KR20080081878A - Packet access router in high-speed mobile internet and recording medium - Google Patents

Abstract

A PAR(Packet Access Router) in a high-speed mobile Internet communication network and a recording medium for the same are provided to maintain high end-to-end security between a payment terminal installed at an affiliated store and a VAN(Value Added Network) by automatically or preferentially connecting the payment terminal with the VAN in case of using the mobile high-speed Internet as a communication network for electronic payment. A PAR in a high-speed mobile Internet communication network comprises a subscriber information processing part(405), a traffic connection request receiving part(410), a judgement part(420), and a traffic connection request processing part(415). The subscriber information processing part settles the flow number of certain subscriber profile information corresponding to a payment terminal installed at an affiliated store to "1", and establishes service flow information to automatically or preferentially connect the payment terminal to a VAN server(110) in a VAN. In case that the payment terminal makes a traffic connection request, the traffic connection request receiving part receives the payment terminal's traffic connection request information through a base station which is located on the high-speed mobile Internet communication network. The judgement part confirms the subscriber profile information and the service flow information, and judges whether to allocate a communication path compulsorily between the payment terminal and the VAN server. The traffic connection request processing part automatically or preferentially connects the payment terminal to the VAN server, based on a result from the judgement part.

Description

Packet Access Router in High-Speed Mobile Internet and Recording Medium

1 is a view showing a preferred system configuration according to the embodiment of the present invention.

2 is a diagram illustrating a subscriber profile information storing process for providing a high speed wireless internet-based virtual private communication network having a high speed wireless internet system as a network infrastructure according to an embodiment of the present invention.

3A and 3B are diagrams illustrating subscriber related information for a VPN generated and managed in a PAR on a high-speed wireless Internet according to an embodiment of the present invention.

4 is a diagram showing a preferred functional configuration for setting up a high speed wireless Internet based virtual private communication network in a PAR on a high speed wireless Internet according to an embodiment of the present invention.

5 is a view showing a preferred process for implementing a high-speed wireless Internet-based virtual private communication network in the network connection process of the card payment terminal device for VPN according to the embodiment of the present invention.

6 is a diagram illustrating a preferred embodiment of a high-speed wireless Internet-based virtual private communication network corresponding to a VAN company network according to an embodiment of the present invention.

7 is a diagram illustrating a preferred process for processing a traffic connection request of a VPN card payment terminal device through a high-speed wireless Internet-based virtual private communication network corresponding to a VAN company network according to an embodiment of the present invention.

<Description of main parts of drawing>

100: VAN company network 105: VPN subscriber information D / B

110: VPN server 115: security server

120: payment processing server 125: terminal management server

130: community server 135: network operators network

The present invention is characterized in that it is located on a high-speed wireless Internet communication network, a packet access router for forcibly allocating a communication path between an affiliated store terminal and a value-added communication network in the high-speed wireless Internet communication network, the predetermined corresponding to the affiliated store terminal Predetermined service flow information that fixes the number of flows of subscriber profile information to "1" and automatically connects (or preferentially connects to) a virtual private network (VPN) server provided in the value added communication network. A subscriber information processor configured to set a traffic information, a traffic connection request information receiver configured to receive traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network when the affiliated store terminal requests a predetermined traffic connection; In response to the traffic connection request merchant terminal Determining a communication path of the affiliated store terminal by determining the set subscriber profile information and service flow information, and determining the communication path of the affiliated store terminal through the high-speed wireless Internet network according to a determination result of the determination unit; The present invention relates to a packet access router on a high-speed wireless Internet communication network including a traffic connection request processing unit configured to automatically connect (or first connect) to a virtual private network (VPN) server provided in a value added communication network.

Due to the rapid development of information and communication technology, certain payment means are provided in a media including an MS (Magnetic Stripe) card and / or an IC (Integrated Circuit) card and / or an IC chip mounted or detached from a predetermined wireless terminal. In the case of payment on and off-line, an electronic payment system for payment processing using a payment means provided in the medium has become popular.

The electronic payment system is a user-owned medium having at least one valid payment means (e.g. MS card, IC card, IC chip, etc.), and recognizes the medium and reads the valid payment means information from the medium is predefined And a payment server for approving payment processing for the payment means, and a payment network for connecting the payment terminal and the payment server. After leasing a predetermined communication network from one or more network operators and configuring a payment network between the payment terminal and the payment server through the leased network, the network fee corresponding to the network usage fee from a card company and / or a bank operating the payment server. You will receive a Banfi.

In the conventional electronic payment system as described above, the profit of the VAN company is limited to the banpy, and it is difficult to generate additional income (for example, collecting a communication fee to an affiliated store) in addition to the banpy.

An object of the present invention is characterized in that located on a high-speed wireless Internet communication network, the packet access router for forcibly allocating a communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, corresponding to the merchant terminal The predetermined number of flows of subscriber profile information is fixed to " 1 ", and the communication path of the affiliated store terminal is automatically connected (or preferentially connected) to a VPN (Virtual Private Network) server provided in the value added communication network. A subscriber information processing unit for setting service flow information and a traffic connection request information receiving unit for receiving traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network when the affiliated store terminal requests a predetermined traffic connection. And corresponding to the traffic connection request merchant terminal Determine the predetermined subscriber profile information and service flow information, and determine whether to determine the forced assignment of the communication path of the affiliated store terminal and the communication path of the affiliated store terminal through the high-speed wireless Internet communication network according to the determination result. To provide a packet access router on a high-speed wireless Internet communication network having a traffic connection request processing unit for processing to automatically connect (or preferentially connected) to a virtual private network (VPN) server provided in the value-added communication network.

A packet access router on a high speed wireless internet communication network according to the present invention is located on a high speed wireless internet communication network, and the packet access router for forcibly allocating a communication path between an affiliated store terminal and a value added communication network in the high speed wireless internet communication network. In the method, the number of flows of predetermined subscriber profile information corresponding to the affiliated store terminal is fixed to "1", and the communication path of the affiliated store terminal is automatically connected to a virtual private network (VPN) server provided in the value added communication network ( Or a subscriber information processing unit for setting predetermined service flow information to be connected first) and traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network when the affiliated store terminal requests a predetermined traffic connection. Of traffic connection request information receiving And a determination unit for determining whether the communication path is forcibly allocated to the affiliated store terminal by confirming preset subscriber profile information and service flow information corresponding to the traffic connection request affiliated store terminal. And a traffic connection request processing unit configured to automatically connect (or preferentially connect) a communication path of the affiliated store terminal to a virtual private network (VPN) server provided in the value added communication network through a high speed wireless Internet communication network. .

According to the present invention, the subscriber information processing unit registers the card payment terminal device of the affiliated store terminal provided through a base station located on the high speed wireless Internet communication network when power is input to the affiliated store terminal. The AAA server provides information to an AAA server located on the high-speed wireless Internet communication network, requests predetermined subscriber profile information, and provides subscriber profile information corresponding to the card payment terminal device registration information from the AAA server. It is characterized in that the affiliated store terminal to read the subscriber profile information provided by the subscriber to determine whether the VPN subscriber corresponding to the value-added communication network.

In addition, the packet access router, characterized in that located on the high-speed wireless Internet communication network, for assigning a communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, Receiving predetermined subscriber profile information corresponding to the affiliated store terminal whose flow number is fixed to "1" from an AAA server, and based on the subscriber profile information, a VPN having a communication path of the affiliated store terminal provided in the value added communication network. (Virtual Private Network) Subscriber information processing unit for setting the predetermined service flow information to automatically connect (or preferentially connected) to the server, and the base station located on the high-speed wireless Internet communication network when the predetermined traffic connection request from the merchant terminal Traffic connection request of the merchant terminal through Determining unit and the determination unit for determining whether to force the communication path of the merchant terminal by checking the traffic connection request information receiving unit for receiving the transmission, the subscriber profile information and the service flow information set in correspondence to the traffic connection request affiliate terminal; According to the determination result, the traffic connection request processing unit for processing to automatically connect (or preferentially connected) to the VPN (Virtual Private Network) server provided in the value-added communication network via the high-speed wireless Internet communication network; Characterized in that made.

