KR20080085110A - Method and system for processing user authentication information - Google Patents

Abstract

A method and a system for processing user authentication information are provided to enable a user to escape from loss and illegal use of a credit card, and leakage of fingerprint information, and enable a PG(Payment Gateway) to authenticate the user clearly by authenticating the user based on the fingerprint information received from a payment terminal. A receiver(1005) receives a payment approval request message corresponding to payment of a user payment tool and encrypted user authentication information, such as biometric information, from a payment terminal(400). A biometric information processor(1035) checks user information corresponding to the encrypted user authentication information by linking with a biometric information management server. An approval requestor(1020) receiver receives an approval result from a credit card company server corresponding to the user payment tool when the payment is approved in the financial facility server. An information storing part(1030) links/stores sale slip information and the encrypted user authentication information corresponding to the approval result to a storage medium.

Description

Method and System for Processing User Authentication Information

1 is a diagram illustrating a biometric information registration system for registering user biometric information according to an exemplary embodiment of the present invention.

2 is a diagram illustrating a process of registering user biometric information according to an exemplary embodiment of the present invention.

3 is a diagram illustrating a configuration of a user authentication information processing system according to an exemplary embodiment of the present invention.

4 is a diagram illustrating a payment terminal function configuration according to an embodiment of the present invention.

5 is a diagram illustrating a configuration of a fingerprint information processing unit having a function of encrypting fingerprint information through a predetermined encryption key according to an embodiment of the present invention.

6 is a diagram illustrating a method of encrypting fingerprint information in a symmetric key (or secret key) method in a fingerprint information processing unit according to an embodiment of the present invention.

7 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit according to an embodiment of the present invention.

8 is a diagram illustrating a method of encrypting fingerprint information by an electronic envelope method in a fingerprint information processing unit according to an embodiment of the present invention.

9 is a diagram illustrating a method of encrypting fingerprint information in a key exchange method in a fingerprint information processing unit according to an exemplary embodiment of the present invention.

10 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

11 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

12 is a diagram illustrating a method of decrypting predetermined encrypted biometric information received from the server by a symmetric key (or secret key) method in a biometric information management server according to an embodiment of the present invention.

FIG. 13 is a diagram illustrating a method for decrypting encrypted biometric information received from the biometric information management server using a public key infrastructure according to an embodiment of the present invention.

FIG. 14 is a diagram illustrating a method of decrypting encrypted biometric information received from the server by an electronic envelope method in a biometric information management server according to an embodiment of the present invention.

15A and 15B illustrate a method of decrypting encrypted biometric information received from the biometric information server from the server by a key exchange method according to an embodiment of the present invention.

16 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

17 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

18 is a diagram illustrating a configuration of a user authentication information processing system according to another exemplary embodiment of the present invention.

19 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

20 is a diagram showing the configuration of a biological information management server function according to another embodiment of the present invention.

21 is a diagram illustrating a card company server function configuration according to another embodiment of the present invention.

22 is a diagram illustrating a process of processing user authentication information according to another embodiment of the present invention.

23 is a diagram illustrating a configuration of a user authentication information processing system according to another embodiment of the present invention.

24 is a diagram illustrating a server function configuration according to another embodiment of the present invention.

25 is a diagram showing the configuration of a biological information management server function according to another embodiment of the present invention.

26 is a diagram illustrating a card company server function configuration according to another embodiment of the present invention.

27 is a diagram illustrating a user authentication information processing process according to another embodiment of the present invention.

28 is a diagram illustrating a user authentication information processing system configuration according to another embodiment of the present invention.

29 is a diagram illustrating a server function configuration according to another embodiment of the present invention.

30 is a diagram illustrating a card company server function configuration according to another embodiment of the present invention.

31 is a diagram showing the configuration of a biometric information management server according to another embodiment of the present invention.

32 is a diagram illustrating a user authentication information processing process according to another embodiment of the present invention.

33 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

34 is a diagram illustrating a payment terminal function configuration according to an embodiment of the present invention.

35 is a diagram illustrating a configuration of a fingerprint information processing unit having a function of encrypting fingerprint information through a predetermined encryption key according to an embodiment of the present invention.

36 is a diagram illustrating a method for encrypting fingerprint information in a symmetric key (or secret key) method in a fingerprint information processing unit according to an embodiment of the present invention.

FIG. 37 illustrates a method of encrypting user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit according to an embodiment of the present invention.

38 is a diagram illustrating a method of encrypting fingerprint information by an electronic envelope method in a fingerprint information processing unit according to an embodiment of the present invention.

39 is a diagram illustrating a method of encrypting fingerprint information in a key exchange method in a fingerprint information processing unit according to an embodiment of the present invention.

40 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

41 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

42 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

FIG. 43 illustrates a method of decrypting predetermined encrypted biometric information received from the server by a symmetric key (or secret key) method according to an embodiment of the present invention.

44 is a diagram illustrating a method of decrypting encrypted biometric information received from the server in a public key infrastructure according to an embodiment of the present invention.

45 is a diagram illustrating a method for decrypting encrypted biometric information received from the biometric information server from the server in an electronic envelope method according to an embodiment of the present invention.

46A and 46B illustrate a method of decrypting encrypted biometric information received from the biometric information server from the server by key exchange according to an embodiment of the present invention.

47 illustrates a process of processing user authentication information according to an embodiment of the present invention.

48 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

49 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

50 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

51 is a diagram showing the configuration of a biological information management server function according to an embodiment of the present invention.

52 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

53 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

54 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

55 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

56 is a diagram showing the configuration of a biometric information management server function according to an embodiment of the present invention.

57 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

58 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

59 is a diagram illustrating a payment terminal function configuration according to another embodiment of the present invention.

60 is a diagram illustrating a configuration of a fingerprint information processing unit having a function of encrypting fingerprint information through a predetermined encryption key according to an embodiment of the present invention.

FIG. 61 is a view showing a fingerprint information processing unit encrypting fingerprint information in a symmetric key (or secret key) method according to an embodiment of the present invention.

FIG. 62 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit according to an embodiment of the present invention.

63 is a diagram illustrating a method of encrypting fingerprint information by an electronic envelope method in a fingerprint information processing unit according to an embodiment of the present invention.

64 is a diagram illustrating a method of encrypting fingerprint information in a key exchange method in a fingerprint information processing unit according to an embodiment of the present invention.

65 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

66 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

67 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

FIG. 68 illustrates a method of decrypting predetermined encrypted biometric information received from the server by a symmetric key (or secret key) method according to an embodiment of the present invention.

69 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server using the public key infrastructure according to an embodiment of the present invention.

70 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information server from the server in an electronic envelope method according to an embodiment of the present invention.

71A and 71B illustrate a method of decrypting encrypted biometric information received from the biometric information server from the server by key exchange according to an embodiment of the present invention.

72 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

73 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

74 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

75 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

76 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

77 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

78 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

79 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

80 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

81 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

82 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

83 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

84 is a diagram illustrating a payment terminal function configuration according to another embodiment of the present invention.

85 is a diagram illustrating a configuration of a fingerprint information processing unit having a function of encrypting fingerprint information through a predetermined encryption key according to an embodiment of the present invention.

86 is a diagram illustrating a method for encrypting fingerprint information by a symmetric key (or secret key) method in a fingerprint information processing unit according to an embodiment of the present invention.

87 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit according to an embodiment of the present invention.

88 is a diagram illustrating a method of encrypting fingerprint information by an electronic envelope method in a fingerprint information processing unit according to an embodiment of the present invention.

89 is a view showing a fingerprint information processing unit encrypting fingerprint information in a key exchange method according to an embodiment of the present invention.

90 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

91 is a diagram showing the configuration of a card company server function according to an embodiment of the present invention.

92 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

93 is a diagram illustrating a method of decrypting predetermined encrypted biometric information received from the server by a symmetric key (or secret key) method in a biometric information management server according to an embodiment of the present invention.

FIG. 94 illustrates a method of decrypting encrypted biometric information received from the biometric information server from the server in a public key infrastructure according to an embodiment of the present invention.

95 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server from the server in an electronic envelope method according to an embodiment of the present invention.

96A and 96B illustrate a method of decrypting encrypted biometric information received from the biometric information server from the server by a key exchange method according to an embodiment of the present invention.

97 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

98 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

99 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

100 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

101 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

102 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

103 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

104 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

105 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

106 is a diagram showing the configuration of a biometric information management server function according to an embodiment of the present invention.

107 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

108 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

109 is a diagram illustrating a payment terminal function configuration according to another embodiment of the present invention.

110 is a diagram illustrating a configuration of a fingerprint information processing unit having a function of encrypting fingerprint information through a predetermined encryption key according to an embodiment of the present invention.

111 is a diagram illustrating a method for encrypting fingerprint information by a symmetric key (or secret key) method in a fingerprint information processing unit according to an embodiment of the present invention.

112 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit according to an embodiment of the present invention.

113 is a diagram illustrating a method of encrypting fingerprint information by an electronic envelope method in a fingerprint information processing unit according to an embodiment of the present invention.

114 is a view showing a fingerprint information processing unit encrypting fingerprint information in a key exchange method according to an embodiment of the present invention.

115 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

116 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

117 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

FIG. 118 is a diagram illustrating a method of decrypting predetermined encrypted biometric information received from the server by a symmetric key (or secret key) method according to an embodiment of the present invention.

FIG. 119 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server using the public key infrastructure according to an embodiment of the present invention.

FIG. 120 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information server from the server by an electronic envelope method according to an embodiment of the present invention.

121A and 121B illustrate a method of decrypting encrypted biometric information received from the biometric information server from the server by a key exchange method according to an embodiment of the present invention.

122 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

123 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

124 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

125 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

126 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

127 is a view illustrating a process of processing user authentication information according to an embodiment of the present invention.

128 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

129 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

130 is a diagram illustrating a card company server function configuration according to an embodiment of the present invention.

131 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

132 illustrates a process of processing user authentication information according to an embodiment of the present invention.

133 is a view illustrating a configuration of an information processing system for locking a user payment means which has been confirmed to be illegally used, or notifying the user of wired / wireless terminals of illegal usage according to an exemplary embodiment of the present invention.

