or random access memory (RAM)) and a bus (BUS) for inputting and outputting at least one or more data to the processor and the memory, characterized in that the software and the payment terminal ( To a predetermined recording medium in order to perform a function (e.g., electronic payment processing) It includes a predetermined program routine (Routine) and / or program data that is loaded into the execution memory and processed by the processor (thus, provided in the payment terminal 140 for high-speed wireless Internet-based electronic payment processing) The control unit 435 shows a predetermined program recorded on a recording medium and / or a component that can be processed in software among the functional configurations provided in the payment terminal 140 for high-speed wireless Internet-based electronic payment processing. It is characterized by consisting of).

The card interface 400 may provide an interface for reading predetermined payment means information for electronic payment processing from a medium (eg, MS card and / or IC card and / or IC chip) having at least one payment means. The information or data read out from a predetermined user-owned medium through the card interface is input to the controller 435.

According to an embodiment of the present invention, the card interface 400 may be configured to provide an interface for an MS card based on an ISO / IEC 7810 standard, and / or a contact IC card based on an ISO / IEC 7816 standard. And at least one contact IC interface providing an interface to the contactless IC card and / or a contact IC interface based on the ISO / IEC 14443 standard.

The MS interface is a card interface 400 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil, and includes predetermined information (eg, magnetized binary ( When the MS card on which the data is recorded is moved in close contact with the magnetic head (or the magnetic head moves in close contact with the MS card in which predetermined information is recorded), a predetermined electrical signal is applied to the magnetic head. It is characterized in that the predetermined information or data is read from at least one or more tracks provided in the MS of the MS card by using the loaded device.

The contact IC interface is a card interface 400 based on ISO / IEC 7816. The contact IC interface includes at least one contact point for making electrical contact with a chip on board (COB) provided in a contact IC card. It supplies power to the IC chip of the IC card through the contact point, and the predetermined information or from the IC chip through the transaction of the half-duplex (HA 120 lf Duplex) method using an APDU (Application Protocol Data Unit) The data is read out.

The contactless IC interface is a card interface 400 based on ISO / IEC 14443, and includes at least one contactless electrical contact with the contactless IC card by using capacitive coupling and / or inductive coupling. The antenna includes an antenna, and supplies power to the IC chip of the IC card through the antenna, and reads predetermined information or data from the IC chip through a non-contact half-duplex (HA 120 lf Duplex) transaction. It is characterized by.

The card terminal security application module (415) (Secure Application Module (SAM)) is a confidentiality (confidentiality) required in the process of the payment terminal 140 performs the electronic payment and / or electronic payment using the payment means provided in the medium And / or security requirements including authentication and / or integrity and / or nonrepudiation, etc. without using an authentication server (or payment server) on the network. As a safety device for performing a safe and reliable structure within, a predetermined message that is processed in the process of the payment terminal 140 performs a predetermined security request function (for example, electronic payment and / or electronic payment function) ( Information or data), adding an authenticator that prevents forgery (or tampering) of the message, or performing the security request function. The ability to store key information document important features to perform.

In general, the security application module 415 is preferably composed of a predetermined security application module inserter and a security application module chip, the security application module chip is a chip containing at least 8-bit CPU or more, more than 2 MIPS (Million Instructions Per Second) It is preferable to include an application specific integrated circuit (ASIC) chip (for example, a PLCC 44-pin chip) and / or an IC chip (for example, an IC card in the form of a subscriber identity module).

In addition, the security application module 415 is at least one or more security application data (eg, at least one identifier, version, expiration date, issue date, code value, etc.) required for the payment terminal 140 to perform a predetermined security request function ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, privilege acquisition protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / delete / discard / initialization) / Reprocess / cancel command).

According to an embodiment of the present invention, the security application module 415 encrypts and / or decrypts predetermined payment processing related data (or payment approval request specialized data) and / or payment processing result data (or payment approval specialized data). Preferably at least one key value is provided.

The memory unit 465 inputs when a predetermined program routine (or code) and / or program data (eg, program routine (or code)) for controlling the overall operation of the payment terminal 140 is performed. Or a general term of non-volatile memory for storing at least one output information or data), which is hardware-based electrically erasable and programmable read only memory (EEPROM) and / or flash memory (FM) and / or HDD (HA 120). and at least one or more storage means including; rd Disk Drive).

The screen output unit 405 is at least one or more information (or data) defined to be exposed to the user in the process of performing a function (eg, high-speed wireless Internet-based electronic payment processing function) defined in the payment terminal 140 And at least one output device including a liquid crystal display (LCD) and / or a cathode ray tube (CRT), and a driver for managing the output device and interworking with the control unit 435. It is preferable to make it.

The key input unit 410 selects at least one or more information (or data) defined to be input from a user in the process of performing a function defined in the payment terminal 140 (for example, a high-speed wireless Internet-based electronic payment processing function). Characterized in that in the form of key data, and comprises at least one input device including a keypad and / or keyboard, and a driver for managing the input device and interworking with the control unit 435. .

The printing unit 420 performs a process (eg, a high speed wireless Internet-based electronic payment processing function) defined in the payment terminal 140 and / or predetermined information or data generated as a result (eg, payment) Process receipt) by printing (or outputting) through a predetermined printing device 425 (eg, a receipt printing machine), and printing the print information or data in accordance with a predefined printing form. It includes a print protocol and a driver for printing through).

The wireless processor 470 is a network component of the high-speed wireless Internet system (for example, the base station 135, in order to perform a function defined in the payment terminal 140 (for example, high-speed wireless Internet-based electronic payment processing function)), PAR 130, AAA server 110, HA (120 server, NMS, etc.) in conjunction with the payment terminal 140 is characterized in that the wireless connection to the high-speed wireless Internet, and also through the high-speed wireless Internet VAN server 105 connected to the high-speed wireless Internet and a TCP / IP-based network and / or a dedicated line 305 to perform a function defined in the payment terminal 140 (for example, high-speed wireless Internet-based electronic payment processing function). ) And a high-speed wireless Internet-based communication channel, and traffic for performing a function (eg, high-speed wireless Internet-based electronic payment processing function) defined in the payment terminal 140 through the communication channel. Characterized in that for production. A preferred embodiment of the wireless processing unit 470 will be described in detail with reference to FIG.

According to the present invention, the wireless processing unit 470 is a media control layer (MAC) and a physical layer corresponding to a lower layer on a communication protocol stack defined between the payment terminal 140 and the base station 135 on the high-speed wireless Internet. Perform communication processing for the (PHY).

A functional configuration of the modular payment terminal 140 is connected to a predetermined card terminal 475 and the payment terminal 140 having the OFDMA-based wireless access function to perform a high-speed wireless Internet-based electronic payment processing. FIG. 4B shows the control unit 435, the card interface 400, the security application module 415, the memory unit 465, the screen output unit 405, the key input unit 410, and the printing unit 420 illustrated in FIG. 4A. And predetermined transaction data (eg, payment means information read from a customer-owned medium) for realizing a function defined in the payment terminal 140 (eg, a high-speed wireless Internet-based electronic payment processing function) through the power supply unit 430. A card terminal stage 475 for generating payment processing related data (or payment approval request specialized data) defined to request high-speed wireless Internet-based electronic payment processing, and a transaction generated by the card terminal stage 475. place To the emitter via the high-speed wireless Internet access system comprising a wireless terminal end (480) which corresponds to a communication module for transmitting and receiving with the VAN server 105 it is characterized.

In FIG. 4B, the control unit 435, the card interface 400, the security application module 415, the memory unit 465, the screen output unit 405, and the key input unit constituting the card terminal 475 are shown. The basic functions of the 410, the printing unit 420, and the power supply unit 430 are the same as those described with reference to the payment terminal 140 of FIG. 4A, and the wireless processing unit configuring the wireless terminal end 480 is also described above. As shown and described in the payment terminal 140 of FIG.

Referring to FIG. 4B, the card terminal 475 transmits predetermined transaction data for realizing a function defined in the payment terminal 140 (eg, a high-speed wireless Internet-based electronic payment processing function). And a predetermined card terminal end interface 485 for interfacing and exchanging with 480.

According to the exemplary embodiment of the present invention, the card terminal end 475 may transmit predetermined transaction data (eg, a customer-owned medium) generated inside the card terminal end 475 through the card terminal end side interface 485. Or provide payment processing related data (or payment approval request specialized data) defined to request high-speed wireless Internet-based electronic payment processing, including payment method information read from the mobile terminal 480, and; And / or the VAN server 105 in response to predetermined transaction data (eg, the payment processing related data (or payment approval request specialized data)) from the wireless terminal 480 through the card terminal end interface 485. (Or payment processing result data (or payment approval specialized data) received from the card company server) is preferably provided by interfacing.

According to one embodiment of the invention, the card terminal end interface 485 is a wired communication interface including at least one or more, such as USB or RS-232c or RS-485, and / or Infrared Ray communication, RF A near field communication interface including at least one or more of Radio Frequency communication, Bluetooth, Wi-Fi, Ultra Wide Band system (UWB), and / or a Personal Computer Memory Card International Association (PCMCIA). It is preferred to include at least one or more interface means of at least one or more mating interfaces to include.

Referring to FIG. 4B, the wireless terminal end 480 includes a predetermined wireless terminal end 480 side interface that matches the card terminal end interface 485 provided in the card terminal end 475, and A control unit 491, a memory unit 493, and the wireless terminal 480 defined for realizing a function defined in the wireless terminal 480 (eg, a communication module function for high-speed wireless Internet-based electronic payment processing). And a power supply unit 494 for supplying power required to perform a function (eg, a communication module function for high-speed wireless Internet-based electronic payment processing).

The controller 491 of the wireless terminal 480 may include at least one or more processors including CPU / MPU in hardware and at least one or more program codes and / or data for realizing functions defined in the wireless terminal 480. Is loaded, and a bus (BUS) for inputting and outputting predetermined data to the processor and / or memory.

The memory unit 493 of the wireless terminal 480 is a generic term for storage means for storing a predetermined program routine (or code) and / or program data for controlling the overall operation of the wireless terminal 480. And a read only memory (ROM), a read / write flash memory (FM), an electrically erasable and programmable read only memory (EEPROM), and the like.

Those skilled in the art (e.g., device characteristics of the wireless terminal 480) (e.g., device characteristics in which the wireless terminal 480 is implemented by an external wireless modem, or the wireless terminal) If the stage 480 is aware of device characteristics implemented in the form of a PCMCIA card), since the functional configurations of the controller 491 and the memory unit 493 of the wireless terminal 480 will be clearly understood, a detailed description thereof will be given. Is omitted for convenience.

4c illustrates a functional configuration of a linked payment terminal 140 in which a predetermined card terminal 475 and the OFDMA-based wireless terminal 480 interoperate with each other to perform an electronic payment process. And a card interface, a security application module, a memory unit, a screen output unit, a key input unit, a printing unit, and a power supply unit, to realize a function defined in the payment terminal 140 (for example, a high-speed wireless Internet-based electronic payment processing function). Card terminal end generating transaction data (e.g., payment processing related data (or payment approval request specialized data) defined to request high-speed wireless Internet-based electronic payment processing, including payment method information read from a customer-owned medium) 475 and a transaction for transmitting / receiving the transaction data generated at the card terminal 475 to the VAN server 105 through the high-speed wireless Internet system. Including a wireless terminal end (480) that corresponds to the module, characterized in that formed.

In FIG. 4C, basic functions of the control unit, card interface, security application module, memory unit, screen output unit, key input unit, printing unit, and power supply unit constituting the card terminal unit 475 are settled in FIG. 4A. As described with reference to the terminal 140, the wireless processing unit constituting the wireless terminal 480 is also the same as described with reference to the payment terminal 140 of FIG.

Referring to FIG. 4C, the card terminal 475 is provided with predetermined transaction data for realizing a function defined in the payment terminal 140 (for example, high-speed wireless Internet-based electronic payment processing function) as shown in FIG. 4B. It is characterized in that it further comprises a predetermined card terminal end interface 485 for interfacing and exchange with the wireless terminal end 480, as described in detail with reference to Figure 4b.

Referring to FIG. 4C, the wireless terminal end 480 includes a predetermined wireless terminal end interface 490 that matches the card terminal end interface 485 provided in the card terminal end 475, and Functions defined in the wireless terminal 480 (eg, at least one or more service providing functions provided by the wireless terminal 480 in association with the high-speed wireless Internet as independent wireless terminals, and / or the card terminal 475). And a controller 491, a memory unit 493, a screen output unit 495, a key input unit 496, a sound processing unit 497, and the above, for realizing a communication module function for high-speed wireless Internet-based electronic payment processing. And a power supply unit 494 for supplying predetermined power to the wireless terminal end 480. The basic features of the controller 491 and the memory unit 493 are the same as those described with reference to FIG. 4B.

The screen output unit 495 of the wireless terminal 480 operates in conjunction with the control unit 491 to generate key data generated through a predetermined key input unit 496 and a predetermined function provided in the wireless terminal 480. Outputting a predetermined screen according to a predefined rule to a variety of information and / or signals and / or content (e.g. text content, image content, and / or multimedia content) extracted and / or generated and / or received in the process of performing And outputting to a device (for example, a liquid crystal display (LCD) and / or a cathode ray tube (CRT)), and at least one output device for managing the output device and managing the output device. It is preferable to include a driver that cooperates with 491.