In addition, the packet access router, characterized in that located on the high-speed wireless Internet communication network, for assigning the communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, the merchant terminal request a predetermined traffic connection request And a traffic connection request information receiving unit for receiving traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network, and in the value added communication network in predetermined subscriber profile information corresponding to the affiliated store terminal. If the VPN (Virtual Private Network) server connection information is set in advance, and the traffic connection request information of the affiliated store terminal is received through the traffic connection request information receiving unit, it is included in the subscriber profile information corresponding to the traffic connection request merchant terminal. VPN (Virtual Private) Network (VPN) server connection information, and based on the verified virtual server (VPN) server connection information, the connection path of the affiliated store terminal is automatically connected to a virtual private network (VPN) server provided in the value-added communication network ( Or a VPN provided in the value-added communication network through a communication path of the affiliated store terminal through the high-speed wireless Internet communication network based on the subscriber information processing unit generating predetermined service flow information and the generated service flow information. (Virtual Private Network) characterized in that it comprises a traffic connection request processing unit for processing to automatically connect (or preferential connection) to the server.

According to the present invention, the subscriber information processing unit registers the card payment terminal device of the affiliated store terminal provided through a base station located on the high speed wireless Internet communication network when power is input to the affiliated store terminal. The AAA server provides information to an AAA server located on the high-speed wireless Internet communication network, requests predetermined subscriber profile information, and provides subscriber profile information corresponding to the card payment terminal device registration information from the AAA server. It is characterized in that the affiliated store terminal to read the subscriber profile information provided by the subscriber to determine whether the VPN subscriber corresponding to the value-added communication network.

According to the present invention, the virtual private network (VPN) server connection information may include the virtual private network (VPN) server address information and communication port information.

In addition, the packet access router, characterized in that located on the high-speed wireless Internet communication network, for assigning the communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, the merchant terminal request a predetermined traffic connection request And a traffic connection request information receiving unit for receiving traffic connection request information of the affiliated store terminal through a base station located on the high speed wireless internet communication network, and the value added communication network from an AAA server located on the high speed wireless internet communication network. Receiving and storing subscriber profile information corresponding to the affiliated store terminal to which the virtual private network (VPN) server connection information is set, and receiving the traffic connection request information of the affiliated store terminal through the traffic connection request information receiving unit, the traffic Connection request Checking the virtual private network (VPN) server connection information included in the subscriber profile information corresponding to the blind spot terminal, and based on the confirmed virtual private network (VPN) server connection information, the communication path of the affiliated store terminal is the added value. Based on the subscriber information processing unit for generating predetermined service flow information for automatically connecting (or preferentially connecting) to a VPN (Virtual Private Network) server provided in the communication network and the generated service flow information, through the high-speed wireless Internet communication network. And a traffic connection request processor for automatically connecting (or prioritizing) a communication path of the affiliated store terminal to a virtual private network (VPN) server provided in the value added communication network.

According to the present invention, the virtual private network (VPN) server connection information may include the virtual private network (VPN) server address information and communication port information.

The present invention includes a computer-readable recording medium which records a program for executing a function of a packet access router component on a high-speed wireless Internet communication network described above.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be based on the contents throughout the present title.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a view showing a preferred system configuration according to the embodiment of the present invention.

More specifically, Figure 1 is a merchant terminal wirelessly connected to a high-speed portable Internet (HPi) based 2.3GHz high-speed wireless Internet system that provides wireless access technology including mobility of more than 60 km / h and a transmission rate of 1 Mbps (Hereinafter referred to as a "card payment terminal device"), when a predetermined traffic connection request is made from the card payment terminal device, the traffic connection is connected to the VAN company network 100 connected to the high-speed wireless Internet system and the traffic connection. A preferred configuration of a high-speed wireless Internet-based virtual private network (VPN) for automatically connecting (or preferentially connecting) a communication path for a communication path is provided. When the network is connected to the Internet, the card payment terminal device is provided in the VAN company network 100 through the virtual private communication network. It is characterized in that the automatic connection (or first connection) to the VPN server 110, and then the card payment terminal device targets at least one or more servers (or devices) provided in the VAN company network 100 and / or the Internet All traffic generated by the system is characterized in that the VPN server 110 occurs as a gateway (Gateway) and / or a proxy server (Proxy Server).

The high-speed wireless Internet system of the 2.3 GHz frequency band is a cellular network configuration using an Orthogonal Frequency Division Multiple Access (OFDMA) / Time Division Duplex (TDD) scheme and a network configuration of IP-based wireless data services. It can effectively adapt to downlink asymmetric transmission characteristics, support handoff to ensure cell-to-cell mobility without interruption of service, dynamically or statically assign IP to handheld terminals, and make system access for unauthorized users more efficient. It guarantees the quality of service against delay and packet loss, which is suitable for high speed transmission of various types of IP-based packet data such as streaming video, FTP, mail, chat, etc. provided by wired internet. Including features.

Referring to FIG. 1, the high-speed wireless Internet system includes at least one card payment terminal device (eg, an access terminal (AT) or a portable subscriber station (PSS)) equipped with a function of processing a communication protocol stack defined in the high-speed wireless internet. ), A base station (e.g., an access point (AP) or a radio access station (RAS)), a packet access router (Pecket Access Router PAR) and at least one carrier network connecting the PAR, The operator network includes a home agent (HA) for mobility of IP to the card payment terminal device, an authentication, authorization and accounting (AAA) server for authentication and billing of a user, a management server (Network Management System) and an external device. It further comprises a foreign agent (FA) that interworks with the wireless network.

Referring to FIG. 1 according to a preferred embodiment of the present invention, the high-speed wireless Internet system uses a DHCP (Dynamic Host Configuration Protocol) server and DNS for allocating and registering a MIP to a card payment terminal device accessing the high-speed wireless Internet. Further, at least one or more components may be added according to the intention of the operator and / or the type of additional service.

The card payment terminal device is an endpoint of a wireless channel in the high-speed wireless Internet system, and communicates with the base station in an OFDMA manner, and transmits and receives a wireless channel, a MAC processing function, a handover function, a user authentication and encryption function, and a radio link control management. Function and so on.

The base station performs a wired / wireless channel conversion function to transfer information (or data) received from the card payment terminal device to the PAR or, conversely, converts various information (or data) received from the PAR into an OFDMA-based radio signal. Packet retransmission function for error-free packet transmission / reception, packet scheduling and radio bandwidth allocation function, ranging function, ranging of packet call connection, It performs connection control, handover control and PAR access functions related to maintenance and release.

The PAR is connected to and manages a plurality of base stations, and performs a handover control function to ensure high-speed mobility in the PAR. To this end, the base station and the PAR are connected based on the IP protocol, and is preferably configured based on a gigabit Ethernet switch for high-speed packet transmission.

In addition, the high-speed wireless Internet system provides a Uh interface between the card payment terminal and the base station, an Ah interface between the base station and the PAR, a Ph interface between the PAR and the PAR, AAA and HA of the PAR and the operator network to provide high-speed wireless communication. Ih interface etc. are provided in between.

The Uh interface provided between the card payment terminal device and the base station conforms to HPi's Physical Layer (PHY) and Media Access Control (MAC) standards, and the physical layer and MAC standards are LOS (Line Of Sight). It is based on the 2.3GHz band with a non-guaranteed multipath channel environment, and provides mobility based on the wireless access standard of the IEEE 802.16 series.

According to an embodiment of the present invention, the physical layer standard of the Uh interface includes all items corresponding to OFDMA in the IEEE802.16 standard, and the changed parts of the IEEE 802.16 standard are OFDMA subcarriers for frame structure, uplink and downlink. Allocation method and channel encoding method. Additional additions include Transmit / Receive Transition Gap (TGT), Receive / Transmit Transition Gap (RTG), and RF parameters to accommodate a maximum radius of 1km. In addition, the MAC standard is optimized for the OFDMA PHY. The ranging and bandwidth request procedures are modified to fit the OFDMA PHY, and a handover function for mobility support is added. In addition, a sleep mode function for reducing power consumption of the terminal and a mechanism for checking the communication disconnection status and recovering the allocated resources at the time of interruption were added.

The Ah interface between the base station and the PAR is used in the ANAP (Access Network Application Part) protocol that defines the control messages for smooth communication between the base station and the PAR, the Ph interface between the PAR and the PAR is used for smooth communication between the PAR The PAR-PAR Application Part (PPAP) protocol, which specifies control messages, is used.

The standard for the Ih interface between the PAR and the AAA is based on the IETF Diameter Base protocol, and also refers to the IETF Diameter MIP Application and the IETF Diameter Extensible Authentication Protocol (EAP). In addition, the standard for the Ih interface between the PAR and the HA is based on MIP (Mobile IP) of IETF RFC 3344, and MIP NAI (Network Access Identification) extension, MIP Challenge / Response extension, AAA Registration Key Extension, MIP extension for AAA NAI and MIP extension for reverse tunneling are added and used.