134 is a diagram illustrating an information processing process according to an embodiment of the present invention.

<Description of main parts of drawing>

400: payment terminal 405: control unit

410: card reader 415: screen output unit

420: key input unit 425: fingerprint input unit

430: communication processing unit 435: security application module

440: print output unit 445: printing apparatus

450: memory 455: power supply

460: fingerprint information processing unit 465: professional component

470: information transmitter 475: professional receiver

500: password processing unit 1005: receiving unit

1010: reading unit 1015: professional processing unit

1020: approval request unit 1025: sales information processing unit

1030: information storage unit 1035: biometric information processing unit

1100: biological information management server 1105: information receiving unit

1110: decoder 1115: information transmitter

1120: information verification unit 1600: card company server

1605: receiver 1610: reader

1615: professional processing unit 1620: user authentication unit

1625: information storage unit 1630: limit check unit

The present invention receives the encrypted authentication information of the user (user biometric information, etc.) during the payment processing process using the user payment means or after the payment processing using the user payment means in the server, the sales corresponding to the payment processing approval result The present invention relates to a user authentication information processing method for linking and processing slip information and encrypted user authentication information in a predetermined storage medium.

In general, credit card payments are secured by credit card companies, and card members purchase goods or services on credit from merchants recruited by the card company, and then pay the corresponding purchase price to the credit card company on the payment date. It is a payment method that receives payment from a credit card company for goods or services sold to a card member.

In such credit card payment, the authentication process for payment customers is very weak. For example, in the current card settlement process, a card user signs a sales slip output or signs through a signature pad connected to a payment terminal.

Such a customer signature is not easy to authenticate the card user, so even if the card is used by a user who is not the actual cardholder, it is difficult to prevent it in the payment process, and the actual cardholder loses the card, or It is not easy to solve the problem caused by the unauthorized use by the user.

Recently, a method of using a fingerprint or the like for card user identification has emerged. Although the card user identification can be effectively performed, the card user is concerned about the exposure of fingerprint information due to the characteristics of the fingerprint authentication medium. The use of fingerprints is not easy because user authentication using fingerprint information is not easy.

Therefore, it is time to perform a card user authentication through the card user fingerprint information, and to find a more effective way to prepare for future problems through the card user authentication information including the card user fingerprint information.

An object of the present invention for solving the above problems, an encrypted user receiving the encrypted authentication information of the user-such as user biometric information in the payment processing process using the user payment means or after the payment processing using the user payment means; Authentication information receiving means, information storage means for linking and processing the sales slip information corresponding to the payment processing approval result and the encrypted user authentication information in a predetermined storage medium, and the negation of the payment means included in the sales slip In the case of requesting confirmation of use or confirmation of the user who generated the sales slip, in connection with the storage medium (or the storage medium operating means), the encrypted user authentication pre-stored in association with the sales slip information Encrypted user authentication information extraction means for extracting information and user authentication information management on the communication network It is the user authentication information processing system in connection with the server that contains the user information confirmation means for confirming the user information corresponding to the encrypted user authentication information to provide the extracted.

In the user authentication information processing method according to the present invention, the user authentication information processing system, the encryption to receive the full payment approval request corresponding to the payment processing using the user payment means and the encrypted authentication information of the user-such as user biometric information- User authentication information receiving means, user information checking means for confirming user information corresponding to the encrypted user authentication information in association with a user authentication information management server on a communication network, and a financial company (or card company) corresponding to the user payment means. After the server processes the payment approval corresponding to the payment approval request and the user approval corresponding to the user information, and transmits the approval result, the server receives the approval information receiving means and the sales slip information corresponding to the approval result. The encrypted user authentication information is processed in association with a predetermined storage medium. It characterized by comprising a data storage means.

On the other hand, the user authentication information processing system according to the present invention is encrypted to receive the encrypted authentication information of the user-such as user biometric information-in the payment processing process using the user payment means or after the payment processing using the user payment means User authentication information receiving means, information storing means for linking and processing the sales slip information corresponding to the payment processing approval result and the encrypted user authentication information in a predetermined storage medium, and the payment means included in the sales slip. In case of requesting confirmation of fraudulent use or confirmation of the user who generated the sales slip, the encrypted user stored in association with the sales slip information in association with the storage medium (or storage medium operating means) and stored in advance. Encrypted user authentication information extraction means for extracting authentication information and user authentication information on the communication network And user information checking means for confirming user information corresponding to the extracted encrypted user authentication information in association with a management server.

According to the present invention, the user authentication information processing system, if it is determined that the illegal use of the payment means included in the sales slip based on the user information checking result of the user information checking means, the user payment means information included in the sales slip It further comprises information processing means for confirming, to set the identified user payment means to the unusable state, or to notify the payment means misuse information to the communication means of the payment means owner included in the sales slip It is characterized by.

According to the present invention, the process after the payment processing using the user payment means, characterized in that it comprises the step of receiving the full payment approval request of the next user after the payment processing of the user.

On the other hand, the user authentication information processing method according to the present invention, the server receives the encrypted authentication information of the user-such as user biometric information-in the payment processing process using the user payment means or after the payment processing using the user payment means; And linking the sales slip information and the encrypted user authentication information corresponding to the payment processing approval result in the server and storing the encrypted sales authentication information in a predetermined storage medium.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention.

However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below.

In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.

Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be made based on the contents throughout the present invention.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention.

If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

In addition, the following examples will be used to appropriately modify the terms so that those skilled in the art to clearly understand the technical features of the present invention to effectively understand, but the present invention It is by no means limited.

For example, in the following embodiments, at least one or more functional means of each functional means having the above technical features are provided on a network, or provided to a VAN company server, or a financial institution to easily explain the present invention. It will be described as being provided to, or a national institution.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram illustrating a biometric information registration system for registering user biometric information according to an exemplary embodiment of the present invention.

In more detail, FIG. 1 illustrates a predetermined biometric information registration interface for a predetermined user to register user biometric information (eg, fingerprint, iris, vein, etc.) for card user identity authentication according to the present invention. When the user biometric information is provided to the biometric information registration system through 110, the user biometric information provided from the user in the biometric information registration system is used to identify the user unique identification information (eg, name, social security number, insurance number, driving). License number, financial transaction information, etc.) in connection with the system configuration for storing and registering in a predetermined storage medium 125, and those skilled in the art to which the present invention belongs, Refer to and / or modify the user biometric information and the user unique identification information (e.g., name, social security number, It is possible to infer various implementation methods for the configuration of a biometric information registration system for storing and registering a predetermined number of storage media 125 by linking the license number, driver's license number, financial transaction instrument information, etc.) It includes all the implementation methods inferred, and is not limited to the implementation method shown in FIG.

Hereinafter, the user biometric information provided from the user through the predetermined biometric information registration interface 110 on the biometric information registration system shown in FIG. License information, financial transaction information, etc.) and the components corresponding to at least one or more means or functional configurations that are stored and registered in a predetermined storage medium 125 are referred to as "biological information registration server 100" for convenience. .

In addition, in FIG. 1, although the biometric information registration server 100 is shown as including a predetermined functional configuration, not limited to this, at least one or more functional configuration provided in the biometric information registration server 100 In addition, it may be configured as a separate server (or device) in the biometric information registration system or on the network.

In addition, the biometric information registration server 100 is provided at a financial institution, or at a national institution (or public institution), or at an authorized institution, or is provided on a network.

Referring to FIG. 1 according to an embodiment of the present invention, the user biometric information according to the present invention is associated with the user unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.). The biometric information registration system for processing and storing and registering the biometric information registration system in a predetermined storage medium 125 may be used by the user and transmit the user biometric information input (or selected) by the user to the biometric information registration system. A biometric information registration terminal 130 provided in a user terminal including at least one terminal or a wireless terminal or a predetermined institution (eg, a financial institution or a national institution (or a public institution), an authorized institution, etc.) for user biometric information registration. The user terminal (or biometric information registration terminal 130) is a predetermined network This means the biometric information registration server 100 and the communication channel is provided through the (or banking network) on the biometric information registration system is connected.

According to an embodiment of the present invention, the user accesses the biometric information registration server 100 through at least one or more user terminals of a wired terminal connected to a predetermined wired network or a wireless terminal connected to a predetermined wireless communication network, or The biometric information registration server 100 is connected to the biometric information registration server 100 through a biometric information registration terminal 130 provided at a predetermined institution (for example, a financial institution or a national institution or a public institution or an authorized institution) for biometric information registration. When the user biometric information is input (or selected) through the at least one user interface 110 provided by the information registration server 100, the user terminal (or the biometric information registration terminal 130) may use a predetermined network means ( Or biometric information registration information provided on the biometric information registration system through the biometric information input (or selected) through a financial network). And it sends (100).

Here, the wired terminal connected to the wired network is a generic term for all terminal devices connected to a TCP / IP based communication network, and a desktop computer and / or a laptop connected to the TCP / IP based communication network. (Notebook) or a home appliance terminal (eg, Set-Top-Box) connected to the TCP / IP based communication network, or a kiosk (KIOSK) connected to the TCP / IP based communication network, etc. It is preferable.

The wireless terminal connected to the wireless network may include all terminal devices connected to a CDMA based mobile communication network, and / or all terminal devices connected to an IEEE 802.16x based mobile Internet, and / or Motorola's DataTAC scheme. And / or a generic term for all terminal devices connected to Erricson's Mobitex-type wireless data communication network, comprising: a Personal Communication System (PCS) and / or a Global System for Mobile communications (GSM) terminal connected to the CDMA-based mobile communication network; And / or Personal Digital Cellular (PDC) and / or Personal Handyphone System (PHS) terminals and / or Personal Digital Assistants (PDAs) and / or Smart Phones and / or Telematics Telematics), or a portable Internet terminal connected to the IEEE 802.16x based portable Internet, or the DataTAC / Mobitex based wireless It is preferable to include at least one or more wireless data communication terminal connected to the data communication network.

In addition, the user terminal outputs at least one or more user interfaces 110 provided by the biometric information registration server 100, and at least one or more information (for example, the user biometric information and the user) through the user interface 110. A function configuration (for example, a browser program and a communication function or a communication function with the biometric information registration server 100) for inputting and / or selecting unique identification information and transmitting the same to the biometric information registration server 100. Communication program and communication function).