The key input unit 496 of the wireless terminal 480 includes at least one of a predetermined number key and / or a character key (CHA 120) and / or a function key. Detects information (or signal) input from a predetermined keypad including a key button, and controls a specific input mode and / or of the wireless terminal 480 controlled by the controller 491. When predetermined information (or a signal) is input from a predetermined key button provided in the keypad in the operation mode, a key event corresponding to the input information (or signal) is generated, and the generated key event is controlled by the controller ( 491), and at least one input device for this purpose, and a driver for managing the input device and interworking with the controller 491.

The sound processor 497 of the wireless terminal 480 is provided to the wireless terminal 480 in the process of performing a function defined in the wireless terminal 480 (for example, wireless connection and / or transmitting and receiving information). Encodes a predetermined sound signal input from the supplied microphone to provide to the controller 491, or decodes a predetermined sound signal extracted and / or generated by the controller 491 and outputs the same through a speaker. For this, a predetermined vocoder and a codec are provided in the sound processor.

4A, 4B, and 4C, the payment terminal 140 may include a payment means reading unit 440 that reads predetermined payment means information from at least one customer-owned medium through the card interface; An information input unit 445 for receiving predetermined payment information (e.g., a payment amount) from an input device (e.g., a key input device corresponding to the key input unit or a POS device), and the payment means information and payment information. Encrypts the data generation unit 450 for generating predetermined payment processing related data (or payment approval request specialized data), and the generated payment processing related data (or payment approval request specialized data), and / or the An encryption processing unit 455 which decrypts payment processing result data (or payment approval specialized data) corresponding to payment processing related data (or payment approval request specialized data); Process the detailed payment processing related data (or payment approval request specialized data) into a protocol stack that can be transmitted through the wireless processing unit 470, and / or the payment processing from the protocol stack received through the wireless processing unit 470. And a communication processing unit 460 for reading payment processing result data (or payment approval specialized data) corresponding to the related data (or payment approval request specialized data).

The payment means reader 440 may be linked with a card reader device corresponding to the card interface 400 provided in the payment terminal 140 and / or at least one driver for driving the card reader device. Through the payment terminal 140, the predetermined payment means information for performing the electronic payment processing from the customer owned medium having at least one payment means through the through, characterized in that the payment means reading unit 440 Payment means information read by) is provided to the data generation unit 450.

According to an embodiment of the present invention, the payment means read out from the customer-owned medium through the payment means reader 440 may include a credit card, a debit card, a check card, and a prepaid payment. It is preferable that the card comprises at least one of a card (Prepaid Card), an electronic wallet (Electronic Wallet), an electronic bankbook (Electronic Bankbook), a financial common network.

The information input unit 445 includes a payment amount from at least one input device including a key input device corresponding to the key input unit 410 and / or a POS device for extracting predetermined payment related information from payment target product information. Characterized in that the predetermined payment information is received, the payment information input by the information input unit is provided to the data generation unit 450.

The data generation unit 450 may include predetermined payment processing related data (or payment approval request) including payment means information read by the payment means reader 440 and payment information input through the information input unit 445. Specialized data), and the payment processing related data (or payment approval request specialized data) is provided to the encryption processing unit 455.

The encryption processing unit 455 encrypts the payment processing related data (or payment approval request specialized data) according to a predetermined encryption protocol defined so that the VAN server 105 can decrypt the encrypted data. Payment processing related data (or payment approval request specialized data) is provided to the communication processing unit 460. In addition, the encryption processing unit 455 decrypts the predetermined payment processing result data (or payment approval specialized data) restored (or generated) from the communication processing unit 460 when the encrypted data is encrypted. The decrypted payment processing result data (or payment approval specialized data) is provided to the screen output unit 405 and / or the printing unit 420 and output.

The communication processing unit may perform communication processing on upper layers of a medium control layer (MAC) and a physical layer (PHY) defined in the wireless processing unit on the communication protocol stack defined in the payment terminal 140.

According to an embodiment of the present invention, the communication processing unit 460 stores a service data unit (SDU) to be stored in the communication protocol stack and transmitted from the encrypted payment processing related data (or payment approval request specialized data) and And / or generate a Protocol Data Unit (PDU) and store the SDU / PDU in an upper layer of the communication protocol stack, and the protocol stack in which the SDU / PDU is stored as described above is the wireless processor. 470 is preferably provided, and the wireless processing unit 470 includes a media control layer (MAC) and a physical layer (PHY) in a predetermined communication protocol stack in which the SDU / PDU is stored by the communication processing unit 460. Further performs communication processing for the wireless transmission to the base station 135 on the high-speed wireless Internet.

Also, the base station 135 on the high-speed wireless Internet stores an SDU / PDU generated from predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data). After providing a communication protocol stack to the wireless processing unit 470, the wireless processing unit 470 performs a series of communication processing for the media control layer (MAC) and the physical layer (PHY) from the communication protocol stack, Preferably, the remaining higher communication protocol stack is provided to the communication processing unit 460, and the communication processing unit 460 reads the SDU / PDU from the provided communication protocol stack to transmit the payment processing result data (or payment approval specialized data). Restore (or create)

If the restored (or generated) payment processing result data (or payment approval specialized data) is encrypted, the communication processing unit 460 transfers the payment processing result data (or payment approval specialized data) to the encryption processing unit 455. If it is not encrypted, the restored (or generated) payment processing result data (or payment approval data) is provided to the screen output unit and / or the print unit.

In the case of the integrated payment terminal 140 according to the embodiment of the present invention, the payment means reading unit, information input unit, data generation unit, encryption processing unit, and communication processing unit as shown in FIG. Is preferably provided).

In the case of the modular payment terminal 140 according to the embodiment of the present invention, the payment means reading unit 440, the information input unit 445, the data generating unit 450 and the encryption processing unit 455 is As shown in FIG. 4B, the payment terminal 140 is provided at the card terminal 475, and the communication processor 460 is preferably provided at the wireless terminal 480 provided with the wireless processor 470.

In this case, the card terminal 475 transmits the payment processing related data (or payment approval request specialized data) encrypted by the encryption processing unit 455 to the card terminal end interface 485 and the wireless terminal end interface 490. ) Is provided to the wireless terminal 480, and the communication processing unit 460 of the wireless terminal 480 performs a predetermined communication process on the encrypted payment processing related data (or payment approval request specialized data). Perform the transmission through the wireless processing unit.

In addition, when a packet including a predetermined communication protocol stack is received through the wireless processing unit 470, the communication processing unit of the wireless terminal 480 performs a predetermined communication processing procedure to perform the payment processing related data from the packet. Restoring (or generating) payment processing result data (or payment approval specialized data) corresponding to (or payment approval request specialized data), and through the wireless terminal end interface 490 and the card terminal end interface 485. The card terminal 475 is provided.

According to another embodiment of the present invention, the encryption processing unit 455 provided in the card terminal end 475 of the modular payment terminal 140 with respect to the embodiment shown in Figure 4b is the wireless terminal end 480 It may also be transferred to the operation), whereby the present invention is not limited. Alternatively, the communication processing unit 460 provided in the wireless terminal 480 may be transferred to the card terminal 475 to operate according to the method illustrated in FIG. 4B, and thus the present invention is limited. Not.

Alternatively, for the method illustrated in FIG. 4B, the communication processor may be configured to process the uppermost layer of the communication protocol stack in the card terminal 475, and the remaining layer may be processed in the wireless terminal 480. The card terminal 475 and the wireless terminal 480 may be provided separately, and the present invention is not limited thereto.

In the case of the linked payment terminal 140 according to the embodiment of the present invention, the payment means reading unit 440, the information input unit 445, and the data generating unit 450 is the payment terminal as shown in Figure 4c It is preferable that the card terminal 475 of the 140 is provided, and the encryption processing unit 455 and the communication processing unit 460 are provided in the wireless terminal terminal 480 provided with the wireless processing unit 470.

At this time, the card terminal end 475 exchanges the payment processing related data (or payment approval request specialized data) generated by the data generation unit with the card terminal end interface 485 and the wireless terminal end interface 490. Provided to the wireless terminal 480 through, and the encryption processing unit 455 of the wireless terminal 480 encrypts the payment processing-related data (or payment approval request specialized data) provided to the communication processing unit 460 In addition, the communication processing unit 460 performs a predetermined communication process on the encrypted payment processing related data (or payment approval request specialized data) and transmits the same through the wireless processing unit 470.

In addition, when a packet including a predetermined communication protocol stack is received through the wireless processing unit 470, the communication processing unit 470 of the wireless terminal 480 performs a predetermined communication processing procedure to perform the payment from the packet. Restoring (or generating) payment processing result data (or payment approval specialized data) corresponding to processing related data (or payment approval request specialized data); and if the payment processing result data (or payment approval specialized data) is encrypted, It is provided to the encryption processing unit, and / or to the card terminal end 475 through the wireless terminal end side interface 490 and the card terminal end side interface 485.

According to another exemplary embodiment of the present invention, the data generation unit provided in the card terminal 475 of the linked payment terminal 140 is transferred to the wireless terminal 480 with respect to the embodiment shown in FIG. 4C. The present invention is not limited thereto.

Alternatively, the encryption processing unit 455 provided in the wireless terminal end 480 may be transferred to the card terminal end 475 to operate the method shown in FIG. 4C, and thus the present invention is limited. Not.

5A, 5B, and 5C illustrate a preferred structure of a communication protocol stack of a payment terminal 140 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

5A, 5B, and 5C show the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing shown in FIGS. 4A, 4B, and 4C. As a preferred embodiment of the preferred structure of the protocol stack that is processed communication based on the wireless Internet, specifically Figure 5a illustrates a preferred communication protocol stack for the integrated payment terminal 140, such as Figure 4a, Figure 5b 4b illustrates a preferred communication protocol stack for a modular payment terminal 140 as shown in FIG. 4b, and FIG. 5c illustrates a preferred communication protocol stack for a linked payment terminal 140 as shown in FIG. 4c. Those skilled in the art to which the present invention pertains, for the high-speed wireless Internet-based electronic payment processing in a range that does not violate the core technical matters of the present invention with reference to the drawings 5a, 5b and 5c. Various implementation methods of the communication protocol stack provided in the payment terminal 140 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 5A, which illustrates a preferred communication protocol stack for the integrated payment terminal 140, the communication processing unit provided in the integrated payment terminal 140 may include the encrypted payment processing related data (or payment approval request specialized data). Generates a predetermined SDU / PDU, performs a communication protocol processing procedure for storing the generated predetermined SDU / PDU in an upper layer on the communication protocol stack defined in the payment terminal 140, and controls the medium of the wireless processing unit Create a predetermined communication protocol stack that can be processed at the layer MAC.

According to an embodiment of the present invention, the communication processor may further include passing through a Secure Sockets Layer (SSL) layer in the process of generating the communication protocol stack, and / or providing the high speed wireless Internet service. It is possible to further pass through a layer that supports at least one or more protocols defined in the high-speed wireless Internet, for which the present invention is not limited.

The protocol stack communicated through the communication processor is transmitted from the wireless processor provided in the integrated payment terminal 140 to the base station 135 on the high-speed wireless Internet through a media control layer and a physical layer.

The medium control layer (MAC) preferably includes a privacy sublayer, a MAC common PAR 130t sublayer, and a service specific convergence sublayer L23. Do.

According to an embodiment of the present invention, the privacy sub-layer performs device authentication, security key exchange, and encryption functions, wherein the privacy sub-layer performs only authentication for the device, and user authentication is performed at an upper layer of the MAC. desirable. In addition, the MAC common sub-layer is an essential part of the MAC layer, and is preferably responsible for system access, bandwidth allocation, traffic connection establishment and maintenance, and quality of service (QoS) management. In addition, the service specific aggregation sublayer is preferably responsible for payload header suppression and quality of service (QoS) mapping functions in continuous data communication.

Referring to the IEEE 802.16 series standard, the high-speed wireless Internet system defines an encryption function for traffic data in order to provide a stable wireless communication service, which is required before a predetermined traffic connection establishment procedure for encrypting the traffic data. It defines how to generate and distribute traffic encryption keys for traffic connections. Specifically, the payment terminal 140 and the base station 135, for generating and distributing the traffic encryption key, a PKM-REQ (Privacy Key Managment-Request) message and a PKM-RSP (Privacy Key Managment-Response) Message, the payment terminal 140 requests a traffic encryption key assignment by transmitting a key request message, which is an internal message of one of the PKM-REQ messages, to the base station 135, and the base station 135 ) Sends a response to the terminal. Specifically, the base station 135 transmits a key reply message to the terminal when the traffic encryption key assignment is successful, and transmits a key reject message to the terminal when the traffic encryption key assignment is successful. By using the traffic encryption key assigned through the traffic encryption key assignment procedure, the payment terminal 140 and the base station 135 can encrypt and transmit all traffic data. However, as described above, the encryption traffic is defined in the wireless section between the payment terminal 140 and the base station 135 through the generation and distribution of the encryption key, whereby the payment terminal 140 at the VAN server. High security up to 105 is not secured, and high security is secured between the payment terminal 140 and the VAN server 105 only by the end-to-end encryption processing function according to the present invention.