According to an exemplary embodiment of the present invention, an integrated card payment terminal apparatus configured to perform a high-speed wireless Internet-based electronic payment processing by embedding the OFDMA-based wireless access function in a predetermined card terminal, a predetermined card terminal end, and the OFDMA-based wireless access function. A modular card payment terminal device connected to a wireless terminal having a high speed wireless Internet-based electronic payment processing, and an interlocking card payment terminal for performing electronic payment processing by interworking a predetermined card terminal with an OFDMA-based wireless terminal. It is preferred that the device comprises at least one device.

The card payment terminal device is automatically connected (or preferentially connected) to a predetermined value added network (VAN) company network through a high-speed wireless Internet system including at least one predetermined base station and a PAR. The payment terminal device and the VAN company network 100 may be directly connected to the high-speed wireless Internet through a predetermined dedicated line, and / or may be connected to the high-speed wireless internet and the Internet, and the present invention is not limited thereto. No.

Referring to FIG. 1, the VAN company network 100 includes a virtual private network (VPN) server to which the card payment terminal device is initially connected through the high-speed wireless Internet. A predetermined payment processing server 120 performing a defined unique function (for example, a card payment terminal device performing a function of a payment terminal for electronic payment processing and a card company / bank); and the card payment terminal A predetermined security server 115 that performs a security procedure for the device is characterized in that it works in conjunction with the VPN server (110). The VPN server 110 and the payment processing server 120 may be implemented in different servers, and / or in one server, which interoperate on the VAN company network 100 as shown in FIG. In addition, the VPN server 110 and the security server 115 may also be implemented in different servers and / or implemented in one server as shown in FIG.

According to an embodiment of the present invention, the VAN company network 100 is at least one VPN card payment terminal for automatic connection (or first connection) with the VPN server 110 via the high-speed wireless Internet of the VNA company network And a VPN subscriber information D / B 105 that stores device and / or subscriber information for the VPN, thereby automatically connecting (or prioritizing) to the VPN server 110 in the VAN company network 100. An authentication procedure for at least one card payment terminal device and / or subscriber may be performed.

According to the exemplary embodiment of the present invention, the VAN company network 100 may further include at least one terminal management server 125 and / or community server 130 interworking with the VPN server 110. According to the intention of the VAN operator operating the VAN company network 100, at least one server may be provided in conjunction with the VPN server 110, whereby the present invention is not limited.

The VPN server 110 is connected to the VAN company network 100 of the card payment terminal devices on the high-speed wireless Internet (at least one or more of the card payment terminal device that is connected first), the VAN company network 100 And a VAN company network 100 access point for automatic connection (or priority connection), thereby automatically connecting (or prioritizing) the VAN company network 100 to the card payment terminal device. The communication server connects a communication channel with at least one connection target server through the VPN server 110, and transmits and receives at least one packet with the at least one connection target server through the VPN server 110. For example, the VPN server 110 may include at least one server (or device) provided in an external network other than the high-speed wireless Internet from a card payment terminal device automatically connected (or preferentially connected) with the VAN company network 100. It is desirable to perform the function of a proxy server to communicate with.

According to the present invention, the VPN server 110 is connected to the VAN company network 100 of the card payment terminal device on the high-speed wireless Internet at least one or more card payment terminal device that is automatically connected (or preferentially connected) It is characterized by implementing a high-speed wireless Internet-based virtual private communication network using the Internet system as a network infrastructure.

According to an exemplary embodiment of the present invention, a card payment terminal device automatically connected (or preferentially connected) with the VAN company network 100 is a predetermined payment terminal, and is provided in the VAN company network 100 from the payment terminal. When a traffic connection with the predetermined payment processing server 120 is requested, the VPN server 110 preferably connects a communication channel between the payment terminal and the payment processing server 120. In addition, when predetermined payment request data is received from the payment terminal through the communication channel, the VPN server 110 relays the payment request data to the payment processing server 120 through the communication channel. desirable. In addition, when predetermined payment approval data corresponding to the payment request data is transmitted from the payment processing server 120 through the communication channel, the VPN server 110 receives the payment approval data through the communication channel. It is preferable to relay transmission to the payment terminal that has transmitted the payment request data.

According to another exemplary embodiment of the present invention, at least one server (eg, terminal management) provided in the VAN company network 100 from a card payment terminal device automatically connected (or first connected) with the VAN company network 100. When a traffic connection with the server 125 and / or the community server 130) is requested, the VPN server 110 may include at least one server provided in the card payment terminal device and the VAN company network 100; It is desirable to connect the communication channels. In addition, when a packet receiving at least one or more servers provided in the VAN company network 100 as a receiving side is received from the card payment terminal device, the VPN server 110 transmits the packet to the VAN company through the communication channel. It is preferable to relay transmission to the server provided in the network (100). In addition, when a packet for receiving a card payment terminal device connected to the communication channel is received from a server provided in the VAN company network 100, the VPN server 110 communicates the packet through the communication channel. It is preferable to relay transmission to the card payment terminal connected to the channel.

According to another exemplary embodiment of the present invention, at least one provided externally on the Internet connected to the VAN company network 100 from a card payment terminal device automatically connected (or first connected) with the VAN company network 100. When a traffic connection is requested with more than one server (or device) (e.g., a web server provided on the Internet and / or at least one or more devices (or servers) connected to the Internet, etc.), the VPN server 110 may accept the card. It is preferable to connect a communication channel with a terminal device and at least one server (or device) provided on the Internet. In addition, when a packet for receiving at least one server (or device) provided on the Internet from the card payment terminal device is received, the VPN server 110 transmits the packet to the Internet via the communication channel. It is preferable to relay transmission to the server (or apparatus) provided. In addition, when a packet receiving the card payment terminal device connected to the communication channel is received from a server provided on the Internet, the VPN server 110 transmits the packet to the card through which the communication channel is connected. It is preferable to relay transmission to a payment terminal device.

The payment processing server 120 receives predetermined payment request data from the payment terminal when the card payment terminal device that is automatically connected (or preferentially connected) with the VAN company network 100 is a predetermined payment terminal. Read payment request data to identify a card company and / or bank that processes electronic payment corresponding to the payment request data, provide the payment request data to the verified card company server and / or bank server, and provide the card company server and And / or a server that receives payment approval data corresponding to the payment request data from a bank server and performs a series of procedures for transmitting the payment approval data to the payment terminal, wherein the server is provided in the VAN company network 100. It features.

According to the embodiment of the present invention, the payment processing server 120 is connected to the payment terminal equipped with the electronic payment processing function of the card payment terminal device provided in the high-speed wireless Internet system through the VPN server 110. It is preferred, and / or to be connected with the card company server and / or the bank server via a predetermined leased line (e.g., a closed network).

The security server 115 is a card payment terminal device that is automatically connected (or first connected) to the VAN company network 100 on the high-speed wireless Internet system and at least one server provided in the VAN company network 100 and / Or, a server that satisfies the security requirements required between at least one server (or device) provided on the Internet interworking with the VAN company network 100, characterized in that provided in the VAN company network 100 It is done.

According to an embodiment of the present invention, the security server 115 is at least one or more provided in the VAN company network 100 from a card payment terminal device that is automatically connected (or preferentially connected) with the VAN company network 100. The data received by the VPN server 110 is encrypted with a predetermined encryption method using a server and / or at least one or more servers (or devices) provided on the Internet interoperating with the VAN company network 100. In this case, it is preferable to include a function for decrypting the encrypted data by a predetermined decryption method corresponding to the encryption method. In addition, the VAN company network 100 from at least one server provided in the VAN company network 100 and / or at least one server (or device) provided on the Internet in conjunction with the VAN company network 100 When the data transmitted to the card payment terminal device which is automatically connected (or preferentially connected) with the data is encrypted and transmitted by a predetermined encryption method, the VAN company network 100 is encrypted by encrypting the transmitted data by the defined encryption method. It is preferable to transmit to the card payment terminal device that is automatically connected (or first connected). According to the intention of the person skilled in the art and / or the implementation method of the security server 115, the function of the security server 115 may be provided in the VPN server 110, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, the security server 115 is at least one server provided in the VAN company network 100 and / or at least provided on the Internet to work with the VAN company network 100 The data received from the VPN server 110 is infected with a virus using a card payment terminal device that is automatically connected (or first connected) to the VAN company network 100 from one or more servers (or devices), and And / or verify that it contains malicious code, warn and / or clean if the data is infected with a virus, and / or warn and / or remove it if the data contains malicious code. desirable. In addition, the security server 115 is at least one server provided in the VAN company network 100 from a card payment terminal device that is automatically connected (or first connected) to the VAN company network 100 according to a predetermined security policy. And / or data received by the VPN server 110 using at least one server (or device) provided on the Internet interoperating with the VAN company network 100 is infected with a virus, and / or It is advisable to verify that it contains malicious code, to warn and / or clean if the data is infected with a virus, and / or to alert and / or remove it if the data contains malicious code. . According to the intention of the person skilled in the art and / or the implementation method of the security server 115, the function of the security server 115 may be provided in the VPN server 110, and thus the present invention is not limited thereto.