Those skilled in the art to which the present invention pertains can easily infer the characteristics of the user terminal or the biometric information registration terminal 130 corresponding to at least one or more wired terminals or wireless terminals. Detailed description is omitted for convenience.

Here, the user terminal or the biometric information registration terminal 130 is provided with a predetermined biometric information recognition means (for example, a fingerprint reader, etc.) for inputting the user biometric information from the user, or the biometric information recognition It is preferred to cooperate with the means.

In the biometric information registration system as described above, a user terminal including at least one wired terminal or a wireless terminal used by the user or a predetermined institution for biometric information registration (for example, a financial institution or a national institution or a public institution or an authorized institution). Etc.) and at least one wired or wireless network connecting the biometric information registration terminal 130 and the user terminal (or biometric information registration terminal 130) and the biometric information registration server 100 to the user. The function of the biometric information registration interface 110 for registering biometric information may be performed.

According to an embodiment of the present invention, the biometric information registration system may include a network connected to a TCP / IP based backbone network (eg, wired Internet, and / or IEEE 802.11x based wireless LAN, and / or IEEE 802.16x based portable internet, etc.). At least one user terminal (e.g., a personal computer (PC) and / or notebook equipped with the wired Internet access and browsing function), a notebook equipped with the WLAN / portable internet access and browsing function, and / or Or a biometric information registration service for registering the user biometric information to at least one user through a mobile terminal or the like.

In addition, the biometric information registration system, a predetermined wireless network (e.g., a mobile communication network based on CDMA (Code Division Multiple Access), and / or IEEE 802.16x-based portable Internet, and / or wireless data communication network based on DataTAC / Mobitex) At least one wireless terminal (e.g., a Personal Communication System (PCS) and / or a Global System for Mobile (GSM) terminal and / or a Personal Digital Assistant (PDA) having access and browsing capabilities on the mobile communication network and / or Alternatively, a biometric information registration service for registering the user biometric information may be provided to at least one or more users through a smart phone and / or telematics.

In addition, the biometric information registration system, for registering the user biometric information to at least one or more users through at least one or more home appliances (eg, digital TV and / or refrigerator connected to a home network) The biometric information registration service can be provided.

In addition, the biometric information registration system, the user biometrics to at least one user via at least one or more digital TVs (eg, two-way digital TV, satellite DMB terminal, terrestrial DMB terminal, etc.) connected to a predetermined return channel. A biometric information registration service for registering information may be provided.

Referring to FIG. 1, the biometric information registration system includes a storage medium 125 provided in the biometric information registration server or in a predetermined storage medium 125 operating means interoperating with the biometric information registration server. Characterized in that made.

According to an embodiment of the present invention, the storage medium 125 is connected to the biometric information registration server through the user terminal (or biometric information registration terminal 130) to store and manage the user fingerprint. The user biometric information provided by a user and the user information (eg, user identification information, card information, etc.) may be stored.

Here, the user unique identification information (for example, name, social security number, insurance number, driver's license number, financial transaction means information, etc.)

User biometric information and the user information (eg, user personal identification information, card information, etc.) may be interrelated and stored in the storage medium 125.

The biometric information registration server 100 provided on the biometric information registration system according to the present invention is configured to be connected to the user terminal (or biometric information registration terminal 130) through a predetermined network means. Collectively, the elements may be embodied including at least one server (or device), and / or implemented by at least one program recorded on a recording medium provided in a predetermined server (or device). The invention is not limited.

According to the embodiment of the present invention, the biometric information registration server 100 is provided with an interface 110, 105 for providing a predetermined biometric information registration interface 110 to the user terminal via the network means. It is characterized by.

When the user terminal (or biometric information registration terminal 130) includes a wired terminal and / or a wireless terminal connected to a predetermined wired network and / or a wireless network according to an embodiment of the present invention, the interface 110 The unit 105 connects a predetermined communication channel with the user terminal (or biometric information registration terminal 130) based on a protocol stack defined in the wired network and / or wireless network, and the user terminal (or The communication interface 110 for transmitting and receiving at least one or more information (or data) may be provided using a communication protocol defined in a communication program included in the biometric information registration terminal 130.

For example, when the user terminal is provided with a browser program corresponding to the Hyper-Text Transfer Protocol (HTTP) protocol, the interface unit 110 may perform the user terminal (or biometric information) based on the TCP / IP protocol. A communication interface for connecting a communication channel with the registration terminal 130 and transmitting / receiving a web page (eg, a Hyper-Text Markup Language (HTML) compatible web page) and / or information using the HTPP protocol defined in the browser program. 110 may be provided.

Alternatively, when the user terminal (or biometric information registration terminal 130) is provided with a predetermined biometric information registration program provided by the biometric information registration server 100, the interface 110, 105 is the TCP A communication interface for connecting a communication channel with the user terminal (or biometric information registration terminal 130) based on a / IP protocol, and for transmitting and receiving information (or data) using a communication protocol defined in the biometric information registration program ( 110).

According to another exemplary embodiment of the present invention, when the user terminal (or the biometric information registration terminal 130) includes a wireless terminal connected to a predetermined wireless network, the interface 110 and the unit 105 are the wireless network. Connect a predetermined communication channel with the user terminal (or biometric information registration terminal 130) based on the protocol stack defined in, and define in the communication program provided in the user terminal (or biometric information registration terminal 130). The communication interface 110 may be provided for transmitting and receiving at least one information (or data) using the established communication protocol.

For example, when the user terminal (or the biometric information registration terminal 130) is equipped with a browser program corresponding to a WAP (Wireless Application Protocol) and / or a Mobile Explorer (ME) protocol, the interface 110, the 105 Connects a communication channel with the customer terminal (or biometric information registration terminal 130) based on the CDMA protocol, and uses a WAP / ME protocol defined in the browser program to provide a web page (eg, WML (Wireless Markup Language). ) And / or communication interface 110 for transmitting and receiving information.

Alternatively, when the biometric information registration program provided by the biometric information registration server 100 is provided in the user terminal (or biometric information registration terminal 130), the interface unit 110 may execute the CDMA protocol. Connect a communication channel with the user terminal (or biometric information registration terminal 130) based on the above, and provide a communication interface 110 for transmitting and receiving information (or data) using a communication protocol defined in the biometric information registration program. can do.

Referring to FIG. 1, in the biometric information registration server 100, a predetermined user terminal (or biometric information registration terminal 130) is connected to the biometric information registration server 100 through the interface 110. When connected, the user terminal (or biometric information registration terminal 130) and the user biometric information and the user's unique identification information (for example, name, social security number, insurance number, driving in conjunction with the interface 110, 105) An interface for generating (or extracting) a predetermined user interface 110 for inputting (or selecting) a license number, financial transaction information, etc.) and transmitting the same to the user terminal (or biometric information registration terminal 130). (110) A predetermined unit for inputting (or selecting) the user terminal (or biometric information registration terminal 130) via the user interface 110 in cooperation with the interface 110, 105 Raw An information receiving unit 115 for receiving information and user identification information, and an information storage unit 120 for storing and registering the received user biometric information and the user identification information in a predetermined storage medium 125. It characterized by comprising a.

The interface 110 providing unit, when a predetermined user terminal (or biometric information registration terminal 130) is connected to the biometric information registration server 100 through the interface 110, 105, the customer terminal (or Input (or select) the biometric information and the user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the functional configuration provided in the biometric information registration terminal 130. To generate a predetermined user interface 110 that can be transmitted to the biometric information registration server 100 through the network means, and / or to extract from a predetermined database (not shown), In connection with 105, the generated (or extracted) user interface 110 is provided to the user terminal (or biometric information registration terminal 130) through the network means. All.

Thereafter, the user terminal (or the biometric information registration terminal 130) inputs (or selects) the biometric information based on the user interface 110 and uses the inputted (or selected) biometric information for the network means. It transmits to the biometric information registration server 100 through.

When the user terminal (or biometric information registration terminal 130) includes a wired terminal and / or a wireless terminal connected to a predetermined wired network and / or a wireless network according to an embodiment of the present invention, the interface 110 The providing unit generates (or extracts) a predetermined user interface 110 that can be provided as a browser program and / or a communication program included in the user terminal (or biometric information registration terminal 130), and the interface unit 110 The generated (or extracted) user interface 110 may be provided to the user terminal (or biometric information registration terminal 130) through 105.

According to another embodiment of the present invention, when the user terminal (or biometric information registration terminal 130) includes a wireless terminal connected to a predetermined wireless network, the interface 110 providing unit is the user terminal (or biometrics) Generate (or extract) a predetermined customer interface 110 that can be provided as a browser program and / or a communication program included in the information registration terminal 130, and generate (or extract) the interface 110 through the 105. The extracted user interface 110 may be provided to the user terminal (or biometric information registration terminal 130).

The information receiving unit 115 is the user terminal (or biometric information registration terminal 130) through the user interface 110, the user biometric information and the user unique identification information (for example, name, social security number, insurance number, driver's license Number, financial transaction means information, etc.) and transmits through the network means, and receives the biometric information and the user's unique identification information in conjunction with the interface 110. The received biometric information and the user's unique identification information are transmitted to the information storage unit 120.

The information storage unit 120 processes the biometric information received through the information receiving unit 115 and the user's unique identification information (for example, name, resident registration number, insurance number, driver's license number, financial transaction information, etc.) And store and register the predetermined storage medium 125.

2 is a diagram illustrating a process of registering user biometric information according to an exemplary embodiment of the present invention.

In more detail, FIG. 2 is a biometric information registration system shown in FIG. 1 through a predetermined biometric information registration interface 110 for a user to store and manage the user biometric information according to the present invention. When the user biometric information is provided, the biometric information registration system processes the user biometric information provided from the user in association with the user unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.). As an embodiment of the process of storing and registering in a predetermined storage medium 125, those skilled in the art to which the present invention pertains may refer to and / or modify the user's biometric information by referring to FIG. Various implementation methods for a process of linking and processing the user's unique identification information in a predetermined storage medium 125 It may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

Hereinafter, in FIG. 2, the user terminal illustrated in FIG. 1 is referred to as a “terminal” for convenience, and the biometric information registration server 100 will be referred to as a “server” for convenience.