The physical layer (PHY) is responsible for a wireless communication function performed in a normal physical layer, such as modulation and demodulation and coding, a preferred embodiment thereof will be described in detail with reference to FIG.

Referring to FIG. 5B, which illustrates a preferred communication protocol stack for the modular payment terminal 140, the communication processing unit provided in the wireless terminal end 480 of the modular payment terminal 140 is the modular payment terminal 140. Generates a predetermined SDU / PDU from the encrypted payment processing-related data (or payment approval request specialized data) provided from the card terminal 475 of the card) and transmits the generated SDU / PDU to the payment terminal 140. A communication protocol processing procedure stored in an upper layer on the communication protocol stack defined in FIG. 3 is performed, and a predetermined communication protocol stack that can be processed in the medium control layer (MAC) of the radio processor is generated.

In addition, the protocol stack communicated through the communication processor is a base station on the high-speed wireless Internet by passing through a media control layer and a physical layer in the wireless processor provided in the wireless terminal 480 of the modular payment terminal 140. And the technical characteristics of the medium control layer and the physical layer are as described with reference to FIG. 5A.

Referring to FIG. 5C, which illustrates a preferred communication protocol stack for the linked payment terminal 140, the communication processor included in the wireless terminal 480 of the linked payment terminal 140 may be connected to the linked payment terminal 140. Encrypts the payment processing related data (or payment approval request specialized data) provided from the card terminal 475 of the card), and generates a predetermined SDU / PDU from the encrypted payment processing related data (or payment approval request specialized data). And a communication protocol processing procedure for storing the generated predetermined SDU / PDU in an upper layer on a communication protocol stack defined in the payment terminal 140, and may be processed by a media control layer (MAC) of the wireless processing unit. Create a given communication protocol stack.

In addition, the protocol stack communicated through the communication processor is a base station on the high-speed wireless Internet by passing through a media control layer and a physical layer in the wireless processor provided in the wireless terminal 480 of the linked payment terminal 140. And the technical characteristics of the medium control layer and the physical layer are as described with reference to FIG. 5A.

6 is a view showing a preferred structure of the wireless processing unit 470 of the payment terminal 140 according to the embodiment of the present invention.

In more detail, FIG. 6 is a view illustrating a preferred implementation method of a wireless processing unit 470 that wirelessly communicates with the base station 135 in an OFDMA scheme according to IEEE 802.16 series wireless access standard as an end point of a wireless channel in the high-speed wireless Internet system. . However, in the present invention, the wireless processing unit 470 of the payment terminal 140 is not limited to the case of FIG. 6, but does not violate the core of the present invention according to the intention and / or components of the terminal manufacturer. The present invention can be modified within the present invention, and the present invention is not limited thereto.

Referring to FIG. 6, the wireless processor converts an analog baseband signal input from a baseband processor into a 2.3 GHz band signal, which is a carrier band, and transmits the signal. Performs the function of transferring to the processing unit

In addition, the wireless processing unit includes a transmitting and receiving antenna, RF front end (FE), performs the up / down conversion function between the power amplifier function RF signal, FEM (Front End Module) is PA (Power Amplifier), It consists of RFSW (RF SWitch) and LNA (Low Noise Amplifier) FEM to perform transmit / receive mode switching function, power amplifier function of transmit signal, low noise amplifier function of received signal according to control signal, and UPCM (UP Conversion Module) is LPF , I / Q modulator, VGA, RF BPF, which converts baseband signal into RF signal, transmit power control and filtering function, and DNCM (DowN-Conversion Module) uses RF BPF, RF mixer, Comprising a VGA, I / Q demodulator, LPF, the DNCM performs the down-conversion function of the RF signal to the baseband signal, automatic control of the received power gain and filtering.

In addition, since the wireless processor 470 uses a Local Oscillator Module (LOM) consisting of a PLL and an RF VCO and a TDD scheme, the wireless processor 470 includes an ANTM (ANTenna Module) for transmitting and receiving on the same antenna.

7 is a diagram showing the function configuration of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 7 provides an end-to-end encryption processing function with a payment terminal 140 having an encryption function as shown in FIGS. 4A, 4B, and 4C and between the payment terminal 140 and the VAN server 105. As a preferred embodiment of the VAN server 105 for managing and maintaining the high security of the present invention, those skilled in the art to which the present invention pertains, with reference to FIG. 4C and the VAN server 105 providing the end-to-end encryption processing function with encryption functions as shown in FIG. 4C, may be variously modified and thus the present invention is not limited thereto. .

Referring to FIG. 7, the VAN server 105 includes a receiving unit 700 for receiving encrypted payment processing related data (or payment approval request specialized data) transmitted from the payment terminal 140 through high-speed wireless Internet, Decrypt the encrypted payment processing related data (or payment approval request specialized data), and / or the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data). The encryption unit 710 for encryption processing and payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) are transmitted to the payment server through the high-speed wireless Internet. It characterized in that it comprises a transmission unit 705.

According to an exemplary embodiment of the present invention, the VAN server 105 reads the decrypted payment processing related data (or payment approval request specialized data) to a predetermined card company server that approves the payment request. Provide relevant data (or payment approval request specialized data), and receive predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) from the card company server It is preferable that the payment processing unit 715 be provided.

In the encryption unit 710, a decryption method for the encrypted payment processing related data (or payment approval request specialized data) is performed by the encryption processing unit of the payment terminal 140 (or payment approval request full text). Characterized in that it is performed according to a decryption procedure corresponding to a method of encrypting the data), and / or the payment processing result data (or payment approval) corresponding to the payment processing related data (or payment approval request specialized data). Specialized data) is performed according to an encryption procedure that can be decrypted by the encryption processing unit of the payment terminal 140, thereby increasing the altitude between the payment terminal 140 and the VAN server 105. End-to-end functionality is provided to manage and maintain security.

According to an embodiment of the present invention, the VAN server is preferably provided with a predetermined server-side security application module (not shown) interoperating with the encryption unit 710, the security application module is a predetermined payment processing related data At least one key value for encrypting and / or decrypting (or payment approval request data) and / or payment processing result data (or payment approval data) is preferably provided.

Hereinafter, the technical features of the present invention will be described through a preferred embodiment for processing a high-speed wireless Internet-based electronic payment that performs a symmetric key (or secret key) encryption and / or decryption procedure.

8 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 8 is connected to the high-speed wireless Internet from a payment terminal 140 equipped with encryption functions as shown in FIGS. 4A, 4B, and 4C, and when the electronic payment process is performed by the payment terminal 140, a payment process. The VAN server receiving the payment terminal 140 and the payment processing related data (or payment approval request specialized data) by encrypting and transmitting related data (or payment approval request specialized data) using a symmetric key (or secret key) method. As a preferred embodiment of the electronic payment processing method for providing a high-speed wireless Internet-based end-to-end security between the 105, those skilled in the art to which the present invention pertains, The VAN server 105 and the portable interface through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from essential technical matters of the present invention. Based end-to-end will be able to easily derive various electronic settlement method for providing security, and to which the present invention is not limited.

Referring to FIG. 8, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 interworking with a function of wirelessly connecting to a predetermined high-speed wireless Internet) is provided. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging, and an initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed (800). ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying authentication and service authority of the payment terminal 140 is performed from step 805.

According to an embodiment of the present invention, the preferred authentication procedure for verifying the authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR ( In step 130, a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) provided from the base station 135 is provided to the AAA server 110 on the high-speed wireless Internet. The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs a process of allocating and registering a predetermined IP address with respect to the payment terminal 140 (810).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Therefore, the payment terminal 140 periodically monitors an internal resource (eg, a resource for initiating the electronic payment process at the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment process is started (815). If the high-speed wireless Internet-based electronic payment processing is started (820), the payment terminal 140 receives predetermined payment information from a predetermined input device for electronic payment processing, and the customer-owned medium from the card reader device. The predetermined payment means information for the electronic payment processing is read from the MS (eg, MS card, IC card, IC chip, etc.) (825).

When payment information for electronic payment processing is input as described above and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 includes predetermined payment processing related data including the payment information and payment means information. (Or payment approval request text data) (or payment request text for electronic payment processing) is generated (830), and the payment processing related data (or payment approval request text data) is converted into a symmetric key ( Or a secret key) method (835), and the VAN server 105 based on the communication protocol stack structure defined in the high-speed wireless Internet, and encrypts the encrypted payment processing related data (or payment approval request specialized data). 840, which is described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The provided medium control layer and the medium control layer provided in the base station 135 connected to the payment terminal 140 are mapped between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 845, the base station 135 on the high-speed wireless Internet and the PAR 130 interwork with each other to search for a payment processing service profile for the payment terminal 140 (850).

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. The subscriber profile is searched for through the registration information of the payment terminal 140 included in the received CREG_req message, and the acceptance of the registration of the subscriber is determined, and the result is included in the CREG_rsp message and transmitted to the base station 135. .

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and processing the negotiation values and the payment Whether or not to accept the request for establishing the traffic connection is included in the DSA_rsp message and transmitted to the base station 135.

Subsequently, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to establish the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the payment processing service flow information is registered.

If a predetermined payment processing service profile is not retrieved from the PAR 130 (eg, if a traffic connection for payment processing is first attempted after booting the system of the payment terminal 140) (855), the high-speed wireless The PAR 130 on the Internet performs a change and / or registration and / or an additional procedure for the payment processing service profile (860).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, an electronic payment processing has been previously performed through a high-speed wireless Internet, and a service flow profile for payment processing has been previously generated) (855), or When a change and / or registration and / or an additional procedure for the payment processing service profile is performed (860), the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), which is transmitted to the base station 135 by the PAR 130. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. To 865, a communication path for transmitting the encrypted payment process related data (or the payment authorization request specialized data) is as shown in the figure 3a, or figure 3b.

9 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a symmetric key (or secret key) method according to an embodiment of the present invention.

In more detail, FIG. 9 illustrates a symmetric key (or secret key) of the payment processing related data (or payment approval request specialized data) in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. As a method for encrypting and transmitting in a manner, the symmetric key (or secret key) for encryption is secured in the payment terminal 140 (or card terminal 475 of the payment terminal 140). It is preferable to read from the application module 415 (SAM).

Referring to FIG. 9, when the data generation unit 450 of the payment terminal 140 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. The encryption processing unit 455 is provided with this (900), and a predetermined symmetric key (or secret key) for encrypting the payment processing related data (or payment approval request specialized data) from the security application module 415 In operation 905, the payment processing related data (or payment approval request specialized data) is encrypted using the extracted symmetric key (or secret key) (910).

When the payment processing related data (or payment approval request specialized data) is encrypted through the symmetric key (or secret key) as described above, the communication processing unit 460 sends the encrypted payment processing related data (or payment approval request specialized data). At least one SDU / PDU is generated from and stored in an upper layer on the communication protocol stack (915), and the wireless processing unit is a medium control layer defined between the wireless processing unit 470 and the base station 135 with respect to the communication protocol stack. By performing a communication process corresponding to the physical layer and the physical layer (920), the packet corresponding to the encrypted payment processing related data (or payment approval request specialized data) through the network component on the high-speed wireless Internet through the VAN server Transmit to 105.

10 is a diagram illustrating a payment processing process of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to the embodiment of the present invention.

In more detail, FIG. 10 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing-related data (or payment approval request specialized data) encrypted through an encryption process as shown in FIG. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided in the intention of the person skilled in the art and / or each of the above VAN operators within the scope not to violate the core technical matters of the present invention with reference to this figure 10 Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 10, payment processing related data (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the encryption procedure as shown in FIG. 9 from the payment terminal 140 to the VAN server 105. When the professional data is received through the communication path as shown in FIG. 3a or 3b (1000), the VAN server 105 converts the received payment processing related data (or payment approval request expert data) into a symmetric key (or secret). By decryption processing in a key) method 1005, end-to-end security for the payment terminal 140 and the VAN server 105 is secured. A detailed procedure thereof will be described in detail with reference to FIG. 11.

If the payment processing related data (or payment approval request specialized data) is not decrypted (1010), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. In operation 1015, the payment terminal 140 transmits the payment to the payment terminal 140.

On the other hand, if the payment processing related data (or payment approval request specialized data) is decrypted (1010), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading the payment means information, and performs the electronic payment process in connection with a predetermined card company server and / or bank server (1020), and the payment processing related data (or payment approval request specialized data from the card company server and / or bank server) A predetermined payment processing result data (or payment approval specialized data) corresponding to the call is received (1025).

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (1030), the VAN server ( 105 encrypts the payment processing result data (or payment approval specialized data) in a symmetric key (or secret key) method (1035), and encrypts the encrypted payment processing result data (or payment approval specialized data) in FIG. 3A or FIG. To transmit to the payment terminal 140, such as Figures 4a, 4b and 4c through the communication path as shown in Figure 3b (1040), a detailed procedure thereof will be described in detail with reference to Figure 12.

FIG. 11 is a diagram illustrating a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received at a VAN server 105 by a symmetric key (or secret key) method according to an embodiment of the present invention. .

In more detail, in FIG. 11, the payment processing-related data received by being encrypted from the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C in the VAN server 105 as shown in FIG. Alternatively, the present invention relates to a method of decrypting a payment approval request specialized data by a symmetric key (or secret key) method, wherein the symmetric key (or secret key) is a card of the payment terminal 140 (or a payment terminal 140). It is preferable to read from the security application module provided in the VAN server 105 corresponding to the security application module (SAM) provided in the terminal end (475).