According to another exemplary embodiment of the present invention, the security server 115 is a card payment terminal device that is automatically connected (or preferentially connected) with the VAN company network 100 on the high-speed wireless Internet system is the VPN server 110 In the case of automatic connection (or priority connection), the authorization of the card payment terminal device and / or the card payment terminal device in conjunction with the VPN subscriber information D / B 105 provided in the VAN company network 100 It is preferable to perform subscriber authentication for a user, and according to the intention of the person skilled in the art and / or the implementation method of the security server 115, the function of the security server 115 may be provided in the VPN server 110. The present invention is not limited thereby.

Hereinafter, the high-speed wireless Internet system is connected between the VAN company network 100 having the VPN server 110 and a card payment terminal device on the high-speed wireless Internet that is automatically connected to (or preferentially connected to) the VAN company network 100. A process to be performed between the VAN company and a network operator providing the high speed wireless internet system to implement a high speed wireless internet based virtual private communication network having a network infrastructure will be described.

2 is a diagram illustrating a subscriber profile information storing process for providing a high speed wireless internet-based virtual private communication network having a high speed wireless internet system as a network infrastructure according to an embodiment of the present invention.

In more detail, FIG. 2 illustrates a connection between a VAN company network 100 having a VPN server 110 and a card payment terminal device on a high-speed wireless Internet that is automatically connected (or first connected) with the VAN company network 100. The present invention relates to a preferred embodiment of a process of storing subscriber profile information for a VPN in the high speed wireless internet system to implement a high speed wireless internet based virtual private communication network having a high speed wireless internet system as a network infrastructure. Those skilled in the art can easily infer various embodiments of storing subscriber profile information for a VPN in the high-speed wireless Internet system without departing from the essential technical features of the present invention with reference to FIG. The present invention is not limited thereto.

Referring to FIG. 2, the high-speed connection between the VAN company network 100 having the VPN server 110 and a card payment terminal device on the high-speed wireless Internet that is automatically connected to (or preferentially connected to) the VAN company network 100. In order to implement a high-speed wireless Internet-based virtual private communication network having a wireless Internet system as a network infrastructure, a network operator providing the high-speed wireless Internet system with the VAN company has a high-speed wireless Internet-based virtual network having the high-speed wireless Internet system as a network infrastructure. Enter into business partnerships to supply and / or use private networks.

According to an embodiment of the present invention, the business cooperation content is automatically connected (or first connected) with the VAN company network 100 to configure the function of the card payment terminal device constituting the high-speed wireless Internet-based virtual private communication network Element and at least one function component for VPN supply to be provided to at least one network component of the high speed wireless Internet system for providing a high speed wireless Internet based virtual private communication network to the card payment terminal device. It is desirable to be.

In addition, it is preferable that the business cooperation content defines security requirements to be provided to a high-speed wireless Internet-based virtual private communication network having the high-speed wireless Internet system as a network infrastructure. In particular, since the basic business area of the VAN company network 100 corresponds to the electronic payment processing, the security requirements to be provided to the high-speed wireless Internet-based virtual private communication network having the high-speed wireless Internet system as a network infrastructure must be high. do. To this end, the VAN company is a card payment terminal that is automatically connected (or preferentially connected) to the end-to-end (for example, the VAN company network 100) for a high-speed wireless Internet-based virtual private communication network having the high-speed wireless Internet system as a network infrastructure It is desirable to realize an encryption / decryption function between the device and the VPN server 110 (or the security server 115), and the network operator pays for the card automatically connected (or preferentially connected) with the VAN company network 100. It is preferable to realize a function to prevent external intrusion into the communication path connecting the terminal device and the VPN server 110 (or the security server 115) provided in the network on the VAN.

When a business alliance for supplying and / or using a high-speed wireless Internet-based virtual private communication network having the high-speed wireless Internet system as a network infrastructure is concluded, the network operator provides the service to a network component constituting the high-speed wireless Internet system. Implement the function configuration for VPN supply corresponding to the contents of cooperation

If a business alliance is concluded between the VAN company and the network operator as described above, and a VPN supply function configuration corresponding to the business alliance is implemented in the high-speed wireless Internet system, the VAN company uses a predetermined VPN for a predetermined VPN. From the subscriber, predetermined VPN subscriber information corresponding to the business alliance with the network operator is obtained.

According to an embodiment of the present invention, the VPN subscriber may be an affiliated store using a payment terminal equipped with a predetermined electronic payment processing function through the VAN company, wherein the subscriber information for the VPN includes the affiliated store information. It is preferable to make.

According to another exemplary embodiment of the present invention, the VPN subscriber may be at least one individual subscriber who wants to be provided with a high-speed wireless Internet service requiring high security through the VAN company network 100. Subscriber information for the VPN is preferably made to include the personal information for the individual subscriber.

When the subscriber information is acquired as described above, the VAN company stores the obtained subscriber information in the VPN subscriber information D / B, and provides the VPN subscriber with a card payment terminal device corresponding to the business alliance with the network operator. Offer (or rent) or sell.

In addition, the VAN company information on the predetermined VPN subscriber profile including the card payment terminal device registration information provided (or rented) or sold to the VPN subscriber in response to the VPN subscriber information and the business alliance with the network operator. It generates and provides the subscriber profile information for the VPN to the network operator.

According to an embodiment of the present invention, the subscriber profile information for the VPN includes the VPN server 110 address information provided in the VAN company network 100 of the high-speed wireless Internet-based virtual private communication network, and the card payment terminal apparatus is a VPN server. Preferably, the device further includes VPN connection information including communication port information for connecting to 110.

The network operator receiving the VPNN subscriber profile information from the VAN company processes the VPN subscriber profile information and the VAN company information in association with a storage medium for storing a predetermined subscriber profile information (for example, in an AAA server of high-speed wireless Internet). And a storage medium for storing subscriber profile information.

According to another exemplary embodiment of the present invention, if the network operator can determine whether the card payment terminal device is a card payment terminal device automatically connected (or preferentially connected) with the VAN company network 100 using only the subscriber profile information for the VPN. The network operator may store only the subscriber profile information for the VPN in the storage medium for storing the subscriber profile information.

After the subscriber profile information for the VPN is stored as described above, the network provider provides a high speed wireless network access service to the card payment terminal device for the VPN through the high speed wireless Internet system.

Hereinafter, the high-speed wireless Internet system is connected between the VAN company network 100 having the VPN server 110 and a card payment terminal device on the high-speed wireless Internet that is automatically connected to (or preferentially connected to) the VAN company network 100. Functional components to be provided in a high-speed wireless Internet system to implement a high-speed wireless Internet-based virtual private communication network as a network infrastructure will be described through preferred embodiments. However, the functional components to be provided in the high-speed wireless Internet system is not limited to the following embodiments, and those skilled in the art to which the present invention pertains, the present invention through the drawings and description shown below It will be apparent that various implementation methods of the functional components to be provided in the high-speed wireless Internet system can be easily inferred without departing from the core technical characteristics of the present invention, thereby clearly limiting the present invention.

3A and 3B are diagrams illustrating subscriber related information for a VPN generated and managed in a PAR on a high-speed wireless Internet according to an embodiment of the present invention.

3A and 3B illustrate a VAN company network 100 having a card payment terminal device and a VPN server 110 on a high-speed wireless Internet that is automatically connected (or first connected) to the VAN company network 100. It illustrates a preferred implementation method for the desired subscriber-related information stored and managed in the PAR to implement a high-speed wireless Internet-based virtual private communication network having the high-speed wireless Internet system as a network infrastructure.

In general, the subscriber related information includes predetermined subscriber profile information and at least one service flow information. When the card payment terminal device accesses the high-speed wireless Internet, a storage medium for storing predetermined subscriber profile information (generally, It is provided in the AAA server on the wireless Internet, and is obtained from "hereinafter referred to as" AAA server "for convenience), the service flow information is generated by the PAR when the service request via the high-speed wireless Internet in the card payment terminal device.