Referring to FIG. 2, when a user connects to the server through the network means using the terminal and requests a predetermined biometric information registration interface 110 for registering user biometric information according to the present invention (200). In response, the server extracts (or generates) a predetermined biometric information registration interface 110 for registering the user biometric information and provides it to the terminal (205).

Then, the terminal through the biometric information registration interface 110, the user biometric information (for example, fingerprint, iris, vein, etc.) and the user unique identification information (for example, name, social security number, insurance number, driver's license number, financial transaction After inputting (or selecting) means information and the like, the fingerprint registration information including the user biometric information and the user information is provided to the server through the biometric information registration interface 110 (210).

The biometric information registration interface 110 may include a predetermined terminal used by the user and network means for connecting the terminal and the server, and the terminal may include predetermined biometric information input means (eg, fingerprint). Recognizer, etc.).

When the user biometric information and the user unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction means information, etc.) are received through the biometric information registration interface 110, the server receives the received user. The unique identification information is read to check the validity of the user who wants to register the received biometric information (215).

If the validity of the user who wants to register the biometric information is not authenticated (220), the server provides biometric information registration error information to the user terminal through the biometric information registration interface 110 (225), and The biometric information registration process of the user is stopped.

If the validity of the user to register the biometric information is authenticated (220), the server receives the received biometric information and the user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction means information). And the like) are stored and registered in a predetermined storage medium 125 (230), and storage and registration details of the biometric information and the user's unique identification information are provided to the terminal (235).

3 is a diagram illustrating a configuration of a user authentication information processing system according to an exemplary embodiment of the present invention.

More specifically, Figure 3 encrypts the biometric information input from the card user in a payment terminal equipped with a predetermined biometric information input means (for example, fingerprint recognition means, etc.), the encrypted biometric information and the user card information And a payment approval request message including payment information (e.g., payment amount) to a server (e.g., VAN company server, etc.) on a network (e.g., VAN company) By transmitting encrypted biometric information, requesting confirmation of user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information, and the biometric information management server Decrypting the encrypted biometric information, confirming user identification information corresponding to the biometric information, and verifying the identified user identification information. When transmitting to the server, the server transmits the identified user unique identification information and the payment approval request full text to the card company server corresponding to the user card, the card company server through the user unique identification information transmitted from the card As a method for implementing a system for performing user authentication, a person having ordinary knowledge in the technical field to which the present invention pertains can refer to and / or modify this drawing 3 to infer various user authentication information processing system configurations. As will be appreciated, the present invention includes all implementation methods inferred above and is not limited to the implementation method illustrated in FIG.

The user authentication information processing system according to an embodiment of the present invention with reference to Figure 3, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. When the card user requests payment of a predetermined user, the card user may receive the biometric information through the biometric information input means. Acquiring the biometric information of the user, encrypting the obtained biometric information, and constructing a full payment approval request message including card information (eg, a credit card number) read out from the user card and predetermined payment information; At least one transfer the configured payment approval request message and the encrypted user biometric information to a server on the network. Characterized in that the merchant is provided.

The server is connected to the payment terminal through a predetermined network (eg, a VAN). When the payment approval request message and the encrypted user biometric information are received from the payment terminal, the server receives the encrypted biometric information. The user identification information corresponding to the biometric information is transmitted to a predetermined biometric information management server, and the user identification information corresponding to the biometric information is transmitted from the biometric information management server. Characterized in that the information and the full payment approval request to the card company server corresponding to the user card information.

The biometric information management server is connected to the server through a predetermined network, receives encrypted user biometric information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. Identifying the user unique identification information corresponding to the, characterized in that for transmitting the identified user unique identification information to the server.

Here, the biometric information management server may be linked to the biometric information registration server shown in FIG. 1 or may include a storage medium 125 shown in FIG.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., payment network, etc.), the full payment approval request from the server and the user's unique identification information (e.g., name, social security number, insurance number, Driver's license number, financial transaction means information, etc.), the user card information is checked from the payment approval request message, and the card user information associated with the confirmed card information is queried. By checking whether the card user information is queried, the card user may be authenticated.

In addition, the card company server is characterized in that to provide the card user identification results to the server.

4 is a diagram illustrating a functional configuration of a payment terminal 400 according to an embodiment of the present invention.

In more detail, FIG. 4 includes predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and the card is requested through the biometric information input means when a user requests a card payment. Obtaining a user's biometric information, encrypting the obtained user's biometric information, and constructing a full payment approval request message including card information (eg, a credit card number, etc.) read from the user card and predetermined payment information, As the embodiment of the present invention relates to a method for configuring a payment terminal 400 function provided in at least one merchant that transmits the configured payment approval request message and the encrypted user biometric information to a server on the network. Those of ordinary skill in the art can refer to and / or modify this drawing to modify the encrypted user biometric information. And it can be inferred that the various payment terminal 400 function configuration for transmitting the full payment approval request to the server on the network, but the technical features of the present invention is not limited by the Figure 4, all inferred implementation Note that it includes the method.

In addition, FIG. 4 will be described by describing the user biometric information as fingerprint information, and the biometric information may vary in addition to the fingerprint information described in the present invention without departing from the spirit of the present invention. , Iris, retina, vein, etc.).

Referring to FIG. 4, the payment terminal 400 basically includes a control unit 405, a memory unit 450, a card reader unit 410, a key input unit 420, a screen output unit 415, and a fingerprint input unit ( 455, a communication processor 430, a print output unit 440, and a power supply unit 425 for supplying power to the payment terminal 400, and at least one terminal function according to the intention of those skilled in the art. Part (eg, security application module 435, etc.) may be further included.

The control unit 405 controls the overall operation of the payment terminal 400 shown in the functional configuration, manages the flow of information or data between each component, the user fingerprint information input from the fingerprint input unit 455, The payment terminal (for example, VAN company server, etc.) for transmission to the server (for example, VAN company server, etc.) with the payment approval request text including the card information (for example, credit card number, etc.) read from the user card and predetermined payment information ( Characterized in that interlocking and controlling at least one component provided in the 400, the payment terminal 400 is at least one or more including a Central Processing Unit (CPU) / Micro Processing Unit (MPU) in hardware It may include a processor and execution memory (eg, a register and / or random access memory (RAM)) and a bus for inputting and outputting predetermined data. .

 In addition, the payment terminal 400 is a predetermined program routine that is loaded (loaded) from a predetermined recording medium into the execution memory in order to perform a function specific to the payment terminal 400 by software and arithmetic processing by the processor ( A user's fingerprint information input from the fingerprint input unit 455, card information read from the user card (for example, a credit card number, etc.) and predetermined payment information. In order to transmit the full payment approval request message to a server on the network, a predetermined program recorded on a recording medium provided in the payment terminal 400 and / or a functional configuration provided in the payment terminal 400 is processed in software. Possible components are shown in the control unit 405).

According to the exemplary embodiment of the present invention, the control unit 405 may include components (eg, the memory unit 450, the card reader unit 410, the key input unit 420, and the fingerprint input unit provided in the payment terminal 400). 455, the screen output unit 415, the communication processing unit 430, the security application module 435, the print output unit 440, and / or the terminal function unit (not shown) according to the intention of a person skilled in the art By controlling and managing providing the electronic payment service defined in the payment terminal 400, as well as encrypting the user fingerprint information input from the fingerprint input unit 455 in accordance with the present invention and the encrypted user fingerprint information and The payment terminal 400 is provided in the payment terminal 400 to transmit a full payment approval request message including a card information (eg, a credit card number) read out from the user card and predetermined payment information to a server on a network. Control by interworking a cow, or for this it is preferred to run the program to be recorded in a recording medium provided in the payment terminal (400).

The memory unit 450 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the payment terminal 400 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, the predetermined program routine and the program data (for example, data input or output for the program routine to perform a predetermined function) is required for the control unit 405 to perform a predetermined control function ) Is stored.

According to an embodiment of the present invention, the memory unit 450 encrypts the user fingerprint information inputted from the fingerprint input unit 455 by the payment terminal 400 according to the present invention, and the encrypted user fingerprint information; It is preferable to store the information (or data) generated in the process of transmitting to the server the payment approval request text including the card information (for example, credit card number, etc.) read from the user card and predetermined payment information. Do.

The user card that reads user card information (eg, credit card number, etc.) included in the full payment approval request message through the payment terminal 400 is a contact IC card (or wireless) based on ISO / IEC 7816 standard. IC chip), and / or a card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, wherein the card reader unit 410 is connected to the user card. An interface for reading at least one or more information or data provided may be provided.

According to the method of the present invention, the card reader unit 410 is a contact IC reader unit for providing an interface between the contact IC card and the payment terminal 400, or the contactless IC card and the payment terminal 400. A contactless IC reader may be provided to provide an interface between the terminals.

In the present invention, the card reader unit is shown as being provided in the payment terminal 400, any one or more card readers of the card reader unit is detachable from the payment terminal 400 or may be connected through a predetermined cable. State that you can.

For example, when the contact IC reader unit is a card reader unit 410 based on ISO / IEC 7816, at least one or more electrical contact forms with a chip on board (COB) provided in the contact IC card. It comprises a contact point, and supplies power to the IC chip of the user card through the contact point, and predetermined information from the IC chip through the half-duplex transaction using an Application Protocol Data Unit (APDU) (Eg, a credit card number, etc.) or data may be interfaced to the payment terminal 400.

According to another exemplary embodiment of the present invention, when the fingerprint information of the user is mounted in the user IC card, the contact IC reader may interface the user fingerprint information to the payment terminal 400 from the IC card. have.

In addition, when the contactless IC reader unit is a card reader unit 410 based on ISO / IEC 14443, the contactless electrical contact with the contactless IC card using capacitive coupling and / or inductive coupling may be performed. It comprises at least one antenna to form a power supply, the power supply to the IC chip of the user card through the antenna, and predetermined information from the IC chip through the half-duplex transaction using the APDU ( For example, a credit card number, etc.) or data may be interfaced to the payment terminal 400.