Referring to FIG. 11, the receiving unit 700 of the VAN server 105 is encrypted payment processing-related data (or encrypted) from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or leased line Receiving a packet corresponding to a communication protocol stack including payment approval request specialized data) and restoring (or generating) payment processing related data (or payment approval request specialized data) encrypted and transmitted from the payment terminal 140; 1100, the encryption unit 710 is a predetermined symmetric key (or secret key) for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module provided in the VAN server 105 ), And decrypts the encrypted payment processing related data (or payment approval request specialized data) through the extracted symmetric key (or secret key) (1110).

When the payment processing related data (or payment approval request specialized data) encrypted through the symmetric key (or secret key) is decrypted as described above, the encryption unit 710 may perform the payment processing related data (or payment approval request specialized data). To the payment processing unit 715 (1115), the payment processing unit 715 is linked with at least one card company server and / or bank server according to the payment processing procedure defined in the VAN server 105 and the payment The payment processing corresponding to the processing related data (or the payment approval request specialized data) is performed.

12 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a symmetric key (or secret key) method in the VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 12 shows payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. The preferred embodiment of the present invention encrypts payment approval data) using a symmetric key (or secret key) method, and the symmetric key (or secret key) for encryption is a security application module provided in the VAN server 105. It is preferable to read from.

Referring to FIG. 12, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit 715. When the payment approval specialized data is received, the encryption unit 710 is provided with this (1200), and a predetermined symmetric key (or a predetermined symmetric key for encrypting the payment processing result data (or payment approval specialized data) from the security application module. The secret key) is extracted (1205), and the payment processing result data (or payment approval specialized data) is encrypted using the extracted symmetric key (or secret key) (1210).

If the payment processing result data (or payment approval specialized data) is encrypted through the symmetric key (or secret key) as described above, the transmission unit 705 at least from the encrypted payment processing result data (or payment approval specialized data) By creating one or more SDUs / PDUs and storing them in a higher layer on the communication protocol stack (1215), the communication defined between the VAN server 105 and the Internet and / or leased lines connecting the operator network 100 of the high-speed wireless Internet. A packet corresponding to a protocol stack is generated and the generated packet is transmitted to the payment terminal 140 through a network component on the high-speed wireless Internet.

FIG. 13 is a diagram illustrating a payment processing procedure of a payment terminal 140 for high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 13 illustrates a payment terminal 140 that transmits the predetermined payment processing related data (or payment approval request specialized data) to the VAN server 105 as shown in FIG. By decrypting the payment processing result data (or payment approval specialized data) encrypted and received from 105 by a symmetric key (or secret key) method, the VAN server 105 and the payment processing result data (or payment approval specialized data) As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security between the payment terminal 140 for receiving the present invention, those skilled in the art to which the present invention belongs, The V through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from essential technical matters of the present invention with reference to FIG. 13. Various electronic payment processing methods for providing the AN server 105 and the portable Internet-based end-to-end security will be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 13, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the same process as in FIG. 8 may transmit the VAN server 105 through the high-speed wireless Internet. Wait 1300 to receive payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (1305), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval specialized data) is decoded and output by a symmetric key (or secret key) method (1310), a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment processing process of the payment terminal 140 as shown in FIGS. 8 and 13 is preferably repeated until the payment function of the payment terminal 140 ends (1315).

FIG. 14 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by the payment terminal 140 in a symmetric key (or secret key) method according to an embodiment of the present invention.

In more detail, FIG. 14 is received from the VAN server 105 as shown in FIG. 7 through an encryption procedure as shown in FIG. 12 in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. The present invention relates to a method for decrypting the received payment processing result data (or payment approval professional data) by a symmetric key (or secret key) method, wherein the symmetric key (or secret key) is the payment terminal 140 (or payment). It is preferable to read from the security application module (SAM) provided in the card terminal end 475 of the terminal 140.

Referring to FIG. 14, the wireless processing unit 470 of the payment terminal 140 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. In operation 1400, the communication processing unit 460 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VAN server 105 from the received packet (1405). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit (1410).

The encryption processing unit 455 extracts a predetermined symmetric key (or secret key) for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module included in the payment terminal 140. In operation 1420, the encrypted payment processing result data (or payment approval specialized data) is decrypted using the extracted symmetric key (or secret key).

When the payment processing result data (or payment approval specialized data) encrypted through the symmetric key (or secret key) is decrypted as described above, the encryption processing unit outputs the payment processing result data (or payment approval specialized data) to the screen output unit. The screen is output through 1405 or 1425a and / or provided to the printing unit 420 to be output.

Hereinafter, the technical features of the present invention will be described through a preferred embodiment for processing a high-speed wireless Internet-based electronic payment that performs public key encryption and / or decryption procedures.

15 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 15 is connected to the high-speed wireless Internet from the payment terminal 140 with encryption functions as shown in FIGS. 4A, 4B, and 4C, and the payment process is performed when the electronic terminal processes the payment terminal 140. The VAN server 105 which receives the payment terminal 140 and the payment processing related data (or payment approval request specialized data) by encrypting and transmitting related data (or payment approval request specialized data) in a public key infrastructure. The present invention relates to a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between those skilled in the art and those skilled in the art. The VAN server 105 and the portable Internet through the payment terminal 140 corresponding to the drawings 4a, 4b and 4c without violating technical details. Various electronic payment processing methods for easily providing end-to-end security may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 15, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 in conjunction with a predetermined high-speed wireless Internet) is provided with a function of wirelessly connecting to a predetermined high-speed wireless Internet. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging and initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed. ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying the authentication and the service authority of the payment terminal 140 is performed (1505).

According to an embodiment of the present invention, the preferred authentication procedure for verifying the authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR ( In step 130, a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) provided from the base station 135 is provided to the AAA server 110 on the high-speed wireless Internet. The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs a process of allocating and registering a predetermined IP address with respect to the payment terminal 140 (1510).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Accordingly, the payment terminal 140 periodically monitors an internal resource (eg, a resource for initiating the electronic payment processing in the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment processing is started (1515). If the high-speed wireless Internet-based electronic payment processing is started (1520), the payment terminal 140 receives a predetermined payment information from a predetermined input device for the electronic payment processing, and the customer-owned medium from the card reader device (1525) predetermined payment means information for the electronic payment process is read from the MS card (IC card, IC card, IC chip, etc.).

When the payment information for the electronic payment processing is input as described above, and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 relates to the predetermined payment processing including the payment information and the payment means information. Generating data (or payment approval request text data) (or payment request text for electronic payment processing) (1530), and converting the payment processing related data (or payment approval request text data) into a public key according to an embodiment of the present invention. Perform an encryption procedure in an infrastructure manner (1535), and transmit the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on a communication protocol stack structure defined in the high-speed wireless Internet. 1540, a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The provided medium control layer and the medium control layer provided in the base station 135 connected to the payment terminal 140 are mapped between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 1545, the base station 135 and the PAR 130 on the high-speed wireless Internet interwork with each other to search for a payment processing service profile for the payment terminal 140 (1550).

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. The subscriber profile is searched for through the registration information of the payment terminal 140 included in the received CREG_req message, and the acceptance of the registration of the subscriber is determined, and the result is included in the CREG_rsp message and transmitted to the base station 135. .

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and processing the negotiation values and the payment Whether or not to accept the request for establishing the traffic connection is included in the DSA_rsp message and transmitted to the base station 135.

Subsequently, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to establish the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the payment processing service flow information is registered.

If a predetermined payment processing service profile is not found in the PAR 130 (for example, if a traffic connection for payment processing is first attempted after booting the system of the payment terminal 140) (1555), the high-speed wireless The PAR 130 on the Internet performs a change and / or registration and / or addition procedure for the payment processing service profile (1560).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, a payment processing service flow profile is previously generated by performing electronic payment processing through a high-speed wireless Internet) (1555), or When a change and / or registration and / or an additional procedure for the service profile for payment processing is performed (1560), the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), which is transmitted to the base station 135 by the PAR 130. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. 1565, the communication path for transmitting the encrypted payment processing related data (or payment approval request specialized data) is as shown in FIG. 3A or 3B.

FIG. 16 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in a public key based structure according to an embodiment of the present invention.

More specifically, FIG. 16 encrypts the payment processing related data (or payment approval request specialized data) in a public key based structure in a payment terminal 140 having an encryption function as shown in FIGS. 4A, 4B, and 4C. As a preferred embodiment of the present invention, the public key of the VAN server 105 for encryption is a security application module provided in the payment terminal 140 (or the card terminal 475 of the payment terminal 140). 415) (SAM) is preferred.

Referring to FIG. 16, when the data generation unit 450 of the payment terminal 140 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. The encryption processing unit 455 is provided with this (1600), and extracts a predetermined VAN server 105 public key for encrypting the payment processing related data (or payment approval request specialized data) from the security application module ( In operation 1605, the payment processing related data (or payment approval request specialized data) is encrypted using the extracted VAN server 105 public key (1610).

When the payment processing related data (or payment approval request specialized data) is encrypted through the VAN server 105 public key as described above, the communication processing unit 460 performs the encrypted payment processing related data (or payment approval request specialized data). Generates at least one SDU / PDU from and stores it in a higher layer on the communication protocol stack (1615), and the wireless processor 470 is defined between the wireless processor 470 and the base station 135 with respect to the communication protocol stack. By performing a communication process corresponding to a media control layer and a physical layer (1620), the packet corresponding to the encrypted payment processing related data (or payment approval request specialized data) is transmitted through the network component on the high-speed wireless Internet. Transmit to VAN server 105.

17 is a diagram illustrating a payment processing process of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to the embodiment of the present invention.

In more detail, FIG. 17 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing related data (or payment approval request specialized data) through an encryption process as shown in FIG. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided in the intention of the person skilled in the art and / or each of the above VAN operators within the scope of not violating the core technical matters of the present invention with reference to this figure 17. Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 17, payment processing related data (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the encryption procedure as shown in FIG. 16 from the payment terminal 140 to the VAN server 105. When the full data is received through the communication path as shown in FIG. 3a or 3b (1700), the VAN server 105 transmits the received payment processing related data (or payment approval request specialized data) to a public key infrastructure. By decryption processing 1705, end-to-end security for the payment terminal 140 and the VAN server 105 is secured. A detailed procedure thereof will be described in detail with reference to FIG. 18.

If the payment processing related data (or payment approval request specialized data) is not decrypted (1710), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. In operation 1715, the payment terminal 140 transmits the payment to the payment terminal 140.

On the other hand, if the payment processing related data (or payment approval request specialized data) is decoded (1710), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading payment means information, the electronic payment process is performed in connection with a predetermined card company server and / or bank server (1720), and the payment processing related data (or payment approval request specialized data from the card company server and / or bank server). A predetermined payment processing result data (or payment approval specialized text data) corresponding to) is received (1725).

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (1730), the VAN server ( 105 encrypts the payment processing result data (or payment approval specialized data) in a public key infrastructure scheme (1735), and encrypts the encrypted payment processing result data (or payment approval specialized data) with the drawings 3a or 3b. Through the same communication path to the payment terminal 140 as shown in Figures 4a, 4b and 4c (1740), a detailed procedure thereof will be described in detail with reference to Figure 19.

FIG. 18 illustrates a method for decrypting payment processing related data (or payment approval request specialized data) encrypted and received by the VAN server 105 in a public key infrastructure according to an embodiment of the present invention.

In more detail, FIG. 18 illustrates the payment processing related data encrypted and received from the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C in the VAN server 105 as shown in FIG. Or a preferred embodiment of the method for decrypting a payment approval request specialized data) using a public key infrastructure, and a VAN server for decrypting the encrypted payment processing related data (or payment approval request specialized data) using a public key infrastructure. (105) The private key is a security application provided in the VAN server 105 in response to a security application module (SAM) provided in the payment terminal 140 (or card terminal 475 of the payment terminal 140). It is preferable to read from the module.

Referring to FIG. 18, the receiving unit 700 of the VAN server 105 is encrypted payment processing-related data (or payment) from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or leased line Receives a packet corresponding to a communication protocol stack including an authorization request specialized data and restores (or generates) payment processing related data (or payment approval request specialized data) encrypted and transmitted from the payment terminal 140 (1800). The encryption unit 710 extracts the private key of the VAN server 105 for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module included in the VAN server 105. In operation 1805, the encrypted VAN server 105 decrypts the encrypted payment processing related data (or payment approval request specialized data) through the extracted private key (1810).

When the payment processing related data (or payment approval request specialized data) encrypted through the VAN server 105 private key is decrypted as described above, the encryption unit 710 may perform the payment processing related data (or payment approval request specialized data). To the payment processing unit 715 (1815), wherein the payment processing unit interoperates with at least one card company server and / or a bank server according to a payment processing procedure defined in the VAN server 105 to provide the payment processing related data. Perform payment processing corresponding to (or payment approval request specialized data);

FIG. 19 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in a public key infrastructure structure in a VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 19 shows payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. As a preferred embodiment of the present invention, a payment terminal public key for encryption is preferably read from a security application module provided in the VAN server 105. .