The subscriber profile item includes a context ID that is a unique identifier between the base station and the PAR, IP address information indicating an internet address of the card payment terminal device, and a message authentication code that is a hardware identification address of the card payment terminal device. Code: MAC) address, number of flows serviced to the card payment terminal device, current service state of the card payment terminal device, number of service levels provided to the card payment terminal device, service class name, subscriber name, the card It is preferable to include an address type serviced by a payment terminal device and a cell ID of a place where the card payment terminal device is located.

The service flow information is information necessary for providing at least one service to a predetermined card payment terminal device. The service flow item is a flow that uniquely distinguishes a context ID and a service flow, which are unique identifiers between the base station and the PAR. It is desirable to include ID, class of service name, quality of service (QoS) type, maximum sustained traffic rate, maximum traffic burst, minimum reserved traffic rate, flow schedule type, and allowed jitter.

In general, the subscriber profile information may be obtained from the AAA server after authentication of the subscriber (or card payment terminal device) accessing the high speed wireless Internet from the AAA server when the card payment terminal device accesses the high speed wireless Internet. It is preferably provided as a PAR, and then managed in the PAR until the service for the subscriber (or card payment terminal device) is released. In addition, the card payment terminal device is generated based on the service request information, session information and / or connection information in the PAR when a predetermined service request is made through the high-speed wireless Internet, and is generated and managed whenever a new service is requested. As a result, it is possible to provide at least one or more services to the card payment terminal device. When the service for the subscriber (or card payment terminal device) is released and the subscriber profile information is deleted from the PAR, the service flow information associated with the subscriber profile information is also deleted.

Referring to Figure 3a, the subscriber profile information for VPN is fixed in the subscriber profile information defined in the high-speed wireless Internet as described above, the number of the service flow is fixed to one and / or the service name class is the VAN company network 100 The VPN server 110 and the communication path provided in the) is characterized in that it is set to automatically connect (or prior connection).

In the implementation method as shown in FIG. 3A, a predetermined VPN card payment terminal device (for example, an initial access process performed in a network access process of the card payment terminal device and a basic capability negotiation process) are performed. And a card payment terminal device identified as a card payment terminal device that is automatically connected (or preferentially connected) with the VAN company network 100 in an authentication process and a registration process for a user or a wireless terminal). The PAR is a VPN server provided in the VAN company network 100 for a communication path for the traffic connection, no matter what traffic connection request is required in the VPN card payment terminal device based on the VPN profile information ( 110) and generates only one service flow information forcibly connecting to the device, and then requests from the card payment terminal device for VPN. The traffic connection request is processed by the VPN server 110 provided in the VAN company network 100.

Referring to FIG. 3B, the subscriber profile information for VPN is to generate the number of service flows as required by the VPN card payment terminal in the subscriber profile information defined in the high-speed wireless Internet as described above. After the traffic connection request from the card payment terminal device for the automatic connection (or priority) to the VPN server 110 provided in the VAN company network 100, and controlled by the VPN server 110 And VPN connection information to be managed.

In the implementation method as shown in FIG. 3B, when a traffic connection request is made by a predetermined VPN card payment terminal device, the PAR sends the traffic connection request requested by the VPN card payment terminal device based on the VPN profile information. It is characterized in that the service flow information to be made / registered through the VPN server 110 provided in the VAN company network 100, the traffic connection request required by the VPN card payment terminal device after the VAN company Processing is performed by the VPN server 110 provided in the network 100.

Those skilled in the art to which the present invention pertains, with reference to the embodiments shown in Figures 3a and 3b, when the traffic connection request from a predetermined card payment terminal device for VPN, provided to the network operator As described above, at least one network component (for example, an AAA server or an HA server other than a PAR) requests traffic connection of a card payment terminal device for a VPN to the VPN server 110 provided in the VAN company network 100. After the path is automatically connected (or prioritized), various embodiments may be easily inferred to be processed, thereby limiting the invention. For example, in the implementation method as shown in FIG. 3B, the VPN connection information additionally included in the subscriber profile information may be stored in a storage medium provided in the AAA server.

4 is a diagram illustrating a preferred functional configuration for establishing a high speed wireless Internet-based virtual private communication network in the PAR 165 on the high speed wireless Internet according to an embodiment of the present invention.

In more detail, FIG. 4 shows at least one card payment terminal device connected to the high-speed wireless Internet based on the subscriber profile information for VPN shown in FIGS. 3A and / or 3B in the PAR 165 on the high-speed wireless Internet. An embodiment of the present invention for implementing a virtual private communication network for automatically connecting (or prioritizing) a communication path for a traffic connection between a VPN card payment terminal device for a VPN and a VPN server 110 provided in the VAN company network 100. It is about.

4, traffic between the VPN card payment terminal device and the VPN server 110 provided in the VAN company network 100 based on the subscriber profile information for the VPN in the PAR 165 on the high-speed wireless Internet. A functional configuration for implementing a virtual private communication network such that a communication path for connection is automatically connected (or preferentially connected) includes: a traffic connection request receiving unit that receives predetermined traffic connection request information requested from a predetermined card payment terminal device from a predetermined base station; 410, and reads the traffic connection request information, and automatically connects the traffic connection request with the VPN server 110 provided in the VAN company network 100 in association with the VPN subscriber profile information. Or via a conventional private procedure provided with a high-speed wireless Internet system. When the determination unit 420 and the determination result, the traffic connection request is processed through a virtual private communication network in which a communication path is automatically connected (or preferentially connected) with the VPN server 110 provided in the VAN company network 100. Automatically connecting (or first connecting) a communication path for processing the traffic connection request between the card payment terminal device and the VPN and providing the traffic connection request to the VPN server 110 through the communication path; It is implemented through the traffic connection means 400 having a traffic connection request processing unit 415 to process.

The determination unit 420 is a VPN server in which the number of flows of subscriber profile information registered and managed in correspondence with the card payment terminal device in the PAR is fixed to "1", and service flow information is provided in the value-added communication network ( And determining the automatic connection (or priority connection) of the communication path of the card payment terminal device in the subscriber profile information registered and managed in correspondence with the card payment terminal device in the PAR. It is characterized in that it is determined whether the predetermined VPN connection information is set to automatically connect (or prioritized connection) to the VPN server 110 provided in the value-added communication network.

According to an exemplary embodiment of the present invention, the determination unit 420 provides the determination result to the traffic connection request processing unit 415, so that the traffic connection request processing unit 415 traffic connection request of the card payment terminal device. It is preferable to automatically process (or prioritize) the connection to the VPN server 110 provided in the value-added communication network.

According to another exemplary embodiment of the present invention, the determination unit 420 determines that the traffic connection request is automatically connected (or preferentially connected) to the VPN server 110 provided in the value added communication network. In this case, the VPN server 110 provided with the card payment terminal device in the value-added communication network based on the connection target server (or device) information included in the traffic connection request information received through the traffic connection request receiver 410. It is preferable to perform a second determination process for determining whether to connect to,

The second determination process extracts the connection target server (or device) information (eg, IP address of the connection target server (or device)) from the traffic connection request information, and generates a card through the connection target server (or device) information. Searching for a storage medium storing at least one conditional connection target server (or device) information selectively connecting (or conditional connection) to the VPN server 110 provided in the value added communication network. It is preferable to include.

According to an embodiment of the present invention, a storage medium storing at least one conditional connection target server (or device) information may be provided in the high-speed wireless Internet (eg, AAA server) in a business cooperation process between the VAN company and a network operator. In this case, the determination unit 420 preferably performs the second determination process through an Ih interface between the PAR and the AAA server defined in the high-speed wireless Internet.

According to another exemplary embodiment of the present invention, a storage medium for storing at least one conditional connection target server (or device) information may be provided on the VAN company network, and in this case, the determination unit 420 may use the traffic. The second determination process is performed by transmitting connection target server (or device) information extracted from connection request information to the VAN company network and receiving a result of a predetermined selective connection (or condition connection) from the VAN company network. It is preferable to carry out.

According to one embodiment of the invention, the traffic connection means 400 is fixed to the number of flows of the predetermined subscriber profile information corresponding to the card payment terminal device to "1", the communication path of the card payment terminal device is It is preferable to have a subscriber information processing unit for setting predetermined service flow information for automatically connecting (or preferentially connecting) to the VPN server 110 provided in the value added communication network.

According to another exemplary embodiment of the present invention, the traffic connection means 400 is a predetermined subscriber corresponding to the card payment terminal device having a fixed number of flows "1" from an AAA server located on the high-speed wireless Internet communication network. Predetermined service flow information for receiving profile information and automatically connecting (or first connecting) the communication path of the card payment terminal device to the VPN server 110 provided in the value added communication network based on the subscriber profile information. It is preferable to have a subscriber information processing unit for setting the.