According to another exemplary embodiment of the present disclosure, when the fingerprint information of the user is mounted in the user IC card, the contactless IC reader may interface the user fingerprint information to the payment terminal 400 from the IC card. .

In addition, the payment terminal 400 may further include an MS reader, wherein the MS reader is a card reader 410 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil. Head), and the MS card in which predetermined information (e.g., magnetized binary data) is recorded is moved in a predetermined direction in close contact with the magnetic head (or the magnetic head records predetermined information). When the mobile terminal is in close contact with the MS card, a predetermined information or data is transmitted from at least one track provided in the MS of the MS card by using a predetermined electrical signal loaded on the magnetic head. Can be interfaced with

The key input unit 420 is provided with at least one key button including at least one numeric key and / or a character key and / or a function key. Detects information (or a signal) input from a key input device of a predetermined key and is provided to the key input device in a specific input mode and / or operation mode of the payment terminal 400 controlled by the controller 405. When predetermined information (or signal) is input from a key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 405. The control unit 405 acquires predetermined key data corresponding to the key event in the current input mode and / or operation mode of the payment terminal 400, and / or is defined in accordance with the key event. And an instruction to be executed to perform the functions characterized in that the pickup.

Here, the key input unit 420 and the key input device having at least one key button interoperate with each other to perform a function of key input means provided in the payment terminal 400.

The key input device interoperating with the key input unit 420 may include a keypad device having at least one numeric key and a function key, and / or at least one numeric key and a character key (eg, English character key, and / or Korean character). Key) and / or a keyboard device having a function key, and / or having at least one numeric key and a function key in conjunction with the screen output means, and / or having at least one numeric key, a character key and a function key. It is preferable to include at least one touch screen device.

For example, the key input unit 420 may receive a key data (eg, a payment amount) corresponding to the electronic payment service from at least one or more key input devices for the electronic payment service defined in the payment terminal 400. It is preferable to perform a function of an input means, and further, encrypting user fingerprint information input from the fingerprint input unit 455 according to an embodiment of the present invention, the encrypted fingerprint information, and a card read from the user card. A function of a key input means for receiving at least one key data required in the process of transmitting a payment approval request text including information (for example, credit card number) and predetermined payment information to a server on the network. It is preferable to carry out.

The screen output unit 415 is a liquid crystal display (LCD) by the control unit 405 in the process of the payment terminal 400 performs a predetermined function (for example, user fingerprint information processing function, electronic payment processing function, etc.) And / or at least one or more information or data which is predefined or defined in real time to be output to a predetermined display device including a Cathode Ray Tube (CRT) and / or a CRT (Cathode Ray Tube). The screen output unit 415 and the screen output device interoperate with each other to perform a function of the screen output means provided in the payment terminal 400.

Predefined information or data to be output from the payment terminal 400 to the screen output device is key data input through the key input unit 420, and / or components provided in the payment terminal 400. Information (or data) stored or generated by the information, information (or data) transmitted / received through the communication processing unit 430, and / or information corresponding to a predetermined calculation result performed by the payment terminal 400 (or Data) and at least one.

According to a preferred embodiment of the present invention, the screen output unit 415 performs a function of a screen output means for outputting a predetermined processing screen according to the fingerprint information processing and electronic payment steps defined in the payment terminal 400. do.

The fingerprint input unit scans the user fingerprint when a user inputs a fingerprint through a predetermined fingerprint recognition (or input) device (or fingerprint input means, etc.), and transmits the scanned user fingerprint information to the controller.

The communication processor 430 performs a payment network (eg, a value added network (VAN)) while the payment terminal 400 performs a predetermined function (for example, a fingerprint information processing function or an electronic payment processing function). Communicating with a VAN company server or a terminal (or device) connected to the payment terminal 400 via a predetermined cable or a terminal (or device) connected to the payment terminal 400 through a predetermined short-range wireless communication. It provides a predetermined communication means for connecting a session, and a communication session with a predetermined terminal (or device) through a network communication unit for connecting a predetermined communication channel with a VAN company server on a wired or wireless network, or a predetermined cable communication port. A predetermined communication session is established with a predetermined short distance communication terminal (or device) device through a cable communication unit for connection or at least one short distance wireless communication means. It includes a short-range wireless communication unit for the connection, and comprises a communication protocol and / or driver for connecting the communication channel (or communication session) by software.

The network communication unit may include a predetermined wired network and / or a mobile communication network including a Value Added Network (VAN) or a financial common network or high-speed Internet (eg, ADSL / VDSL / Cable Network /.../ satellite communication). And a communication channel with a server (for example, a VAN company server) on a wired or wireless network through a predetermined wireless network including a wireless data communication network, and hardwarely connecting the payment terminal 400 to a predetermined wired or wireless network. It may include a modem or a network interface card (NIC) for access, and may include a communication protocol and / or a driver for connecting the payment terminal 400 to the wired or wireless network in software. have.

The cable communication unit connects a cable communication session with a predetermined terminal (or device) through a predetermined cable communication (eg, RS-232c or Universal Serial Bus (USB)), and the cable is connected in hardware. It comprises a predetermined cable communication port, and may comprise a communication protocol and / or driver for the cable communication in software.

Here, the terminal (or device) to which the cable communication session is connected through the cable communication unit preferably includes a predetermined point of sales (POS) terminal.

The short range wireless communication unit includes at least one of infrared ray communication, RF (Radio Frequency) communication, Bluetooth (BlueTooth), Wireless LAN (Wi-Fi), Wi-Fi (Wi-Fi), and Universal Serial Bus (USB). Characterized in that to connect a predetermined terminal (or device) and a short-range wireless communication session through at least one or more short-range wireless communication means, the hardware includes the infrared communication, RF communication, Bluetooth, WLAN, WiFi, UWB And a predetermined short range wireless communication module for short range wireless communication, and includes a communication protocol and / or a driver for the short range wireless communication in software.

Here, the terminal (or device) to which the short-range communication session is connected through the short-range communication unit preferably includes a user wireless terminal that mounts or detaches a predetermined wireless IC chip.

The secure application module 435 (SAM) is a confidentiality and / or authentication required by the payment terminal 400 in the process of performing the electronic payment and / or electronic payment using the user card ( Security requirements, including Authentication and / or Integrity and / or Nonrepudiation, can be secured within the payment terminal 400 without using an authentication server (or server 405) on the payment network. As a safety device for performing a reliable and reliable structure, the payment terminal 400 performs a predetermined message (information) processed in the process of performing a predetermined security request function (for example, fingerprint information processing function, electronic payment processing function, etc.). Or encrypting or decrypting data), adding an authenticator to prevent forgery (or tampering) of the message, or performing the security request function. It may function to store important key information.

In general, the security application module 435 may be composed of a predetermined security application module inserter and a security application module chip, the security application module 435 chip is a chip containing at least 8 bits or more CPU 2 Million Instructions Per It may include an Application Specific Integrated Circuit (ASIC) chip (eg, PLCC 44-pin chip) and / or an IC chip (eg, an IC card in the form of a subscriber identity module (SIM)) having a second or more performance. .

In addition, the security application module 435 is at least one or more security application data (eg, at least one or more identifier, version, expiration date, issue date, code value, etc.) required to perform a predetermined security request function to the payment terminal 400 ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocess / cancel command).

The print output unit 440 may be configured to perform a predetermined function (eg, an electronic payment processing function) by the payment terminal 400 and / or predetermined information or data (eg, payment approval details) generated as a result. Data, etc.) to a predetermined printing device 445 (for example, a receipt printer), and to print the print information or data through the predetermined printing device 425 according to a predefined printing form. It can be made by including a printing protocol and a driver.

Referring to FIG. 4, the control unit 405 of the payment terminal 400 generates scanned user fingerprint data provided from the fingerprint input unit 455 as fingerprint information including a predetermined feature point, and generates the generated fingerprint. Fingerprint information processing unit 460 for encrypting information, card information (eg, credit card number, etc.) read from the user card through the card reader unit 410 and transaction information input through the key input unit 420. A professional component unit 465 constituting a full payment approval request message including (eg, payment amount information) and information for transmitting the full payment approval request message and the user fingerprint information to the VAN company server (or payment server). It may include a transmitter 470 and a specialized receiver 475 for receiving a payment approval response message corresponding to the payment approval request full text from the VAN company server.

Here, when the user fingerprint data scanned from the fingerprint input unit is provided, the fingerprint information processor may apply a predetermined pattern recognition algorithm to the provided fingerprint data to have a common point that may be the same as fingerprint information of another user. Except, the fingerprint information in the form of a template may be generated by extracting only the feature points (for example, ridges, valleys, shortcomings, and the like) of the user.

In this case, the size of the template increases as the number of feature points increases, but the recognition error rate decreases. In general, about 15 to 60 feature points included in the template are preferable, and the payment terminal 400 It is noted that the recognition error rate and size of the fingerprint information may be changed according to the specification.

According to another exemplary embodiment of the present invention, when the user fingerprint information is mounted on the user IC card, the fingerprint information processor may receive user fingerprint information read from the IC card from the card reader unit.

The fingerprint information processing unit may encrypt the generated fingerprint information so that the fingerprint information of the user cannot be used even if the user's fingerprint information is illegally stolen or leaked. 5 to 9 will be described in more detail.

The expert component 465 may be configured to read card information (eg, credit card number, etc.) read from the user card through the card reader 410 and transaction information (eg, through the key input unit 420). And a payment approval request message including payment amount information, etc.) and merchant information (or payment terminal 400 information, etc.) previously stored in the memory unit 450. Transfer to the information transmission unit 470.

The information transmission unit, when the payment approval request text is configured through the specialized component is delivered, the user fingerprint information is transmitted through the fingerprint information processing unit, the payment approval request full text and the user fingerprint information to the VAN company server (or payment Server).

According to an embodiment of the present invention, the information transmission unit, if the payment approval request is configured, but the fingerprint is not input from the user, after the user's fingerprint input, until the input user fingerprint information is delivered to the Waiting for transmission of a payment approval request message, and when the user fingerprint information is transmitted through the fingerprint input unit and a fingerprint information processing unit, the payment approval request message may be transmitted to the server on the network together with the transferred user fingerprint information.