Referring to FIG. 19, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit 715. When the payment approval professional data) is received, the encryption unit 710 is provided with this (1900), and a predetermined payment terminal public key for encrypting the payment processing result data (or payment approval professional data) from the security application module. In operation 1905, the payment processing result data (or payment approval specialized data) is encrypted using the extracted payment terminal public key (1910).

When the payment processing result data (or payment approval professional data) is encrypted using the payment terminal public key as described above, the transmission unit 705 may generate at least one or more data from the encrypted payment processing result data (or payment approval specialized data). By creating an SDU / PDU and storing it in a higher layer on the communication protocol stack (1915), a communication protocol stack defined between the VAN server 105 and the Internet and / or a dedicated line connecting the operator network 100 of a high-speed wireless Internet. Generates a packet corresponding to, and transmits the generated packet to the payment terminal 140 through a network component on the high-speed wireless Internet.

20 is a diagram illustrating a payment processing process of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, in FIG. 20, as shown in FIG. 15, the payment terminal 140 encrypts predetermined payment processing related data (or payment approval request specialized data) and transmits the encrypted data to the VAN server 105. Receiving the VAN server 105 and the payment processing result data (or payment approval specialized data) by decrypting the payment processing result data (or payment approval specialized data) encrypted and received from the public key infrastructure structure. As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security between the payment terminal 140, those skilled in the art to which the present invention pertains, see FIG. The VAN through the payment terminal 140 corresponding to the Figures 4a, 4b and 4c without departing from the core technical matters of the present invention. Various electronic payment processing methods for providing end-to-end security between the server 105 and the portable Internet may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 20, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the same process as in FIG. 15 may transmit the VAN server 105 through the high-speed wireless Internet. Waiting for the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from (2000).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (2005), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval specialized data) is decoded and output in a public key infrastructure structure (2010), and a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment process of the payment terminal 140 as shown in FIGS. 15 and 20 is preferably repeated until the payment function of the payment terminal 140 ends (2015).

21 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received at a payment terminal 140 according to an embodiment of the present invention using a public key infrastructure.

In more detail, FIG. 21 is received from the VAN server 105 as shown in FIG. 7 through an encryption procedure as shown in FIG. 19 in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. The present invention relates to a preferred method for decrypting the received payment processing result data (or payment approval specialized data) in a public key infrastructure, wherein the payment terminal private key is a card terminal of the payment terminal 140 (or the payment terminal 140). It is preferable to read from the security application module (SAM) provided in the stage (475).

Referring to FIG. 21, the wireless processing unit 470 of the payment terminal 140 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. 2100, the communication processing unit 460 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VAN server 105 from the received packet (2105). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit (2110).

The encryption processing unit 455 extracts a predetermined payment terminal private key for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module included in the payment terminal 140 (2115). In step 2120, the encrypted payment processing result data (or payment approval specialized data) is decrypted using the extracted payment terminal private key.

When the payment processing result data (or payment approval specialized data) encrypted through the payment terminal private key is decrypted as described above, the encryption processing unit 455 outputs the payment processing result data (or payment approval specialized data) to the screen output unit. The screen is output through 2405 (2125a) and / or provided to the printing unit 420 to be output (2125b).

Hereinafter, the technical features of the present invention will be described through a preferred embodiment of processing a high-speed wireless Internet-based electronic payment that performs an electronic envelope encryption and / or decryption procedure.

22 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 22 is connected to the high-speed wireless Internet in the payment terminal 140 with encryption functions as shown in FIGS. 4A, 4B, and 4C, and the payment process is performed when the electronic terminal processes the payment terminal 140. By encrypting and transmitting related data (or payment approval request specialized data) in an electronic envelope method, between the payment terminal 140 and the VAN server 105 that receives the payment processing related data (or payment approval request specialized data). As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security, those skilled in the art to which the present invention pertains, the core technical of the present invention with reference to FIG. Based on the VAN server 105 and the mobile Internet through the payment terminal 140 corresponding to the Figures 4a, 4b and 4c without departing from the matter. Inter-stage will be able to easily derive various electronic settlement method for providing security, and to which the present invention is not limited.

Referring to FIG. 22, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 in association with a predetermined high-speed wireless Internet) is provided. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging, and an initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed (2200). ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying the authentication and service authority of the payment terminal 140 is performed (2205).

According to an embodiment of the present invention, a preferred authentication procedure for verifying authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR. When the 130 provides a DER (Extensible Authentication Protocol) Request (DER) message including a subscriber ID (ID) provided from the base station 135 to the AAA server 110 on the high-speed wireless Internet, The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs a process of allocating and registering a predetermined IP address for the payment terminal 140 (2210).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Accordingly, the payment terminal 140 periodically monitors an internal resource (for example, a resource for initiating the electronic payment processing in the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment processing is started (2215). If the high-speed wireless Internet-based electronic payment processing is started (2220), the payment terminal 140 receives a predetermined payment information from a predetermined input device for the electronic payment processing, and the customer-owned medium from the card reader device (E.g., MS card, IC card, IC chip, etc.), predetermined payment means information for the electronic payment processing is read (2225).

When payment information for electronic payment processing is input as described above and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 includes predetermined payment processing related data including the payment information and payment means information. (Or payment approval request text data) (or payment request text for electronic payment processing) is generated (2230), and the payment processing related data (or payment approval request text data) is an electronic envelope method according to an embodiment of the present invention. Perform an encryption procedure (2235), and request to transmit the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the communication protocol stack structure defined in the high-speed wireless Internet. 2240, a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The provided medium control layer and the medium control layer provided in the base station 135 connected to the payment terminal 140 are mapped between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 2245, the base station 135 and the PAR 130 on the high-speed wireless Internet interwork with each other to search for a service profile for payment processing for the payment terminal 140 (2250).

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. The subscriber profile is searched for through the registration information of the payment terminal 140 included in the received CREG_req message, and the acceptance of the registration of the subscriber is determined, and the result is included in the CREG_rsp message and transmitted to the base station 135. .

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and processing the negotiation values and the payment Whether or not to accept the request for establishing the traffic connection is included in the DSA_rsp message and transmitted to the base station 135.

Thereafter, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to set up the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the service processing information for payment processing is registered.

If a predetermined payment processing service profile is not retrieved from the PAR 130 (eg, if a traffic connection for payment processing is first attempted after system booting of the payment terminal 140) (2255), the high-speed wireless The PAR 130 on the Internet performs a change and / or registration and / or an additional procedure for the payment processing service profile (2260).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, a payment processing service flow profile has been previously generated by performing electronic payment processing through a high-speed wireless Internet) (2255), or When a change and / or registration and / or an additional procedure for the service profile for payment processing is performed (2260), the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), which is transmitted to the base station 135 by the PAR 130. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. 2265, a communication path for transmitting the encrypted payment processing related data (or payment approval request specialized data) is as shown in FIG. 3A or 3B.

FIG. 23 is a diagram illustrating a method for encrypting and transmitting payment processing related data (or payment approval request specialized data) in an electronic envelope method according to an embodiment of the present invention.

More specifically, FIG. 23 encrypts and transmits the payment processing related data (or payment approval request specialized data) in an electronic envelope method in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. As a preferred embodiment, the VAN server 105 public key for encryption is a security application module (SAM) provided in the payment terminal 140 (or card terminal 475 of the payment terminal 140). It is preferable to read from.

Referring to FIG. 23, when the data generation unit 450 of the payment terminal 140 generates predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. The encryption processing unit 455 is provided with this (2300), and a predetermined random secret key (Random) for encrypting the payment processing related data (or payment approval request specialized data) using a secret key (symmetric key) method. A secret key is generated (2305), and the payment processing related data (or payment approval request specialized data) is encrypted using the generated secret key (2310).

In addition, the encryption processing unit 455 extracts a predetermined VAN server 105 public key from the security application module to encrypt the secret key encrypting the payment processing related data (or payment approval request specialized data) ( 2315), using the VAN server 105 public key, encrypts a secret key that encrypts the payment processing related data (or payment approval request specialized data) (2320).

If the payment processing related data (or payment approval request specialized data) is encrypted with a predetermined random key randomly generated as described above, and the secret key is encrypted through the VAN server 105 public key, the encryption processing unit 455 ) Generates transaction data associated with the payment processing related data (or payment approval request specialized data) encrypted with the secret key and the secret key encrypted with the public key of the VAN server 105, and provides the transaction data to the communication processor 460 (2325). )

The communication processor 460 generates at least one SDU / PDU from the transaction data and stores it in an upper layer on a communication protocol stack (2330), and the wireless processor 470 performs the radio processing unit 470 on the communication protocol stack. By performing a communication process corresponding to the media control layer and the physical layer defined between the base station 135 and the base station 135 (2335), the encrypted payment processing related data (or payment approval request specialized data) on the high-speed wireless Internet It transmits to the VAN server 105 through a network component.

24 is a diagram illustrating a payment processing procedure of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 24 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing related data (or payment approval request specialized data) encrypted through an encryption procedure as shown in FIG. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided to the intention of the person skilled in the art and / or each of the above-mentioned VAN operators within the scope not to violate the core technical matters of the present invention with reference to this figure Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 24, data related to payment processing (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C to the VAN server 105 through an encryption procedure as shown in FIG. When the full data is received through the communication path as shown in FIG. 3a or 3b (2400), the VAN server 105 decrypts the received payment processing related data (or payment approval request professional data) by an electronic envelope method. By processing (2405), secure the end-to-end security for the payment terminal 140 and the VAN server 105, a detailed procedure for this will be described in detail with reference to FIG.

If the payment processing related data (or payment approval request specialized data) is not decrypted (2410), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. The payment terminal 140 transmits the data to the payment terminal 140 (2415).

On the other hand, if the payment processing related data (or payment approval request specialized data) is decoded (2410), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading payment means information, the electronic payment process is performed in connection with a predetermined card company server and / or bank server (2420), and the payment processing related data (or payment approval request specialized data from the card company server and / or bank server). A predetermined payment processing result data (or payment approval specialized data) corresponding to) is received (2425).

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (2430), the VAN server ( 105 encrypts the payment processing result data (or payment approval specialized data) in an electronic envelope method (2435) and communicates the encrypted payment processing result data (or payment approval specialized data) as shown in FIGS. 3A or 3B. It is transmitted to the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the path (2440), and a detailed procedure thereof will be described in detail with reference to FIG.

25 is a diagram illustrating a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received by the VAN server 105 according to an embodiment of the present invention by an electronic envelope method.

In more detail, FIG. 25 illustrates the payment processing-related data received after being encrypted from the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C in the VAN server 105 as shown in FIG. Or a method for decrypting payment approval request specialized data) by an electronic envelope method, wherein the VAN server 105 individual for decrypting the encrypted payment processing related data (or payment approval request specialized data) by an electronic envelope method. The key is read from the security application module provided in the VAN server 105 in response to a security application module (SAM) provided in the payment terminal 140 (or the card terminal 475 of the payment terminal 140). It is preferable.

Referring to FIG. 25, the receiving unit 700 of the VAN server 105 is encrypted payment processing related data (or payment) from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or leased line Receiving a packet corresponding to a communication protocol stack including an authorization request specialized data and restoring (or generating) payment processing related data (or payment approval request specialized data) encrypted and transmitted from the payment terminal 140 (2500). The encryption unit 710 extracts the private key of the VAN server 105 for decrypting the encrypted payment processing related data (or payment approval request specialized data) from the security application module included in the VAN server 105. (2505), and decrypting the secret key encrypted with the VAN server 105 public key through the extracted VAN server 105 private key (2510), the payment processing related data (or payment approval) The secret key for decrypting the request message data is extracted (2515), and the payment process related data (or payment approval request text data) is decrypted using the extracted secret key (2520), and encrypted with the secret key. The payment processing related data (or payment approval request specialized data) is extracted (2525).

When the payment processing related data (or payment approval request specialized data) is decrypted as described above, the encryption unit 710 provides the payment processing related data (or payment approval request specialized data) to the payment processing unit 715 ( 2530), the payment processing unit 715 is linked with at least one card company server and / or bank server according to the payment processing procedures defined in the VAN server 105, the data related to the payment processing (or payment approval request specialized data) Perform a payment process corresponding to the.

FIG. 26 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval data) in an electronic envelope method in a VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 26 illustrates payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. As a preferred embodiment of the method for encrypting and transmitting payment approval data) by an electronic envelope method, the payment terminal public key for encryption is preferably read from a security application module provided in the VAN server 105.

Referring to FIG. 26, payment processing result data corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit, or the payment approval message Data) is received, the encryption unit is provided with it (2600),

Generate a random secret key for encrypting the payment processing result data (or payment approval specialized data) by a secret key (symmetric key) method (2605), and generates the generated secret key The payment processing result data (or payment approval specialized data) is encrypted using the operation 2610.

In addition, the encryption unit 710 extracts a predetermined payment terminal public key from the security application module (2615) to encrypt the secret key that encrypts the payment processing result data (or payment approval specialized data) (2615). A secret key that encrypts the payment processing result data (or payment approval specialized data) is encrypted using the payment terminal public key (2620).