According to another exemplary embodiment of the present invention, the traffic connection means 400 presets VPN server 110 connection information provided in the value added communication network to predetermined subscriber profile information corresponding to the card payment terminal device. When the traffic connection request information of the card payment terminal device is received through the traffic connection request information receiver, the VPN server 110 checks the connection information included in the subscriber profile information corresponding to the traffic connection request card payment terminal device. And a predetermined service for automatically connecting (or preferentially connecting) the communication path of the card payment terminal device to the VPN server 110 provided in the value-added communication network based on the verified VPN server 110 connection information. It is preferable to have a subscriber information processing unit for generating flow information.

According to another exemplary embodiment of the present invention, the traffic connection means 400 is the card payment terminal set the connection information VPN server 110 provided in the value-added communication network from the AAA server located on the high-speed wireless Internet communication network Receive and store subscriber profile information corresponding to the device in advance, and when the traffic connection request information of the card payment terminal device is received through the traffic connection request information receiver, the subscriber profile information corresponding to the traffic connection request card payment terminal device. Checking the VPN server 110 connection information included in the, and based on the verified VPN server 110 connection information, the communication path of the card payment terminal device to the VPN server 110 provided in the value-added communication network Subscriber information processing unit for generating predetermined service flow information for automatic connection (or prior connection) Compared it is preferred.

The subscriber information processing unit may input the card payment terminal device registration information of the card payment terminal device provided through a base station located on the high speed wireless Internet communication network when power is input to the card payment terminal device. The AAA server provides the AAA server located on the high-speed wireless Internet communication network, requests predetermined subscriber profile information, and provides the subscriber profile information corresponding to the card payment terminal device registration information from the AAA server. It is preferable to check whether the card payment terminal apparatus is a VPN subscriber corresponding to the value added communication network by reading subscriber profile information.

According to an embodiment of the present invention, the traffic connecting means 400 is provided in the form of at least one device (or server) that interoperates with the PAR 165, and / or a recording medium provided in the PAR 165. It is possible to include all of the programs recorded in the present invention, whereby the present invention is not limited.

Hereinafter, the VPN card payment terminal device interoperates with the network components on the high-speed wireless Internet such that the high-speed wireless Internet-based virtual private network is used as the network infrastructure between the VAN company networks 100. An operation process for implementing a communication network will be described with reference to a preferred embodiment. However, an operation process for implementing the virtual private communication network is not limited to the following embodiments, and those skilled in the art to which the present invention pertains are provided in the high-speed wireless Internet system according to the intention of those skilled in the art. Various implementation methods for implementing the virtual private communication network may be easily inferred according to various implementation methods of functional components, and it will be apparent that the present invention is not limited thereto.

5 is a view showing a preferred process for implementing a high-speed wireless Internet-based virtual private communication network in the network connection process of the card payment terminal device for VPN according to the embodiment of the present invention.

In more detail, in FIG. 5, at least one or more network components provided on the high-speed wireless Internet are connected to each other in a process of accessing the high-speed wireless internet by a card payment terminal device having a function of wirelessly connecting to a predetermined high-speed wireless internet. When a predetermined traffic connection request is made from the card payment terminal device by interworking, the card payment terminal device for VPN is automatically connected (or preferentially connected) with the VPN server 110 provided in the VAN company network 100. If it is confirmed that the device, and the card payment terminal device for the VPN, the VPN card payment terminal device to automatically connect (or preferential connection) with the VPN server 110 provided in the VAN company network 100 For a preferred embodiment of a VPN implementation method.

Referring to FIG. 5, when a predetermined power is supplied to a card payment terminal device having a function of wirelessly accessing a predetermined high-speed wireless Internet, and the system is booted, the card payment terminal device is downward through a downlink channel search of a base station. After synchronizing with the link and acquiring channel control parameters for the uplink, synchronizing the uplink through initial ranging, and performing an initial access (Initial Access) process of informing the base station of the card payment terminal information. (500).

When the initial access process is performed, a Basic Capability Negotiation is established between the card payment terminal device and the base station of the high-speed wireless Internet. The base station extends the wireless access connection between the card payment terminal device and the base station to a wired section and performs an authentication procedure for verifying the authentication and service authority of the card payment terminal device and / or subscriber from the AAA server via the PAR 165. (505).

According to an exemplary embodiment of the present invention, the authentication process provides a DER (Diameter Extensible Authentication Protocol) Request (DER) / Identity message including a subscriber ID (ID) to the AAA server on the high-speed wireless Internet. Then, the AAA server receiving the determination determines whether the user is a legitimate subscriber and transmits a Diametric EAP Answer (DEA) / Transport Layer Security (TLS) start message to the PAR 165. Thereafter, the PAR 165 provides a DER / Client-Hello message including predetermined session information and connection information to the AAA server, and the AAA server sends DEA / Server- to the PAR 165 in response thereto. Send Hello Next, the PAR 165 and the AAA server provide a DER / TLS certificate from the PAR 165 to the AAA server for mutual certificate exchange, and the AAA server sends the DEA / TLS change cipher to the PAR 165. By carrying a spec, TLS finished message, it transmits to the PAR 165 that the use of the new encryption algorithm and the handshaking procedure are completed. The PAR 165 transmits a DER / Ack to the AAA server and receives a DEA / Success from the AAA server, thereby completing a subscriber authentication process by completing a mutual certificate exchange.

When the basic provision capability negotiation and the authentication and registration procedure for the card payment terminal device are performed, network components managing the MIP for the card payment terminal device interoperate with each other to obtain a predetermined IP address for the card payment terminal device. The process of assigning and registering is performed (510).

According to an embodiment of the present invention, a method of allocating and registering a MIP address to the card payment terminal device may include: performing authentication of the card payment terminal device on the high-speed wireless Internet, and then performing the subscriber authentication. After receiving the MIP registration request message from the card payment terminal, the MIP subscriber authentication is performed for the card payment terminal, and then the dynamic HA request message is transmitted to the HA. Accordingly, the HA transmits an address assignment request message for allocating a dynamic IP address to the card payment terminal device to the AAA server (for example, an IP address management device (not shown) provided in the AAA server). The request message preferably includes the domain name of the MIP subscriber and the PAR 165 address to which the card payment terminal is connected.

In addition, the AAA server is interlocked with a predetermined DHCP server to process the address assignment request message received from the HA, the dynamic IP belonging to the subnet of the PAR (165) area connected to the card payment terminal device from the DHCP server Get an address. Thereafter, the AAA server registers the newly allocated dynamic IP address and the domain name of the MIP service subscriber to the DNS server on the high-speed wireless Internet. If the dynamic IP address allocation and the dynamic DNS update for the card payment terminal are successfully performed, the AAA server sends an address assignment response message to the HA, and the HA provides binding information for the card payment terminal. Create Thereafter, the HA transmits the dynamic HA response message back to the AAA server, and the AAA server transmits the received MIP registration response message to the card payment terminal through the PAR 165, thereby paying the card. The terminal device can receive a MIP service through the high-speed wireless Internet.

According to another exemplary embodiment of the present invention, the card payment terminal device and the high-speed wireless Internet network interoperate with each other to generate and distribute a traffic encryption key for maintaining security for traffic connection between the card payment terminal device and the base station. Can be further performed (not shown).

As described above, when the initial access process, the basic capability negotiation process, the authentication process for the user or the card payment terminal device and the MIP registration process are completed (and / or while the processes are performed), the PAR on the high-speed wireless Internet ( 165 (or the AAA server) reads the subscriber profile information so that the card payment terminal device automatically connects (or preferentially connects) a predetermined communication path with the VPN server 110 provided in the VAN company network 100. In step 515, it is checked whether the VPN card payment terminal performs a function of the terminal. For example, if the card payment terminal device is a VPN card payment terminal device, when a traffic connection request is made from the card payment terminal device, the traffic connection request is a predetermined value provided in the card payment terminal device and the VAN company network 100. The communication path between the VPN servers 110 should be processed after being automatically connected (or first connected).

* According to an embodiment of the present invention, the card payment terminal device verification process for VPN is a card payment terminal device-related information included in the subscriber profile information stored in the AAA server (for example, through the card payment terminal device-related information) The card payment terminal device is automatically connected (or preferentially connected) with the VAN company network 100 through a process of reading the payment terminal device function). It is desirable to check whether the VPN card payment terminal implements a high-speed wireless Internet-based virtual private communication network between the terminals.