5 is a diagram illustrating a configuration of a fingerprint information processing unit 460 having a function of encrypting fingerprint information through a predetermined encryption key according to one embodiment of the present invention.

In more detail, FIG. 5 illustrates a fingerprint information processing unit 460 of the payment terminal 400 in the fingerprint information processing unit 460 of the payment terminal 400 shown in FIG. A function configuration provided by encrypting through a predetermined encryption key at 460 is provided, and a person having ordinary knowledge in the art to which the present invention pertains refers to the fingerprint input unit 455 by referring to and / or modifying the drawing 5. It is possible to infer various implementation methods for the fingerprint information processing unit 460 by encrypting fingerprint information inputted from a predetermined encryption key, but the present invention includes all of the inferred implementation methods, as shown in FIG. It is not limited to the implemented method.

Referring to FIG. 5, the fingerprint information processing unit 460 stores a memory in association with a predetermined encryption key for encrypting fingerprint information input from the fingerprint input unit 455 and the encryption key index, and stores the encryption key. Characterized in that it comprises a password processing unit 500 for encrypting the input fingerprint information through.

The memory may store a predetermined encryption key for encrypting the input fingerprint information, and the encryption key may be processed in association with a predetermined encryption key index to store the memory (or the payment terminal 400 and the memory unit 450). It is characterized in that stored in).

Here, the encryption key is an encryption key for encrypting the fingerprint information in a symmetric key (or secret key) encryption method, and / or an encryption key for encrypting the fingerprint information in a public key encryption method, and / or the fingerprint information. It may include at least one or more of an encryption key for encrypting the electronic envelope encryption method, and / or an encryption key for encrypting the fingerprint information in a key exchange encryption method.

In addition, the encryption key index stored in the memory in association with the encryption key is index information (for example, merchant code) for identifying a predetermined decryption key associated with the encryption key in a host that decrypts the encrypted fingerprint information. Or a payment terminal 400 code, etc.), whereby a host (eg, a biometric information management server, etc.) that decrypts the encrypted fingerprint information is assigned to the encryption key based on the encryption key index. At least one corresponding decryption key may be identified and the encrypted fingerprint information may be decrypted using the identified decryption key.

Here, the decryption key identified through the encryption key index is a decryption key for decrypting the encrypted fingerprint information by a symmetric key (or secret key) decryption method, or decrypting the encrypted fingerprint information by a public key decryption method. At least one of a decryption key for decryption, a decryption key for decrypting the encrypted fingerprint information by an electronic envelope decryption method, or a decryption key for decrypting the encrypted fingerprint information by a key exchange decryption method. .

According to another exemplary embodiment of the present invention, when the payment terminal 400 information (or merchant code information) included in the full payment approval request generated by the payment terminal 400 performs the encryption key index function, the memory The encryption key index may be omitted, and the present invention is not limited thereto.

The encryption processing unit 500 may use the symmetric key (or secret key) encryption method and / or public key encryption method, and / or the user fingerprint information input through the fingerprint input unit 455 through an encryption key stored in the memory. And encrypting through at least one or more of an electronic envelope encryption scheme and / or a key exchange encryption scheme.

The fingerprint information encrypted by the fingerprint information processing unit 460 is preferably secured until a predetermined decryption key is decrypted by a predetermined host (for example, a biometric information management server).

6 is a diagram illustrating a method of encrypting fingerprint information in a symmetric key (or secret key) method by the fingerprint information processing unit 460 according to an embodiment of the present invention.

In more detail, Figure 6 relates to an implementation method for encrypting the fingerprint information by a symmetric key (or secret key) method in the fingerprint information processing unit 460 equipped with the encryption function as shown in Figure 5, the present invention Those skilled in the art may refer to and / or modify this drawing 6 to infer various implementation methods for encrypting the fingerprint information in a symmetric key (or secret key) manner by the fingerprint information processing unit 460. It will be appreciated that the present invention encompasses all of the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

In FIG. 6 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the memory (or payment terminal 400 memory unit 450) provided in the fingerprint information processing unit 460. Do.

Referring to FIG. 6, when user fingerprint information is input through the fingerprint input unit 455, the user fingerprint information is provided to the encryption processing unit 500 (600). When the user fingerprint information is provided, the encryption processing unit 500 is provided. Read a predetermined symmetric key (or secret key) for encrypting the fingerprint information from the memory (or payment terminal 400 memory 450) provided in the fingerprint information processing unit 460 (605), the read The fingerprint information is encrypted using a symmetric key (or secret key) (610).

Here, the encryption function of the encryption processing unit 500 is called E (Encryption), the symmetric key (or secret key) is k (key), the fingerprint information is P (Plaintext), and the symmetric key (or secret key). When the fingerprint information encrypted with) is C (Ciphertext), the encryption function of the encryption processing unit 500 may be expressed by an expression such as "Ek (P) = C".

According to the embodiment of the present invention, the encryption processing unit 500 encrypts the fingerprint information through the symmetric key (or secret key), SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA It is preferable to include at least one or more of the International Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

7 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in the fingerprint information processing unit 460 according to an embodiment of the present invention.

In more detail, FIG. 7 is an embodiment of the method for encrypting the user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit 460 having an encryption function as shown in FIG. 5. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information using the public key method by referring to and / or modifying the drawing of FIG. 7. It includes all the inferred implementation method, and is not limited to the implementation method shown in FIG.

In FIG. 7 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 400 memory 450) provided in the fingerprint information processing unit 460.

Referring to FIG. 7, when the user fingerprint information is input through the fingerprint input unit 455, the fingerprint information is provided to the encryption processing unit 500 (700). When the fingerprint information is provided, the encryption processing unit 500 may provide the fingerprint information. A predetermined server-side public key for encrypting the fingerprint information is extracted from a memory (705), and the fingerprint information is encrypted (710) using the extracted server-side public key.

Here, the encryption function of the encryption processing unit 500 is called E (Encryption), the server-side public key is k1 (key), the fingerprint information is P (Plaintext), and the server-side public key is encrypted fingerprint information. Suppose C (Ciphertext), the encryption function of the encryption processing unit 500 can be expressed by a formula such as "Ek1 (P) = C".

According to an embodiment of the present invention, the encryption processing unit 500 encrypts the fingerprint information through the server-side public key: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the fingerprint information through the RSA encryption algorithm among the encryption algorithms, the published method (Modulus) used in the encryption process is n, and the undisclosed prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 500 may be expressed as" C = Ek1 (P) = Pe mod n ".

8 is a diagram illustrating a method of encrypting fingerprint information by an electronic envelope method in the fingerprint information processing unit 460 according to an embodiment of the present invention.

In more detail, FIG. 8 is an embodiment of the method for encrypting the user fingerprint information by an electronic envelope method in the fingerprint information processing unit 460 equipped with the encryption function as shown in FIG. 5, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in an electronic envelope by the fingerprint information processing unit 460 by referring to and / or modifying the present invention. It includes all the implementation methods, and is not limited to the implementation method shown in FIG.

In FIG. 8 according to an embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 400 memory 450) provided in the fingerprint information processing unit 460.

Referring to FIG. 8, when user fingerprint information is input from the fingerprint input unit 455, the fingerprint input unit 500 provides the fingerprint information to the encryption processing unit 500 (800). When the fingerprint information is provided, the encryption processing unit 500 provides the fingerprint. Generates a random random secret key for encrypting the information in a secret key (symmetric key) method (805), and encrypts the fingerprint information using the generated secret key (810) .

Herein, the encryption function of the encryption processing unit 500 is called E (Encryption), the secret key is r (random secret key), the user fingerprint information is P (Plaintext), and the fingerprint information encrypted with the secret key is C In the case of (Ciphertext), the encryption function of the encryption processing unit 500 can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, the encryption processing unit 500 encrypts the fingerprint information using the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data Encryption Algorithm). It is preferable to include at least one of), and in addition to the encryption algorithm of various forms may be used, but the present invention is not limited by a specific encryption algorithm.

Thereafter, the encryption processing unit 500 encrypts the secret key (random secret key) used to encrypt the user fingerprint information. For this purpose, the encryption processing unit 500 extracts a predetermined server-side public key from the memory. In operation 815, the secret key is encrypted using the server-side public key (820).

Here, the encryption function of the encryption processing unit 500 is called E (Encryption), the server-side public key is k1 (key), the secret key is r (random Secret key), and the secret encrypted with the server-side public key. If the key is C (Ciphertext), the encryption function of the encryption processing unit 500 can be expressed by an expression such as "Ek1 (r) = C".

According to an embodiment of the present invention, the encryption processing unit 500 encrypts the secret key through the server-side public key: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 500 may be expressed as" C = Ek1 (r) = re mod n ".

If the fingerprint information is encrypted with the secret key, and the secret key is encrypted with the server-side public key, the encryption processing unit 500 encrypts the fingerprint information encrypted with the secret key and the secret key encrypted with the server-side public key. Interworking

9 is a diagram illustrating a method for encrypting fingerprint information in a key exchange method in the fingerprint information processing unit 460 according to an embodiment of the present invention.

In more detail, FIG. 9 illustrates an embodiment of the present invention in which a fingerprint information processing unit 460 having an encryption function as shown in FIG. 5 encrypts and transmits the fingerprint information by a key exchange method. Those skilled in the art will be able to infer various implementation methods for encrypting the fingerprint information in a key exchange method by referring to and / or modifying the drawing 9, but the present invention is inferred from It includes all implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 9 according to an embodiment of the present invention, the fingerprint input unit 455 side private key and the server side public key may include the memory (or payment terminal 400 memory unit 450) provided in the fingerprint information processing unit 460. It is preferable to read from).

Referring to FIG. 9, when user fingerprint information is input through the fingerprint input unit 455, the user fingerprint information is provided to the encryption processing unit 500 (900). When the fingerprint information is provided, the encryption processing unit 500 provides the Generates a message digest including a predetermined one-way hash function (eg, a hash code of a predetermined length regardless of the length of the fingerprint information), and generates the hash code (or message digest). One-way hash function that cannot identify (or infer) the original message through the message input unit 455 and the host decrypting the encrypted fingerprint information using the same hash function). The digital signature is generated (905) and the message digest is digitally signed (7910) by encrypting the private message through the fingerprint key of the fingerprint information processor 460.