When the payment processing result data (or payment approval specialized data) is encrypted with a predetermined secret key randomly generated as described above, and the secret key is encrypted through the payment terminal public key, the encryption unit 710 is the secret. Generate transaction data associated with a payment processing result data (or payment approval specialized data) encrypted with a key and a secret key encrypted with the payment terminal public key and provide the result to the transmission unit.

The transmission unit 705 generates at least one SDU / PDU from the transaction data and stores it in a higher layer on a communication protocol stack (2625), thereby establishing the VAN server 105 and the operator network 100 of the high-speed wireless Internet. A packet corresponding to a communication protocol stack defined between the connecting Internet and / or a dedicated line is generated, and the generated packet is transmitted to the payment terminal 140 through a network component on the high-speed wireless Internet.

27 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 27 shows a payment terminal 140 which transmits the predetermined payment processing related data (or payment approval request specialized data) to the VAN server 105 as shown in FIG. Payment to receive the VAN server 105 and the payment processing result data (or payment approval specialized data) by decrypting the payment processing result data (or payment approval specialized data) encrypted and received from 105 by an electronic envelope method. As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security between the terminal 140, those skilled in the art to which the present invention pertains, with reference to this figure 27 The VAN server 105 through the payment terminal 140 corresponding to the drawings 4a, 4b and 4c without departing from the essential technical matters of the present invention. And a variety of electronic payment processing methods for providing end-to-end security based on the mobile Internet, and thus the present invention is not limited thereto.

Referring to FIG. 27, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the same process as in FIG. 22 is connected to the VAN server 105 through the high-speed wireless Internet. Waiting for the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from (2700).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (2705), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval data) is decoded and output in an electronic envelope method (2710), and a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment process of the payment terminal 140 as shown in FIGS. 22 and 27 is preferably repeated until the payment function of the payment terminal 140 ends (2715).

28 is a diagram illustrating a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by the payment terminal 140 according to an embodiment of the present invention by an electronic envelope method.

More specifically, FIG. 28 is received from the VAN server 105 as shown in FIG. 7 through an encryption procedure as shown in FIG. 26 in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. The present invention relates to a preferred method of decrypting the received payment processing result data (or payment approval specialized data) by an electronic envelope method, wherein the payment terminal private key is the card terminal of the payment terminal 140 (or the payment terminal 140 ( 475) is preferably read from the security application module (SAM) provided in.

Referring to FIG. 28, the wireless processing unit 470 of the payment terminal 140 receives a packet corresponding to a communication protocol stack including encrypted payment processing result data (or payment approval specialized data) from the high-speed wireless Internet. The communication processor 460 restores (or generates) payment processing result data (or payment approval specialized data) encrypted and transmitted from the VAN server 105 from the received packet (2805). The restored (or generated) payment processing result data (or payment approval specialized data) is provided to the password processing unit (2810).

The encryption processing unit 455 extracts a predetermined payment terminal private key for decrypting the encrypted payment processing result data (or payment approval specialized data) from the security application module included in the payment terminal 140 (2815). (2820) by decrypting the secret key encrypted with the payment terminal public key through the extracted payment terminal private key, extracting the secret key for decrypting the payment processing result data (or payment approval specialized data); 2825, the payment processing result data (or payment approval specialized data) is decrypted using the extracted secret key (2830), and the payment processing result data (or payment approval specialized data) encrypted with the secret key is extracted. (2835).

When the payment processing result data (or payment approval specialized data) is decrypted as described above, the encryption processing unit 455 outputs the payment processing result data (or payment approval specialized data) through the screen output unit (2840a), and And / or provide a printout to the printing unit (2840b).

Hereinafter, the technical features of the present invention will be described through a preferred embodiment of processing a high-speed wireless Internet-based electronic payment that performs an encryption and / or decryption procedure using an electronic signature and a key exchange method.

29 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 29 is connected to the high-speed wireless Internet in the payment terminal 140 with encryption functions as shown in FIGS. 4A, 4B, and 4C, and the payment process is performed when the electronic terminal processes the payment terminal 140. The VAN server 105 which receives the payment terminal 140 and the payment processing related data (or payment approval request specialized data) by encrypting and transmitting related data (or payment approval request specialized data) by an electronic signature and a key exchange method. The present invention relates to a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the present invention and those skilled in the art to which the present invention pertains. The VAN server 105 and the portable interface through the payment terminal 140 corresponding to FIGS. 4A, 4B, and 4C without departing from essential technical matters. Various electronic payment processing methods for providing net-based end-to-end security can be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 29, a payment terminal 140 (eg, an integrated payment terminal 140, a modular payment terminal 140, and a payment terminal 140 in association with a function of wirelessly connecting to a predetermined high-speed wireless Internet) is provided. When a predetermined power is supplied to the system to boot, the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) synchronizes with the downlink through the downlink channel search of the base station 135. After acquiring the channel control parameter for the uplink, initial synchronization is performed through initial ranging and initial access (Initial Access) process of informing the base station 135 of the information of the payment terminal 140 is performed (2900). ).

When the initial access process is performed, the basic provisioning capability of determining the basic provisioning capability between the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the base station 135 of the high-speed wireless Internet When the basic capability is negotiated and the basic capability is negotiated, the AAA server 110 extends the wireless connection connection between the payment terminal 140 and the base station 135 to the wired section through the PAR 130. An authentication procedure for verifying the authentication and the service authority of the payment terminal 140 is performed (2905).

According to an embodiment of the present invention, the preferred authentication procedure for verifying the authentication and service authority for the payment terminal 140 (or the wireless terminal 480 of the payment terminal 140) on the high-speed wireless Internet is the PAR ( In step 130, a DER (Diameter Extensible Authentication Protocol) Request (ID) / Identity message including a subscriber ID (ID) provided from the base station 135 is provided to the AAA server 110 on the high-speed wireless Internet. The AAA server 110 determines whether the user is a legitimate subscriber and transmits a Diameter EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 130. Thereafter, the PAR 130 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server 110, and the AAA server 110 responds to the PAR 130. Send DEA / Server-Hello. Next, the PAR 130 and the AAA server 110 provides a DER / TLS certificate from the PAR 130 to the AAA server 110 for the mutual exchange of certificates, the AAA server 110 is the PAR Sending the DEA / TLS cHA (120) nge cipher spec, TLS finished message to (130) to remind the use of the new encryption algorithm and the handshaking (HA (120) nd-sHA (120) king) procedure. Deliver to PAR (130). In addition, the PAR 130 transmits a DER / Ack to the AAA server 110 and receives a DEA / Success from the AAA server 110, thereby completing a subscriber authentication process by completing mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is performed, the payment terminal 140 (or payment terminal 140) The HA 120 managing the MIP for the wireless terminal 480 performs the process of allocating and registering a predetermined IP address with respect to the payment terminal 140 (2910).

According to the embodiment of the present invention, the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) and the high-speed wireless Internet network is the wireless terminal of the payment terminal 140 (or payment terminal 140) A traffic encryption key generation and distribution process may be further performed to maintain security of the traffic connection between the terminal end 480 and the base station 135.

As described above, when the initial access process, the basic provisioning capability negotiation process, the authentication process for the user or the payment terminal 140 and the MIP registration process are completed, the high-speed wireless Internet service for the payment terminal 140 is started. During the service, the traffic flow is changed or deleted according to the traffic situation, the handover when moving to another cell, the management and billing of IP generated accordingly, and the payment terminal 140 (or the payment terminal 140) are performed. In the card terminal 475), payment processing may be performed through the high-speed wireless Internet.

Accordingly, the payment terminal 140 periodically monitors an internal resource (eg, a resource for initiating the electronic payment processing in the card terminal 475) to confirm whether the high-speed wireless Internet-based electronic payment processing is started (2915). If the high-speed wireless Internet-based electronic payment processing is started (2920), the payment terminal 140 receives a predetermined payment information from a predetermined input device for the electronic payment processing, and the customer-owned medium from the card reader device (E.g., MS card, IC card, IC chip, etc.), predetermined payment means information for the electronic payment processing is read (2925).

When payment information for electronic payment processing is input as described above and predetermined payment means information is read from a customer-owned medium, the payment terminal 140 includes predetermined payment processing related data including the payment information and payment means information. (Or payment approval request text data) (or payment request text for electronic payment processing) (2930), and the payment processing related data (or payment approval request text data) according to an embodiment of the present invention. An encryption procedure is performed using a key exchange method (2935), and the encrypted payment processing related data (or payment approval request specialized data) is transferred to the VAN server 105 based on the communication protocol stack structure defined in the high-speed wireless Internet. Request to transmit (2940), a detailed procedure for this will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, when the payment terminal 140 transmits encrypted payment processing related data (or payment approval request specialized data) to a predetermined VAN server 105, the payment terminal 140 is transmitted to the payment terminal 140. The provided medium control layer and the medium control layer provided in the base station 135 connected to the payment terminal 140 are mapped between the payment terminal 140 and the base station 135 to transmit traffic for one service flow. It is desirable to perform a traffic connection process that defines a relationship.

The payment terminal 140 requests the PAR 130 to retrieve the service profile for payment processing through the subscriber profile information and the service flow information as shown in FIG. 2 through the base station 135 of the high-speed wireless Internet company. In operation 2950, the base station 135 and the PAR 130 interoperate with each other to search for a payment processing service profile for the payment terminal 140.

According to an exemplary embodiment of the present invention, the preferred procedure of the searching process includes transmitting the registration information of the payment terminal 140 to the PAR 130 by including the registration information of the payment terminal 140 in the CREG_req message. The subscriber profile is searched through the payment terminal 140 registration information included in the received CREG_req message, and the acceptance of the registration of the subscriber is determined, and the result is included in the CREG_rsp message and transmitted to the base station 135. do.

In addition, when the base station 135 transmits a request for establishing a traffic connection for payment processing in a predetermined DSA_req message to the PAR 130, the PAR 130 receiving the DSA_req message receives the call through a call admission control mechanism. After retrieving service flow information for determining whether to accept the request, negotiating a quality of service (QoS) value and / or service level that can be provided in response to the requested new traffic, and processing the negotiation values and the payment Whether or not to accept the request for establishing the traffic connection is included in the DSA_rsp message and transmitted to the base station 135.

Subsequently, the base station 135 transmits to the PAR 130 including the DSA_ack message whether to establish the traffic connection for payment processing requested by the DSA_req as an acknowledgment message for the DSA_rsp message, and the PAR 130 By reading the DSA_ack message, the service flow information is changed to the payment processing traffic connection setting or the payment processing service flow information is registered.

If a predetermined payment processing service profile is not retrieved from the PAR 130 (eg, if a traffic connection for payment processing is first attempted after system booting of the payment terminal 140), the high speed wireless The PAR 130 on the Internet performs a change and / or registration and / or an additional procedure for the payment processing service profile (2960).

On the other hand, a predetermined payment processing service profile is retrieved from the PAR 130 (eg, an electronic payment processing has been previously performed through a high-speed wireless Internet, and a service flow profile for payment processing has been previously generated) (2955), or When a change and / or registration and / or additional procedure for the payment processing service profile is performed (2960), the payment terminal 140 (or wireless terminal 480 of the payment terminal 140) is encrypted. The media control layer and the physical layer are processed and transmitted to the base station 135 in a communication protocol stack including payment processing related data (or payment approval request specialized data), which is transmitted to the base station 135 by the PAR 130. The PAR 130 transmits the encrypted payment processing related data (or payment approval request specialized data) to the VAN server 105 based on the service profile. In 2965, the communication path for transmitting the encrypted payment processing related data (or payment approval request specialized data) is as shown in FIG. 3A or 3B.

30A and 30B illustrate a method of encrypting and transmitting payment processing related data (or payment approval request specialized data) by an electronic signature and a key exchange method in the payment terminal 140 according to an embodiment of the present invention.

In more detail, FIGS. 30A and 30B show an electronic signature and a key of the payment processing related data (or payment approval request specialized data) in the payment terminal 140 having the encryption function as shown in FIGS. 4A, 4B, and 4C. The preferred embodiment of the present invention encrypts and transmits an exchange method. The payment terminal private key and the public key of the VAN server 105 for encryption are the card terminal of the payment terminal 140 (or the payment terminal 140). (475) is preferably read from the security application module (SAM) provided.

Referring to FIGS. 30A and 30B, the data generation unit 450 of the payment terminal 140 includes predetermined payment processing related data (or payment approval request specialized data) including predetermined payment information and customer-owned payment means information. Is generated, the encryption processing unit 455 is provided with this (3000), the payment processing related data (or payment approval request specialized data) a predetermined one-way hash function (for example, the payment processing related data (or payment approval request) Regardless of the length of the full text data), a message digest including a hash code (HA 120) code of a predetermined length is generated, and the original message is identified through the hash code (or message digest). Or one-way hash function (HA 120) that cannot be inferred.The payment terminal and the VAN server 105 use the same hash function to generate a predetermined message digest (300). 5) The digital signature is digitally signed by encrypting the message digest through the payment terminal private key (3010).

In addition, the encryption processing unit 455 generates a predetermined random secret key for encrypting the payment processing related data (or payment approval request specialized data) using a secret key (symmetric key) method, 3015, the message digest encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key and a certificate provided in the security application module 415 (eg, including a payment terminal public key). The certificate is linked to the copy and encrypted using the generated private key (3020). In addition, the encryption processing unit 455 extracts a predetermined VAN server 105 public key from the security application module to encrypt the secret key encrypting the payment processing related data (or payment approval request specialized data) ( In operation 3030, the private key encrypting the payment processing related data (or payment approval request specialized data) is encrypted using the VAN server 105 public key (3030).