According to another exemplary embodiment of the present invention, the card payment terminal device for verifying the VPN is connected to the VAN company information of the subscriber profile information stored in the AAA server. It is preferable to check whether a VPN card payment terminal device is automatically connected (or first connected) with the network 100 to implement a high-speed wireless Internet-based virtual private communication network between the card payment terminal device and the VAN company network 100.

According to another exemplary embodiment of the present invention, the VPN card payment terminal checking process may be performed by using a VPN as shown in FIG. 3B in subscriber profile information obtained by the PAR 165 and / or subscriber profile information stored in the AAA server. The card payment terminal is automatically connected (or preferentially connected) with the VAN company network 100 through a process of checking whether connection information is included, thereby providing high-speed wireless Internet between the card payment terminal device and the VAN company network 100. It is desirable to check whether a VPN card payment terminal device implements a virtual private communication network.

If the card payment terminal does not perform the function of the card payment terminal for VPN (520), the PAR 165 (or AAA server) on the high-speed wireless Internet is the communication path of the card payment terminal device is the VAN company network In step 545, the connection to the VPN server 110 provided at 100 is prevented.

On the other hand, if the card payment terminal performs the function of the card payment terminal for VPN (520), the PAR 165 (or AAA server) on the high-speed wireless Internet is a VPN server 110 provided in the VAN company network 100 (Or the security server 115) provides the card payment terminal device registration information for performing the function of the card payment terminal device for the VPN, and requests an authentication thereof (525).

VPN server 110 (or security server 115) provided in the VAN company network 100 through the card payment terminal device registration information for the VPN subscriber information D / B provided in the VAN company network 100 By searching for, the card payment terminal device checks the validity that corresponds to the VPN card payment terminal device (530).

If the validity of the card payment terminal device for the VPN for the card payment terminal device registration information is not authenticated (535), the VPN server 110 (or the security server 115) is the PAR 165 (on the high-speed wireless Internet) Or AAA server) generates and transmits a predetermined card payment terminal validity authentication error result for the VPN (540), and the PAR 165 (or AAA server) on the high-speed wireless Internet has a communication path of the card payment terminal. It is set to prevent connection to the VPN server 110 provided in the VAN company network 100 (545).

On the other hand, if the validity of the card payment terminal device for the VPN for the card payment terminal device registration information is authenticated (535), the VPN server 110 (or security server 115) is the PAR 165 (or AAA server) generates and transmits a predetermined VPN card payment terminal validity approval result (550), and the PAR 165 (or AAA server) on the high-speed wireless Internet requests a traffic connection from the VPN card payment terminal. In this case, the traffic connection request is set to be processed after the communication path between the predetermined VPN server 110 provided in the VAN company network 100 and the VPN card payment terminal device is automatically connected (or first connected) In operation 555, the virtual private network including a communication path connected between the VPN card payment terminal device and the VPN server 110 is illustrated in FIG. 6.

According to the embodiment of the present invention, the process of transmitting the card payment terminal device registration information to the VPN server 110 and performing an authentication procedure therefor may be omitted from the VPN server 110. The invention is not limited.

Figure 6 illustrates a preferred embodiment of a high-speed wireless Internet-based virtual private communication network corresponding to the VAN company network 100 in accordance with an embodiment of the present invention.

In more detail, Figure 6 is implemented between the card payment terminal device for VPN and the VAN company network 100 of the card payment terminal device equipped with a function for wireless access to the high-speed wireless Internet through the same procedure as shown in FIG. As a preferred high-speed wireless Internet-based virtual private communication network, a VPN card payment terminal device among the card payment terminal devices equipped with a function of wirelessly accessing the high-speed wireless Internet is shown in a rectangle to facilitate understanding by those skilled in the art. The virtual private network between the card payment terminal device for the VPN and the VPN server 110 provided in the VAN company network 100 is illustrated by a thick solid line, and the high-speed wireless Internet provided by the network operator is illustrated by a thin solid line.

Referring to Figure 6 according to a preferred embodiment of the present invention, a VPN card payment terminal device connected to a high-speed wireless Internet-based virtual private network provided by the VAN company and a high-speed wireless Internet network provider is provided with an electronic payment processing function It is not limited to the payment terminal, but may include at least one or more wireless terminals to be provided with a high-speed wireless Internet service using the high security provided in the virtual private communication network according to the intention of the VAN company, The present invention is by no means limited.

FIG. 7 is a diagram illustrating a preferred process of processing a traffic connection request of a VPN card payment terminal device through a high-speed wireless Internet-based virtual private communication network corresponding to a VAN company network 100 according to an embodiment of the present invention.

In more detail, in FIG. 7, when a predetermined card payment terminal device having a function of wirelessly connecting to the high-speed wireless Internet requests traffic connection to the high-speed wireless internet, at least one network component provided in the high-speed wireless internet Checking whether the card payment terminal device is a VPN card payment terminal device connected to a high-speed wireless Internet-based virtual private communication network corresponding to the VAN company network 100 by interworking with each other, and checking the card payment terminal device according to the verification result. A preferred implementation method for handling a traffic connection request. Specifically, FIG. 7 relates to an implementation method of processing the traffic connection request in the PAR 165 having the same functional configuration as that of FIG. 4. Network components other than the PAR 165 process the traffic connection request according to the functions of the network components provided in the high-speed wireless Internet for the high-speed wireless Internet-based virtual private communication network corresponding to the VAN company network 100. Various implementation methods that can be easily inferred, whereby the present invention is not limited.

Referring to FIG. 7, a predetermined card payment terminal having a function of wirelessly accessing the high speed wireless Internet may be connected to the base station through at least one communication protocol stack structure defined between the card payment terminal and the base station. Request a traffic connection to the target server (or device) (700).

According to the exemplary embodiment of the present invention, the card payment terminal apparatus receives the traffic connection request information including the connection target server (or device) address information and / or the card payment terminal apparatus registration information for the traffic connection request. It is preferable to transmit to the base station.

When the traffic connection request is received from the card payment terminal device to the base station on the high-speed wireless Internet, the base station transmits the registration information of the card payment terminal device to the PAR 165 by including the CREG_req message, and the PAR. 165 searches for the subscriber profile based on the card payment terminal device registration information included in the received CREG_req message, determines whether to accept the subscriber profile, and includes the result in the CREG_rsp message to include the base station. The authentication procedure for transmitting the data is performed (705).

If the CREG_rsp message received from the PAR 165 to the base station is set to be rejected for the subscriber profile (710), the base station rejects and terminates the traffic connection request requested by the card payment terminal. .

On the other hand, if the CREG_rsp message received from the PAR 165 is set to accept the subscriber profile in the CREG_rsp message (710), the base station transmits a predetermined DSA_req to the traffic connection establishment request requested by the card payment terminal. The PAR 165 receiving the DSA_req message, including the message and transmitting the message to the PAR 165, retrieves service flow information for determining whether to accept the request through a call admission control mechanism. Authenticate the request (715). In this case, the PAR 165 negotiates a quality of service (QoS) value and / or a service level that can be provided in response to the requested new traffic, and then DSA_rsp determines whether to accept the negotiation values and the traffic connection establishment request. Included in the message and transmitted to the base station.

If the traffic connection configuration is set to be accepted in the DSA_rsp message received from the PAR 165 to the base station (720), the base station and the PAR 165 on the high-speed wireless Internet interoperate with each other to request the traffic connection. The card payment terminal device is connected to the high-speed wireless Internet-based virtual private communication network corresponding to the VAN company network 100 (for example, the automatic connection with the VPN server 110 provided in the VAN company network 100 for traffic connection) Or (first connected) checks whether it performs a card payment terminal function for VPN (725).

According to the exemplary embodiment of the present invention, the number of service flows of subscriber profile information stored and managed in the PAR 165 is fixed to one as shown in FIG. It is preferable that the information is made through a procedure of FIG. 5 to check whether a predetermined communication path is set to be automatically connected (or preferentially connected) to the VPN server 110 provided in the VAN company network 100. Do.

According to another exemplary embodiment of the present invention, the checking process of the VPN card payment terminal device may include checking whether the VPN connection information includes subscriber profile information stored and managed in the PAR 165 as shown in FIG. 3B. It is preferable to comprise a.

If the card payment terminal does not perform the function of the card payment terminal device for VPN (730), the base station is included in the traffic connection configuration information (eg, the DSA_req transmitted from the base station to the PAR 165). Or a DSA_ack message (information corresponding to the requested traffic connection establishment request) to the PAR 165, and the PAR 165 reads the DSA_ack message to change the service flow information to the traffic connection establishment, Or, register the new service flow information including the traffic connection settings (735). After the change or new registration for the service flow information is performed as described above, the PAR 165 on the high-speed wireless Internet communicates with the connection target server (or device) and the card payment terminal device based on the service flow information. Channel connection (740), the card payment terminal device is able to transmit and receive predetermined information or data with at least one server (or device) in accordance with the procedure provided in the high-speed wireless Internet through the communication channel.