Here, the encryption function of the encryption processing unit 500 is called E (Encryption), the fingerprint information processing unit 460 side private key is t1 (yerminal side key), the message digest is m (message digest), and If the message digest encrypted with the private key of the fingerprint input unit 455 is called C (Ciphertext), the digital signature function of the encryption processing unit 500 may be expressed by an expression such as "Et1 (m) = C".

According to the exemplary embodiment of the present invention, the encryption processing unit 500 encrypts the message digest using the private key of the fingerprint information processing unit 460, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA ( Digital Signature Algorithm (DH), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH is preferably included at least one or more, in addition to various encryption algorithms may be used, specific encryption The present invention is not limited by the algorithm.

For example, in the case of encrypting the message digest through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the digital signature function of the encryption processing unit 500 may be expressed as" C = Et1 (m) = me mod n ".

In addition, the encryption processing unit 500 generates a predetermined random secret key for encrypting the fingerprint information by a secret key (symmetric key) method (715), the fingerprint information and the fingerprint The message digest encrypted with the private key of the input unit 455 and the copy of the certificate (for example, a certificate including the public key of the fingerprint information processing unit 460) of the memory are linked to each other and encrypted using the generated secret key ( 920).

Here, the encryption function of the encryption processing unit 500 is called E (Encryption), the secret key is r (random secret key), the fingerprint information and the copy of the certificate P (Plaintext), and the fingerprint information encrypted with the secret key If the copy of the certificate is called C (Ciphertext), the encryption function of the encryption processing unit 500 can be expressed by an expression such as "Er (P) = C".

According to the method of the present invention, the encryption processing unit 500 encrypts the fingerprint information and the certificate copy through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International) It is preferable to include at least one or more of Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

In addition, the encryption processing unit 500 extracts a predetermined server-side public key from the memory in order to encrypt the secret key that encrypts the fingerprint information (925), and uses the server-side public key to obtain the fingerprint information. The encrypted secret key is encrypted (930).

Here, the encryption function of the encryption processing unit 500 is called E (Encryption), the server-side public key is encrypted with s1 (server side key), the secret key is r (random secret key), and the server-side public key. When the secret key is referred to as C (Ciphertext), the encryption function of the encryption processing unit 500 may be expressed by an expression such as "Es1 (r) = C".

According to an embodiment of the present invention, the encryption processing unit 500 encrypts the secret key through the server-side public key: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 500 may be expressed as" C = Es1 (r) = re mod n ".

A copy of a certificate including the message digest encrypted with the fingerprint information and the private key of the fingerprint information processing unit 460 and the public key of the fingerprint information processing unit 460 is linked and encrypted through the generated secret key, and the secret When a key is encrypted through the server-side public key, the encryption processing unit 500 encrypts the message digest and the fingerprint information processing unit encrypted with the fingerprint information encrypted with the secret key and the private key of the fingerprint information processing unit 460. A predetermined copy of the fingerprint information is generated by associating a copy of the certificate including the public key on the side of the server 460 with the secret key encrypted with the server-side public key.

10 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

In more detail, FIG. 10 is connected to a payment terminal 400 shown in FIG. 4 through a predetermined network (eg, a VAN), and the full text of the payment approval request from the payment terminal 400 and the encrypted data. When the user biometric information is received, the received encrypted biometric information is transmitted to a predetermined biometric information management server, so as to request user unique identification information corresponding to the biometric information, and corresponding biometric information from the biometric information management server. When the user specific identification information is transmitted, the server (for example, VAN company server, etc.) configuration for transmitting the transmitted user unique identification information and the payment approval request full text to the card company server corresponding to the user card information As a method, one of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 10 Transmitting the encrypted biometric information to a biometric information management server for requesting confirmation of user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information. Various server configurations may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 10 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 10, the server includes a receiving unit 1005, a reading unit 1010, a specialized processing unit 1015, an approval requesting unit 1020, a biometric information processing unit 1035, and a sales information processing unit 1025. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 1005 includes payment information including user card information (eg, credit card number) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal 400 illustrated in FIG. 4. Receive the encrypted fingerprint information of the user input through the full approval request and the payment terminal 400, and transfers the received payment approval request full text to the reading unit 1010, and transmits the encrypted fingerprint information Transfer to the biometric information processing unit 1035.

The reading unit 1010 reads the payment approval request text when the payment approval request text received through the receiving unit 1005 is transmitted, and reads the user card information (eg, a credit card) included in the payment approval request text. Number, etc.), the card company information corresponding to the confirmed card information is confirmed, and the confirmed card company information and the payment approval request details are transmitted to the approval request unit 1020.

When the biometric information processing unit 1035 receives the encrypted fingerprint information received through the receiving unit 1005, the biometric information processing unit 1035 transmits the encrypted fingerprint information to the biometric information management server, so that the user unique identification information corresponding to the fingerprint information ( For example, requesting confirmation of name, resident registration number, insurance number, driver's license number, financial transaction means information, etc., and when the user's unique identification information corresponding to the fingerprint information is confirmed through the biometric information management server, the confirmed user Receives the unique identification information, and transmits the received user unique identification information to the approval request unit 1020.

The approval request unit 1020, the payment approval request history and the card company information is transmitted through the reading unit 1010, the user unique identification corresponding to the encrypted fingerprint information through the biometric information processing unit 1035 When information (for example, name, resident registration number, insurance number, driver's license number, financial transaction information, etc.) is delivered, the payment approval request details and the user's unique identification information are transmitted to the card company server to request the approval of the payment. The card user authentication request is made, and a payment approval response and a user authentication response to the payment approval request are received from the card company server.

The expert processing unit 1015 receives the payment approval response received through the approval request unit 1020, configures a payment approval response message to be transmitted to the payment terminal 400, and stores the configured payment approval response message. The payment terminal 400 transmits. In this case, the full text of the payment approval response may include the payment approval processing details and the user authentication details.

When the information processing unit receives a payment approval response and a user authentication response to the payment approval request from the card company server through the approval request unit 1020, a sales slip including the payment approval details according to the response result In this configuration, the data is stored in a predetermined storage medium through the information storage unit 1030 in association with the encrypted fingerprint information.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The information storage unit 1030 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

11 is a diagram showing the functional configuration of the biometric information management server 1100 according to an embodiment of the present invention.

In more detail, FIG. 11 is connected to a server shown in FIG. 10 through a predetermined network (eg, a VAN), and receives encrypted user biometric information from the server, thereby receiving the received encrypted user. A method for implementing a biometric information management server 1100 configured to decrypt biometric information, identify user unique identification information corresponding to the decrypted user biometric information, and transmit the identified user unique identification information to the server. Those skilled in the art to which the present invention pertains can refer to and / or modify this figure 11 to decrypt the encrypted biometric information to verify various user identification information corresponding to the user biometric information. Sex may be inferred, but the present invention includes all implementation methods inferred above, and is shown in FIG. It is not limited to the method.

In addition, although the server illustrated in FIG. 11 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 11, the biometric information management server 1100 may include an information receiver 1105, a decoder 1110, an information transmitter 1115, and an information checker 1120. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 1105 may receive predetermined encrypted biometric information from the server illustrated in FIG. 10 and transmit the received encrypted biometric information to the decryption unit 1110.

The decryption unit 1110 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 1105 is transmitted. Forward to 1120.

An encrypted biometric information decryption process of the decryption unit 1110 will be described in more detail with reference to FIGS. 12 to 15 below.

When the encrypted biometric information is decrypted by the decryption unit 1110, the information checking unit 1120 checks (or extracts) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 1115.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information confirmation unit 1120, the information transmission unit 1115 transfers the transmitted user identification information to the encrypted biometrics. Send the information to the server that sent it.

FIG. 12 illustrates a method of decrypting predetermined encrypted biometric information received from the server by a symmetric key (or secret key) method in the biometric information management server 1100 according to an exemplary embodiment of the present invention.

In more detail, FIG. 12 is encrypted from the payment terminal 400 equipped with the encryption function as shown in FIG. 4, and the biometric information management server 1100 shown in FIG. 11 stores the encrypted biometric information transmitted through the server. The present invention relates to a method for decrypting by a symmetric key (or secret key) method, and if the present invention belongs to a general knowledge, referring to and / or modifying this figure 12 to convert the encrypted biometric information Various implementation methods for decrypting using a symmetric key (or secret key) method may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 11 according to an embodiment of the present invention, fingerprint information is presented as an embodiment of the biometric information.

Referring to FIG. 12, the information receiver 1105 of the biometric information management server 1100 provides the encrypted fingerprint information received from the server to the decryption unit 1110 (1200).

Thereafter, the decryption unit 1110 is configured to decrypt the encrypted fingerprint information from a storage medium provided in the biometric information management server 1100 or provided in a predetermined key management server (for example, an authentication server) on a network. The extracted symmetric key (or secret key) is extracted or provided (1205), and the encrypted fingerprint information is decrypted through the extracted symmetric key (or secret key) (1210).

Here, the decryption function of the decryption unit 1110 is called D (Decryption), and the fingerprint information encrypted with the symmetric key (or secret key) k (key) and the symmetric key (or secret key) is C (Ciphertext). And, if the decrypted fingerprint information is P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 1110 is "Dk = P, or Dk (Ek (P)) = P" and The same formula can be used.

According to the embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 1110 through the symmetric key (or secret key), SEED, DES (Data Encryption Standard), Triple-DES, Skipjack It is preferable to include at least one or more of the International Data Encryption Algorithm (IDEA), and various types of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 400. The present invention is not limited by the specific decoding algorithm.

When the fingerprint information encrypted through the symmetric key (or the secret key) is decrypted as described above, the decryption unit 1110 transfers the decrypted fingerprint information to the information verification unit 1120, and the information verification unit 1120. ) May identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium.

FIG. 13 is a diagram illustrating a method of decrypting encrypted biometric information received from the server in a public key infrastructure according to an embodiment of the present invention.