The payment processing related data (or payment approval request specialized data) and the copy of a certificate including the message digest encrypted with the payment terminal private key and the payment terminal public key are linked to each other and encrypted through the generated secret key, and the secret When the key is encrypted using the public key of the VAN server 105, the encryption processing unit 455 is encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key encrypted through the secret key. A certificate copy including the message digest and the payment terminal public key is associated with a secret key encrypted with the VAN server 105 public key to generate predetermined transaction data, and the generated transaction data is transmitted to the communication processor 460. Provided as (3035).

The communication processing unit 460 generates at least one SDU / PDU from the transaction data and stores it in an upper layer on a communication protocol stack (3040), and the wireless processing unit 470 performs the radio processing unit 470 on the communication protocol stack. By performing the communication process corresponding to the medium control layer and the physical layer defined between the base station 135 and the base station 135 (3045), the encrypted payment processing-related data (or payment approval request specialized data) to the high-speed wireless Internet It transmits to the VAN server 105 through the network component on the network.

31 is a diagram illustrating a payment processing procedure of the VAN server 105 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, FIG. 31 illustrates a case in which a VAN server 105 having an encryption function as shown in FIG. 7 is received with payment processing related data (or payment approval request specialized data) through an encryption process as shown in FIG. 30. By decoding the payment processing related data (or payment approval request specialized data) and performing a payment processing procedure corresponding to the decrypted payment processing related data (or payment approval request specialized data), the payment terminal 140. And a preferred embodiment of an electronic payment processing method that provides high-speed wireless Internet-based end-to-end security between the VAN server 105 and the VAN server 105. Those skilled in the art to which the present invention pertains, VAN server provided in the intention of the person skilled in the art and / or each of the above VAN operators with reference to the drawing 31 does not violate the essential technical matters of the present invention. Various electronic payment processing methods corresponding to the technical features of 105 may be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 31, payment processing related data (or payment approval request) encrypted from the payment terminal 140 as shown in FIGS. 4A, 4B, and 4C through the encryption procedure as shown in FIG. 30 from the payment terminal 140 to the VAN server 105. When the full text data is received through the communication path as shown in FIG. 3a or 3b (3100), the VAN server 105 exchanges the received payment processing related data (or payment approval request professional data) with an electronic signature and key exchange. By way of the decryption process 3105, end-to-end security for the payment terminal 140 and the VAN server 105 is secured. A detailed procedure thereof will be described in detail with reference to FIG.

If the payment processing related data (or payment approval request specialized data) is not decrypted (3110), the VAN server 105 generates payment processing result data (or payment approval specialized data) including a predetermined payment error message. In operation 3115, the payment terminal 140 transmits the payment to the payment terminal 140.

On the other hand, if the payment processing related data (or payment approval request specialized data) is decrypted (3110), the VAN server 105 and the payment information contained in the decrypted payment processing related data (or payment approval request specialized data) and By reading the payment means information, and performs the electronic payment procedure in connection with a predetermined card company server and / or bank server (3120), and the payment processing related data (or payment approval request specialized data from the card company server and / or bank server) (3125) a predetermined payment processing result data (or payment approval specialized data) corresponding to) is received.

If predetermined payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from the card company server and / or the bank server (3130), the VAN server ( In step 105, the payment processing result data (or payment approval specialized data) is encrypted by electronic signature and key exchange method (3135), and the encrypted payment processing result data (or payment approval specialized data) is stored in the drawings 3a or 3b. Through the communication path as shown in FIG. 4A, FIG. 4B, and the payment terminal 140 as shown in FIG. 4C (3140), a detailed procedure thereof will be described in detail with reference to FIG.

32A and 32B illustrate a method of decrypting payment processing related data (or payment approval request specialized data) encrypted and received at the VAN server 105 by an electronic signature and key exchange method according to an embodiment of the present invention. to be.

In more detail, FIGS. 32A and 32B are encrypted payments received from a payment terminal 140 having an encryption function as shown in FIGS. 4A, 4B, and 4C in the VAN server 105 as shown in FIG. A preferred method of decrypting processing related data (or payment approval request specialized data) by an electronic signature and key exchange method, wherein the encrypted payment processing related data (or payment approval request specialized data) is converted into an electronic signature and key exchange method. The VAN server 105 private key and the payment terminal public key for decryption correspond to a security application module (SAM) provided in the payment terminal 140 (or the card terminal 475 of the payment terminal 140). It is preferable to read from the security application module provided in the VAN server 105.

Referring to FIGS. 32A and 32B, the receiver 700 of the VAN server 105 stores data related to payment processing encrypted from the operator network 100 of the high-speed wireless Internet through the TCP / IP-based Internet and / or a dedicated line. Receives a packet corresponding to a communication protocol stack including (or payment approval request specialized data) to restore (or generate) encrypted transaction data transmitted from the payment terminal 140 (3200), and restore (or generate). The transaction data is provided to the encryption unit 710 (3205), and the transaction data is encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key encrypted with the secret key. A copy of the certificate including the digest and the payment terminal public key, and the secret key encrypted with the VAN server 105 public key. It is desirable to lose.

The encryption unit 710 extracts the private key of the VAN server 105 from the security application module included in the VAN server 105 to decrypt the private key encrypted with the public key of the VAN server 105 (3210). By decrypting the secret key through the VAN server 105 private key, the message digest and the payment terminal public key encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key. The secret key for decrypting the copy of the certificate including the symbol is extracted (3220).

When the secret key is extracted as described above, the encryption unit 710 uses the extracted secret key and the message digest encrypted with the payment processing related data (or payment approval request specialized data) and the payment terminal private key, and the By decrypting a copy of the certificate including the payment terminal public key (3225), the message digest and the payment terminal disclosure encrypted with the payment processing related data (or payment approval request specialized data) encrypted with the secret key and the payment terminal private key. Extract a copy of the certificate that contains the key.

In addition, the encryption unit 710 decrypts the message digest encrypted with the payment terminal private key (3230) through the payment terminal public key (3230), so that the payment terminal-related data (or payment approval request) Message digest generated and transmitted (3235), and the received message processing related data (or payment approval request specialized data) is a predetermined message digest through the same one-way hash function as the payment terminal 140. After generating 3240, the generated message digest is compared with the decrypted message digest (3245) to check the validity of the received payment processing related data (or payment approval request specialized data).

If the generated message digest coincides with the decrypted message digest (3250), the encryption unit 710 provides the payment processing related data (or payment approval request specialized data) to the payment processing unit 715 ( 3255), the payment processing unit corresponding to the payment processing related data (or payment approval request specialized data) in conjunction with at least one card company server and / or bank server in accordance with the payment processing procedure defined in the VAN server 105 Perform payment processing.

FIG. 33 is a diagram illustrating a method of encrypting and transmitting payment processing result data (or payment approval specialized data) in a digital signature and key exchange method in a VAN server 105 according to an embodiment of the present invention.

More specifically, FIG. 33 shows payment processing result data (or data) received from a card company server and / or a bank server corresponding to the payment processing related data (or payment approval request specialized data) in the VAN server 105 as shown in FIG. The preferred embodiment of the present invention encrypts payment approval data) using an electronic signature and a key exchange method, and the payment terminal public key and the VAN server 105 private key for encryption are provided in the VAN server 105. It is preferable to read from the security application module.

Referring to FIG. 33, payment processing result data (or payment approval message) corresponding to the payment processing related data (or payment approval request specialized data) from the card company server and / or the bank server of the VAN server 105 to the payment processing unit. When the data is received, the encryption unit is provided with the data (3300), and the payment processing result data (or payment approval specialized data) of a predetermined one-way hash function (eg, the payment processing result data (or payment approval specialized data) Create a message digest containing a hash code (HA 120) shcode of any length, regardless of length, and verify (or infer) the original message via the hash code (or message digest). A one-way hash function (HA 120sh function) that cannot be generated. The predetermined message digest is generated through the VAN server 105 and the payment terminal using the same hash function. And 3305, by encrypting with the VAN server 105, a private key, the message digest and digital signature (3310).

In addition, the encryption unit 710 generates a predetermined random secret key for encrypting the payment processing result data (or payment approval specialized data) by a secret key (symmetric key) method ( 3315), the secret generated by linking a certificate copy including the message digest encrypted with the payment processing result data (or payment approval specialized data) and the VAN server 105 private key and the VAN server 105 public key; Encrypt with a key (3320).

In addition, the encryption unit 710 extracts (3325) a predetermined payment terminal public key from the security application module to encrypt the secret key that encrypts the payment processing result data (or payment approval specialized data). The secret key used for encryption is encrypted using the payment terminal public key (3330).

The payment processing result data (or payment approval data) and the copy of the certificate including the message digest encrypted with the VAN server 105 private key and the VAN server 105 public key are linked to each other through the generated secret key. If the secret key is encrypted using the payment terminal public key, the encryption unit is encrypted with the payment processing result data (or payment approval specialized data) and the VAN server 105 private key encrypted with the secret key. A certificate copy including the message digest and the VAN server 105 public key is generated in association with a secret key encrypted with the payment terminal public key to generate predetermined transaction data and provide it to the transmission unit 705.

The transmission unit 705 generates at least one SDU / PDU from the transaction data and stores it in a higher layer on a communication protocol stack (3335), thereby establishing a network of the VAN server 105 and the carrier network 100 of the high-speed wireless Internet. A packet corresponding to a communication protocol stack defined between the connecting Internet and / or a dedicated line is generated, and the generated packet is transmitted to the payment terminal 140 through a network component on the high-speed wireless Internet.

34 is a diagram illustrating a payment processing procedure of the payment terminal 140 for the high-speed wireless Internet-based electronic payment processing according to an embodiment of the present invention.

In more detail, as shown in FIG. 29, in FIG. 34, the payment terminal 140 encrypts predetermined payment processing-related data (or payment approval request specialized data) and transmits the encrypted data to the VAN server 105. 105, the VAN server 105 receives the payment processing result data (or payment approval specialized data) by decrypting the payment processing result data (or payment approval specialized data) encrypted and received from the electronic signature and the key exchange method. As a preferred embodiment of the electronic payment processing method for providing high-speed wireless Internet-based end-to-end security between the payment terminal 140, if the person skilled in the art to which the present invention pertains, With reference to the payment terminal 140 corresponding to the Figures 4a, 4b and 4c without departing from the core technical matters of the present invention with reference to Various electronic payment processing methods for providing VAN server 105 and portable Internet-based end-to-end security will be easily inferred, and the present invention is not limited thereto.

Referring to FIG. 34, the payment terminal 140 that transmits encrypted payment processing related data (or payment approval request specialized data) through the same process as in FIG. 29 may transmit the VAN server 105 through the high-speed wireless Internet. Waiting for the payment processing result data (or payment approval specialized data) corresponding to the payment processing related data (or payment approval request specialized data) is received from (3400).

If payment processing result data (or payment approval professional data) corresponding to the payment processing related data (or payment approval request specialized data) is received (3405), the payment terminal 140 receives the received payment processing result data ( Alternatively, the payment approval specialized data) may be decoded and output using an electronic signature and a key exchange method (3410), and a detailed procedure thereof will be described in detail with reference to FIG.

According to the exemplary embodiment of the present invention, the payment process of the payment terminal 140 as shown in FIGS. 29 and 34 is preferably repeated until the payment function of the payment terminal 140 ends (3415).

35A and 35B illustrate a method of decrypting payment processing result data (or payment approval specialized data) encrypted and received by the payment terminal 140 according to an exemplary embodiment of the present invention by an electronic signature and a key exchange method. .

In more detail, FIGS. 35A and 35B show an encryption procedure as shown in FIG. 33 from the VAN server 105 as shown in FIG. 7 in the payment terminal 140 having the encryption function as shown in FIGS. 4A and 4B and 4C. The present invention relates to a preferred method of decrypting payment processing result data (or payment approval specialized data) received through an electronic signature and a key exchange method, wherein the payment terminal private key is the payment terminal 140 (or payment terminal 140). It is preferable to read from the security application module (SAM) provided in the card terminal 475).

35A and 35B, the wireless processing unit 470 of the payment terminal 140 includes a packet corresponding to a communication protocol stack including payment processing result data (or payment approval specialized data) encrypted from the high-speed wireless Internet. Receiving (3500), the communication processing unit transmits the transaction data encrypted by the VAN server 105 from the received packet (e.g., the payment processing result data (or payment approval specialized data) encrypted with a predetermined secret key). And restore (or generate) a copy of the certificate including the message digest encrypted with the VAN server 105 private key and the private key encrypted with the payment terminal public key (3505). In operation 3110, the restored (or generated) transaction data is provided to the encryption processing unit 455.