On the contrary, if the card payment terminal device performs the function of the card payment terminal device for VPN (730), the base station and the PAR 165 interwork with each other to request the traffic connection request from the card payment terminal device to the VAN company. Forced to the VPN server 110 provided in the network 100 (745), and between the VPN card payment terminal device and the VPN server 110 on the VAN company network 100 shown in Figure 6 Connect the communication path for the VPN as shown (750).

According to an embodiment of the present invention, the process of connecting the communication path for VPN between the VPN card payment terminal device for VPN and the VPN server 110 on the VAN company network 100, the service provided in the PAR (165) When the flow information is fixed to one as shown in FIG. 3A, a communication path for connecting a communication channel for a VPN is connected between the PAR 165 (or the AAA server) and the VPN server 110 based on the service flow information. It is preferable that the connection is made.

According to another embodiment of the present invention, the process of connecting the communication path for VPN between the VPN card payment terminal device for VPN and the VPN server 110 on the VAN company network 100, the PAR ( If the subscriber profile information provided at 165 includes predetermined VPN connection information and a plurality of service flow information may exist, the service flow information is changed to the traffic connection setting by reading, or the traffic connection setting is changed. Registering new service flow information, and connecting a communication path for connecting a communication channel for a VPN between the PAR 165 (or the AAA server) and the VPN server 110 based on the service flow information. It is preferable to make it.

When the VPN communication path is connected between the VPN card payment terminal device and the VPN server 110 on the VAN company network 100 as described above, the PAR 165 (or AAA server) on the high-speed wireless Internet is connected to the VPN. The server 110 transmits the requested traffic connection request information from the card payment terminal apparatus (755), and the VPN server 110 reads the traffic connection request information, thereby connecting the server (or device) to the connection target. And the card payment terminal device connect a communication channel (760), the VPN card payment terminal device is at least one through the communication channel provided in the high-speed wireless Internet-based virtual private communication network corresponding to the VAN company network 100 It is possible to transmit and receive predetermined information or data with the above server (or apparatus).

According to the present invention, when using a high-speed wireless Internet capable of various application services as a communication network for the electronic payment processing, there is an advantage of providing an application service using the high-speed wireless Internet as a payment terminal provided in the affiliated store.

According to the present invention, when using the high-speed wireless Internet as a communication network for electronic payment processing, by automatically connecting (or prioritizing) the payment terminal provided in the affiliated store and the VAN company network, between the payment terminal and the VAN company network. This has the advantage of maintaining high end-to-end security.

Claims (9)

In the high-speed wireless Internet communication network, characterized in that the packet access router for forcibly allocating the communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, The number of flows of predetermined subscriber profile information corresponding to the affiliated store terminal is fixed to "1", and the communication path of the affiliated store terminal is automatically connected to a virtual private network (VPN) server provided in the value added communication network (or a priority connection). A subscriber information processing unit for setting predetermined service flow information to be provided; A traffic connection request information receiver configured to receive traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network when the affiliated store terminal requests a predetermined traffic connection; A determination unit which checks preset subscriber profile information and service flow information corresponding to the traffic connection request affiliate terminal, and determines whether to force the communication path of the affiliate terminal; And According to the determination result of the determination unit, the traffic connection request for processing to automatically connect (or preferentially connected) to the virtual private network (VPN) server provided in the value-added communication network through the high-speed wireless Internet communication network A packet access router on a high-speed wireless Internet communication network comprising a processing unit. The method of claim 1, wherein the subscriber information processing unit, When the power is supplied to the affiliated store terminal to access the high-speed wireless Internet communication network, the card payment terminal device registration information of the affiliated store terminal provided through a base station located on the high-speed wireless Internet communication network is located on the high speed wireless Internet communication network. When providing to the AAA server, requesting predetermined subscriber profile information, and providing the subscriber profile information corresponding to the card payment terminal registration information in the AAA server, the subscriber profile information is read by the AAA server. Packet access router on a high-speed wireless Internet network, characterized in that the terminal confirms that the VPN subscriber corresponding to the value-added communication network. In the high-speed wireless Internet communication network, characterized in that the packet access router for forcibly allocating the communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, Receives predetermined subscriber profile information corresponding to the affiliated store terminal whose flow number is fixed to "1" from an AAA server located on the high-speed wireless Internet communication network, and based on the subscriber profile information, a communication path of the affiliated store terminal. A subscriber information processor configured to set predetermined service flow information for automatically connecting (or first connecting) to a virtual private network (VPN) server provided in the value added communication network; A traffic connection request information receiver configured to receive traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network when the affiliated store terminal requests a predetermined traffic connection; A determination unit which checks preset subscriber profile information and service flow information corresponding to the traffic connection request affiliate terminal, and determines whether to force the communication path of the affiliate terminal; And According to the determination result of the determination unit, the traffic connection request for processing to automatically connect (or preferentially connected) to the virtual private network (VPN) server provided in the value-added communication network through the high-speed wireless Internet communication network A packet access router on a high-speed wireless Internet communication network comprising a processing unit. In the high-speed wireless Internet communication network, characterized in that the packet access router for forcibly allocating the communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, A traffic connection request information receiver configured to receive traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network when the affiliated store terminal requests a predetermined traffic connection; The virtual private network (VPN) server connection information provided in the value-added communication network is preset to predetermined subscriber profile information corresponding to the affiliated store terminal, and the traffic connection request information of the affiliated store terminal is transmitted through the traffic connection request information receiving unit. When received, check the virtual private network (VPN) server connection information included in the subscriber profile information corresponding to the traffic connection request merchant terminal, and based on the verified virtual private network (VPN) server connection information, the affiliated store terminal A subscriber information processing unit for generating predetermined service flow information for automatically connecting (or preferentially connecting to) a virtual private network (VPN) server provided in the value added communication network; And Based on the generated service flow information, traffic processing to automatically connect (or preferentially connect) a communication path of the affiliated store terminal to a virtual private network (VPN) server provided in the value added communication network through the high-speed wireless Internet communication network. Connection request processing unit; Packet access router on a high-speed wireless Internet communication network comprising a. The method of claim 4, wherein the subscriber information processing unit, When the power is supplied to the affiliated store terminal to access the high-speed wireless Internet communication network, the card payment terminal device registration information of the affiliated store terminal provided through a base station located on the high-speed wireless Internet communication network is located on the high speed wireless Internet communication network. When providing to the AAA server, requesting predetermined subscriber profile information, and providing the subscriber profile information corresponding to the card payment terminal registration information in the AAA server, the subscriber profile information is read by the AAA server. Packet access router on a high-speed wireless Internet network, characterized in that the terminal confirms that the VPN subscriber corresponding to the value-added communication network. The method of claim 4, wherein the virtual private network (VPN) server connection information, And a virtual private network (VPN) server address information and communication port information. In the high-speed wireless Internet communication network, characterized in that the packet access router for forcibly allocating the communication path between the merchant terminal and the value-added communication network in the high-speed wireless Internet communication network, A traffic connection request information receiver configured to receive traffic connection request information of the affiliated store terminal through a base station located on the high-speed wireless Internet communication network when the affiliated store terminal requests a predetermined traffic connection; Receives and stores subscriber profile information corresponding to the affiliated store terminal in which the virtual private network (VPN) server connection information provided in the value-added communication network is set in advance from the AAA server located on the high-speed wireless Internet communication network, and requests the traffic connection. When the traffic connection request information of the affiliated store terminal is received through an information receiving unit, the VPN (Virtual Private Network) server connection information included in the subscriber profile information corresponding to the traffic connection request affiliated store terminal is checked, and the checked virtual VPN A subscriber for generating predetermined service flow information for automatically connecting (or first connecting) a communication path of the affiliated store terminal to a virtual private network (VPN) server provided in the value added communication network based on server connection information. An information processing unit; And Based on the generated service flow information, traffic processing to automatically connect (or preferentially connect) a communication path of the affiliated store terminal to a virtual private network (VPN) server provided in the value added communication network through the high-speed wireless Internet communication network. Connection request processing unit; Packet access router on a high-speed wireless Internet communication network comprising a. The method of claim 7, wherein the virtual private network (VPN) server connection information, And a virtual private network (VPN) server address information and communication port information. A computer-readable recording medium having recorded thereon a program for executing a function of the router component of claim 1, 3, 4, or 7.

Images