The encryption processing unit 455 extracts a predetermined payment terminal private key for decrypting the secret key encrypted with the payment terminal public key from the security application module included in the payment terminal 140 (3515). By decrypting the private key encrypted with the public key with the payment terminal private key (3520), the message digest and the VAN server 105 encrypted with the payment processing result data (or payment authorization data) and the VAN server 105 private key. Extract the private key for decrypting the copy of the certificate including the public key (3525),

When the secret key is extracted as described above, the encryption processing unit 455 encrypts the message digest encrypted with the payment processing result data (or payment approval specialized data) and the VAN server 105 private key using the extracted secret key. And decrypting a copy of the certificate including the public key of the VAN server 105 (3530), thereby encrypting the payment processing result data (or payment approval specialized data) encrypted with the secret key and the private key of the VAN server 105. A copy of the certificate including the message digest and the VAN server 105 public key is extracted.

The encryption processing unit 455 decrypts the message digest encrypted with the private key of the VAN server 105 through the VAN server 105 public key (3535), thereby allowing the payment processing result data (or payment approval) in the encryption unit. Message digest generated and transmitted (3540), and the received message processing result data (or payment approval expert data) is pre-determined through the same one-way hash function as the encryption unit 710. After generating 3545, the generated message digest is compared with the decrypted message digest (3550) to check the validity of the received payment processing result data (or payment approval specialized data).

If the generated message digest and the decrypted message digest coincide with each other (3555), the encryption processing unit displays the payment processing result data (or payment approval specialized data) through the screen output unit 405. Output (3560a) and / or provided to the printing unit 420 to print (3560b).

According to the present invention, there is an advantage of maintaining high end-to-end security between a payment terminal located in the high-speed wireless Internet and a VAN server when using the high-speed wireless Internet having weak security as a communication network for electronic payment processing.

Claims (9)

Generate payment processing related data (payment approval request specialized data), extract a payment terminal private key from a predetermined terminal side security application module, and electronically sign the payment processing related data (payment approval request specialized data), and the terminal side A copy of the certificate including the VAN server public key and the payment terminal public key is extracted from the security application module, and a predetermined random secret key is generated to copy the certificate including the digital signature and the payment terminal public key and payment processing related data ( Encrypt the payment authorization request data), encrypt the random secret key with the VAN server public key, copy the certificate including the encrypted digital signature and payment terminal public key and payment processing related data (payment authorization request data), The random secret key encrypted with the VAN server public key is concatenated and stored in the upper layer of the portable Internet protocol stack. , The payment terminal transmitting to the portable Internet network by adding a mobile Internet-based MAC layer and the PHY layer to the portable Internet Protocol stack; After removing the portable Internet based MAC layer and the PHY layer from the portable internet protocol stack transmitted by the payment terminal, changing the portable internet protocol stack to an internet protocol stack, and converting the changed internet protocol stack to a VAN server through a communication network. The portable Internet communication network for transmitting; And After receiving the Internet protocol stack transmitted through the portable Internet communication network, a copy of the certificate including the encrypted electronic signature and the payment terminal public key, payment processing related data (payment approval request specialized data), and a VAN server public key. Restores the encrypted random secret key, extracts the VAN server private key from a predetermined server-side security application module, decrypts and reads the random secret key through the VAN server private key, and reads the read random secret key Decrypt the copy of the certificate including the encrypted electronic signature and the payment terminal public key and payment processing related data (payment approval request specialized data), and through the decrypted electronic signature the decrypted payment processing related data (payment approval request) Authenticating the validity data, and if the validity is verified, the decrypted payment processing related data ( Security card payment processing system using a mobile Internet communication network comprising the; authorization request specialized data) VAN server that performs predetermined processing procedure by using the payment. The method of claim 1, The VAN server, Receive payment approval data corresponding to the payment processing related data (payment approval request specialized data) from a card company server, extract the VAN server private key from the server-side security application module, and receive the payment approval specialized data corresponding to the payment approval data. Digital signature, extract the certificate copy including the public terminal of the payment terminal and the VAN server public key from the server-side security application module, generate a predetermined random secret key to include the electronic signature and the VAN server public key Encrypts the copy of the certificate and the payment authorization data, encrypts the random secret key with the public key of the payment terminal, the copy of the certificate including the encrypted digital signature and the VAN server public key, payment approval data, and payment terminal Concatenate the random secret key encrypted with the public key and store it in the upper layer of the Internet protocol stack. And wherein the transmission to the portable Internet network, The mobile Internet communication network, Changing the internet protocol stack transmitted by the VAN server to a portable internet protocol stack, adding a portable internet based MAC layer and a PHY layer to the changed portable internet protocol stack, and transmitting the same to the payment terminal; The payment terminal, After receiving the portable internet protocol stack transmitted through the portable internet communication network, restore a copy of the certificate including the encrypted digital signature and the VAN server public key, payment approval data, and a random secret key encrypted with the payment terminal public key. Extracts a payment terminal private key from the terminal-side security application module, decrypts and reads the random secret key through the payment terminal private key, and encrypts the encrypted digital signature and the VAN server through the read random secret key. Decrypt a copy of the certificate including the public key and the payment approval specialized data, and authenticate the validity of the decrypted payment approval professional data through the decrypted electronic signature, and if the validity is authenticated, the decrypted payment approval professional data is predetermined. Portable person, characterized in that output via the screen output device and / or the printing device of Security card payment processing system using four networks. The method of claim 1 or 2, wherein the payment terminal, A data generator for generating payment processing related data (payment approval request specialized data); Extracts the payment terminal private key from a predetermined terminal-side security application module and electronically signs the payment processing related data (payment approval request specialized data), and the VAN server public key and the payment terminal public key from the terminal-side security application module. Extract a copy of the certificate, generate a predetermined random secret key to encrypt the copy of the certificate including the digital signature and the payment terminal public key and payment processing related data (payment authorization request data), and the random secret key Encrypt with VAN server public key, Extracts a payment terminal private key from the terminal-side security application module, decrypts and reads the encrypted random secret key transmitted from the VAN server through the payment terminal private key, and encrypts the encrypted secret key through the read random secret key. A cryptographic processing unit for decrypting the certificate copy including the digital signature and the VAN server public key and payment approval specialized data, and authenticating the validity of the decrypted payment approval specialized data through the decrypted electronic signature; And A copy of the certificate including the encrypted electronic signature and the payment terminal public key, a payment processing related data (payment approval request specialized data), and a random secret key encrypted with the VAN server public key are concatenated and stored in the upper layer of the mobile Internet protocol stack. Thereafter, the portable Internet protocol stack is added to the portable Internet protocol based MAC layer and the PHY layer and transmitted to the portable Internet communication network. After receiving the portable Internet protocol stack transmitted through the portable Internet communication network, the encrypted digital signature is performed. And a communication processing unit for restoring a copy of the certificate including the VAN server public key, payment approval data, and a random secret key encrypted with the payment terminal public key. According to claim 1 or 2, wherein the VAN server, After receiving the Internet protocol stack transmitted through the portable Internet communication network, a copy of the certificate including the encrypted electronic signature and the payment terminal public key, payment processing related data (payment approval request specialized data), and a VAN server public key. A receiver for restoring an encrypted random secret key; Extract the VAN server private key from a server-side security application module, decrypt and read the random secret key through the VAN server private key, and publish the encrypted electronic signature and payment terminal through the read random secret key. Decrypts a copy of the certificate including a key and payment processing related data (payment authorization request data), and authenticates the validity of the decrypted payment processing related data (payment authorization request data) through the decrypted electronic signature, Extract the VAN server private key from the server-side security application module to electronically sign the payment approval data corresponding to the payment approval data, and include the public key and the VAN server public key of the payment terminal from the server-side security application module. Extract a copy of the certificate, generate a predetermined random secret key to encrypt the copy of the certificate including the digital signature and the VAN server public key and payment authorization data, and encrypt the random secret key with the public key of the payment terminal. An encryption unit; A payment processing unit which performs a predetermined payment processing procedure by interworking with a card company server by using the payment processing related data (payment approval request specialized data) decrypted through the encryption unit; And A copy of the certificate including the encrypted digital signature and the VAN server public key, payment approval data, and a random secret key encrypted with the payment terminal public key are concatenated, stored in the upper layer of the Internet protocol stack, and transmitted to the portable Internet communication network. Card payment security processing system using a portable Internet communication network comprising a; Generating payment processing related data (payment approval request full text data) at the payment terminal; Extracting a payment terminal private key from the terminal-side security application module at the payment terminal and electronically signing the payment processing related data (payment approval request specialized data); Extracting a copy of a certificate including a VAN server public key and the payment terminal public key from a terminal-side security application module at the payment terminal; Generating a random secret key in the payment terminal and encrypting a copy of the certificate including the electronic signature and the payment terminal public key and payment processing related data (payment approval request specialized data); Encrypting the random secret key with a VAN server public key at the payment terminal; A copy of the certificate including the electronic signature encrypted in the payment terminal and the payment terminal public key, payment processing related data (payment authorization request data), and a random secret key encrypted with the VAN server public key are concatenated to form a higher layer of the mobile Internet protocol stack. Storing in a layer; In the mobile terminal, a copy of the certificate including the encrypted electronic signature and the payment terminal public key, payment processing related data (payment authorization request data), and a random secret key encrypted with the VAN server public key are stored in the portable Internet protocol stack. Adding a portable internet based MAC layer and a PHY layer to the base station on the portable internet communication network; The base station on the portable internet communication network removes the portable internet protocol based MAC layer and the PHY layer from the portable internet protocol stack, changes the portable internet protocol stack to an internet protocol stack, and then changes the changed internet protocol stack through a communication network. Transmitting to; After receiving the internet protocol stack from the VAN server, a copy of the certificate including the encrypted digital signature and the payment terminal public key, payment processing related data (payment approval request specialized data), and a random secret key encrypted with the VAN server public key. Restoring; Extracting a VAN server private key from a server-side security application module in the VAN server; Decrypting and reading the random secret key through the VAN server private key in the VAN server; Decrypting a copy of a certificate including the encrypted electronic signature and a payment terminal public key and payment processing related data (payment authorization request specialized data) through the random secret key decrypted by the VAN server; Authenticating validity of the payment processing related data (payment approval request specialized data) decrypted through the electronic signature decrypted by the VAN server; If the validity is verified, performing a predetermined payment processing procedure using the decrypted payment processing related data (payment approval request specialized data) in the VAN server; card using a portable Internet communication network comprising a How to secure your payment. The method according to claim 5, wherein the VAN server performs a predetermined payment processing procedure using the decrypted payment processing related data (payment approval request specialized data). Receiving payment approval data corresponding to the payment processing related data (payment approval request specialized data) from a card company server at the VAN server; Extracting the VAN server private key from the server-side security application module in the VAN server and digitally signing the payment approval specialized data corresponding to the payment approval data; Extracting a copy of a certificate including a public key of the payment terminal and a VAN server public key from a server-side security application module in the VAN server; Generating a predetermined random secret key in the VAN server and encrypting a copy of the certificate including the digital signature and the VAN server public key and payment authorization data; Encrypting, at the VAN server, the random secret key with the public key of the payment terminal; A base station on a mobile Internet communication network by storing a copy of a certificate including an electronic signature encrypted in the VAN server and a public key of the VAN server, payment approval data, and a random secret key encrypted with the payment terminal public key and storing them in an upper layer of the Internet protocol stack. Transmitting to; Changing the internet protocol stack to a portable internet protocol stack by a base station on the portable internet communication network, and adding a portable internet based MAC layer and a PHY layer to the changed portable internet protocol stack to transmit to the payment terminal; Restoring a copy of the certificate including the encrypted electronic signature and the VAN server public key, payment authorization data, and a random secret key encrypted with the payment terminal public key after receiving the portable Internet protocol stack at the payment terminal; Extracting a payment terminal private key from the terminal-side security application module at the payment terminal; Decrypting and reading the random secret key through the payment terminal private key in the payment terminal; Decrypting a copy of the certificate including the encrypted electronic signature and the VAN server public key and payment approval text data through the random secret key decrypted by the payment terminal; Authenticating the validity of the decrypted payment approval text data through the electronic signature decrypted by the payment terminal; If the validity is authenticated, the payment terminal outputs the decrypted payment approval message data through a predetermined screen output device and / or printing device; card payment security processing using a portable Internet communication network comprising a Way. A computer-readable recording medium having recorded thereon a program for executing the method of claim 5 or 6. A payment means reader for reading card information; An information input unit configured to process input of predetermined payment related data; A data generation unit generating predetermined payment processing related data (payment approval request specialized data) based on the card information read out by the payment means reading unit and the payment related data input through the information input unit; Extracts the payment terminal private key from a predetermined terminal-side security application module and electronically signs the payment processing-related data (payment approval request specialized data), and the VAN server public key and the payment terminal public key from the terminal-side security application module. Extracts a copy of the certificate, generates a predetermined random secret key, encrypts the copy of the certificate including the digital signature and the payment terminal public key and payment processing related data (payment authorization request data), and encrypts the random secret key. An encryption processing unit to encrypt the VAN server public key; And A copy of the certificate including the encrypted electronic signature and the payment terminal public key, a payment processing related data (payment approval request specialized data), and a random secret key encrypted with the VAN server public key are concatenated and stored in the upper layer of the mobile Internet protocol stack. And a communication processor for adding the portable Internet based MAC layer and the PHY layer to the portable internet protocol stack and transmitting the portable internet protocol network to the portable internet communication network. A computer-readable recording medium having recorded thereon a program for executing a function of a payment terminal device component of claim 8.

Images