In detail, FIG. 13 illustrates a structure of a public key infrastructure in the biometric information management server 1100 for the encrypted biometric information encrypted from a payment terminal 400 having an encryption function as shown in FIG. 5 and transmitted through the server. Method for decrypting by the method, if the present invention is known in the art, fingerprints encrypted with the server-side public key in the payment terminal 400 by referring to and / or modified in this figure 13 Various implementation methods for decrypting information in a public key based structure may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 13 according to an embodiment of the present invention, a server-side private key for decrypting the fingerprint information encrypted with the server-side public key in a public key infrastructure structure is provided in the biometric information management server 1100 or on a network. It is preferable to read from the storage medium provided in the key management server (for example, authentication server, etc.), and the present invention is not limited thereby.

Referring to FIG. 13, the encrypted fingerprint information received through the information receiver 1105 of the biometric information management server 1100 is provided to the decryption unit 1110 (1300).

Thereafter, the decryption unit 1110 extracts a server-side private key for decrypting the encrypted fingerprint information from a storage medium provided in the biometric information management server 1100 or provided in a predetermined key management server (1305). The encrypted fingerprint information is decrypted using the extracted server-side private key (1310).

Here, the decryption function of the decryption unit 1110 is called D (Decryption), the server-side private key is k2 (key), the fingerprint information encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When the fingerprint information decrypted by the key is called P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 1110 is expressed by a formula such as "Dk2 = P, or Dk2 (Ek (P)) = P". I can express it.

According to an embodiment of the present invention, an algorithm for decrypting fingerprint information encrypted by a server-side public key in the payment terminal 400 by the decryption unit 1110 through the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it can be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 400, the invention is not limited by a specific decryption algorithm.

For example, when the fingerprint information is decoded through the RSA decryption algorithm among the public key based decryption algorithms, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the reading unit 1010 may be expressed as" P = Dk2 = Cd mod n ".

When the fingerprint information encrypted with the server-side public key is decrypted by the payment terminal 400 through the server-side private key as described above, the decryption unit 1110 transfers the decrypted fingerprint information to the information verification unit 1120. The information checking unit 1120 may identify (or extract) user unique identification information corresponding to the decrypted biometric information from a predetermined storage medium.

14 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server 1100 from the server according to an embodiment of the present invention by an electronic envelope method.

In more detail, FIG. 14 shows the encrypted information in the biometric information management server 1100 that receives the encrypted biometric information encrypted from the payment terminal 400 having the encryption function as shown in FIG. 5 and transmitted through the server. The present invention relates to a method for decoding biometric information by an electronic envelope method. If the present invention belongs to a general knowledge, the electronic device may be referred to and / or modified with reference to FIG. 14. It is possible to infer various implementation methods for decrypting the fingerprint information encrypted in the manner in the biometric information management server 1100 in the same electronic envelope method, but the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to the implementation method shown.

In FIG. 14 according to an embodiment of the present invention, a server-side private key for decrypting the encrypted fingerprint information in an electronic envelope method is provided in the biometric information management server 1100 or a predetermined key management server (for example, a network). It is preferable to read from the storage medium provided in the authentication server, etc., whereby the present invention is not limited.

Referring to FIG. 14, the encrypted fingerprint information received through the information receiving unit 1105 of the biometric information management server 1100 is provided to the decryption unit 1110 (1400), and then, the decryption unit 1110 ) Extracts a server-side private key for decrypting an encrypted secret key included in the fingerprint information from a storage medium provided in the biometric information management server 1100 or a predetermined key management server (1405). Decrypting the secret key encrypted with the server-side public key in the payment terminal 400 through the extracted server-side private key (1410), and extracts a predetermined secret key for decrypting the fingerprint information (1415). By decrypting the fingerprint information using the extracted secret key (1420), the payment terminal 400 extracts the fingerprint information encrypted with the secret key (1425).

Here, the decryption function of the decryption unit 1110 is called D (Decryption), the server-side private key is k2 (key), the secret key encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When a secret key decrypted with a key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 1110 is equal to "Dk2 = r, or Dk2 (Ek1 (r)) = r". It can be expressed as an expression.

According to an embodiment of the present invention, the decryption unit 1110 decrypts a secret key encrypted with the server-side public key in the payment terminal 400 through the server-side private key, RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it can be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 400, the invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoding unit 1110 may be expressed as" P = Dk2 = Cd mod n ".

Here, the decryption function of the decryption unit 1110 is called D (Decryption), the secret key is r (random secret key), the fingerprint information encrypted with the secret key (C (Ciphertext)), and the decrypted fingerprint If the information is referred to as P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 1110 may be expressed by a formula such as "Dr = P or Dr (Er (P)) = P".

According to the embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 1110 through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data) It is preferable to include at least one or more of the Encryption Algorithm, and in addition to the decryption algorithm of various forms may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 400, The present invention is not limited by the specific decoding algorithm.

When the fingerprint information is decrypted as described above, the decryption unit 1110 may provide the decrypted fingerprint information to the information verification unit 1120, and the information verification unit 1120 corresponds to the decrypted biometric information. User identification information can be identified (or extracted) from a predetermined storage medium.

15A and 15B illustrate a method of decrypting encrypted biometric information received from the biometric information management server 1100 by the key exchange method according to an embodiment of the present invention.

In more detail, FIGS. 15A and 15B illustrate the encrypted fingerprint information in the biometric information management server 1100 that receives the encrypted fingerprint information from the payment terminal 400 having the encryption function as shown in FIG. 5 through the server. The present invention relates to a method of decrypting by a key exchange method, and if the present invention belongs to a general knowledge, referring to and / or modified with reference to the Figure 15 to the key exchange method in the payment terminal 400 Various implementation methods for decrypting the encrypted payment means information in the biometric information management server 1100 by the same key exchange method may be inferred, but the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to the implemented method.

In FIG. 15 according to an embodiment of the present invention, the server-side private key and the payment terminal 400-side public key for decrypting the encrypted fingerprint information by a key exchange method are provided in the biometric information management server 1100 or It is preferable to read from a storage medium provided in a predetermined key management server or the like, and the present invention is not limited thereto.

15A and 15B, when the encrypted fingerprint information is received and transmitted through the information receiver 1105 of the biometric information management server 1100 (1500), the encrypted fingerprint information is decrypted by the decryption unit 1110. (1505), the fingerprint information encrypted with the secret key includes a copy of a certificate including the message digest encrypted with the private key of the payment terminal 400 and the public key of the payment terminal 400, and the server. It is preferable to include the secret key encrypted with the side public key.

Subsequently, the decryption unit 1110 is configured to store the server-side private key from a storage medium provided in the biometric information management server 1100 or provided in a predetermined key management server to decrypt the secret key encrypted with the server-side public key. Extraction (1510) and decrypting the secret key through the server-side private key (1515), the message digest encrypted with the fingerprint information and the private terminal by the payment terminal 400 and the payment terminal 400 are disclosed. The secret key for decrypting a copy of the certificate containing the key is extracted (1520).

Here, the decryption function of the decryption unit 1110 is called D (Decryption), the server side private key is s2 (server side key), the secret key encrypted with the server side public key is C (Ciphertext), and the When the secret key decrypted with the server-side private key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 1110 is "Ds2 = r, or Ds2 (Es1 (r)) = r". Can be expressed as an expression such as "

According to an embodiment of the present invention, the decryption unit 1110 decrypts a secret key encrypted with the server-side public key in the payment terminal 400 through the server-side private key, RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it can be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 400, the invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 1110 may be expressed as" P = Ds2 = Cd mod n ".

When the secret key is extracted as described above, the decryption unit 1110 uses the extracted secret key and the message digest and the payment terminal 400 side encrypted with the fingerprint information and the payment terminal 400 side. By decrypting a copy of the certificate including the public key (1525), the fingerprint information encrypted with the secret key and the message digest encrypted with the private key on the payment terminal 400 side and the public key on the payment terminal 400 side. Extract a copy of the certificate.

Here, the decryption function of the decryption unit 1110 is called D (Decryption), and the secret key is encrypted with r (random secret key), fingerprint information encrypted with the secret key, and the private terminal of the payment terminal 400 side. A copy of a certificate including a message digest and a public key of the payment terminal 400 is C (Ciphertext), and the message digest and the payment terminal 400 encrypted with the decrypted fingerprint information and the private key of the payment terminal 400. When the copy of the certificate including the public key is called P (Plaintext), the decryption unit 1110 may encrypt the message digest and the payment terminal 400 encrypted with the encrypted fingerprint information and the payment terminal 400 side private key. The function of decrypting the copy of the certificate including the public key can be expressed by an expression such as "Dr = P, or Dr (Er (P)) = P".

According to the exemplary embodiment of the present invention, the decryption unit 1110 is encrypted with the encrypted fingerprint information and the private key of the payment terminal 400 through the secret key and the public key of the payment terminal 400. Algorithm for decrypting the copy of the certificate, including, is preferably made of at least one or more of SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data Encryption Algorithm (IDEA), in addition to various forms of decryption An algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the payment terminal 400, and the present invention is not limited to a specific decryption algorithm.

In addition, the decryption unit 1110 decodes the message digest encrypted with the private key of the payment terminal 400 through the public key of the payment terminal 400 (1530), and thus, the fingerprint in the payment terminal 400. The message digest generated and transmitted from the information is extracted (1535).

Here, the decryption function of the decryption unit 1110 is called D (Decryption), and the message digest encrypted with the terminal side key (t2) of the payment terminal 400 and the private key of the payment terminal 400 is If the message digest decrypted with C (Ciphertext) and the payment terminal 400 side public key is m (Message Digest), the function of decrypting the encrypted message digest by the decryption unit 1110 is "Dt2 = m," Or Dt2 (Es1 (r)) = m ".

According to an embodiment of the present invention, an algorithm for decrypting the message digest encrypted by the decryption unit 1110 with the private key of the payment terminal 400 from the payment terminal 400 through the public key of the payment terminal 400 may include: , At least one of RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. In addition to the above, various types of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 400, and the present invention is not limited to a specific decryption algorithm.

For example, when decrypting the message digest through the RSA decryption algorithm of the public key-based decryption algorithm, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", where the decoding function of the decoder 1110 may be expressed as" P = Dt2 = Cd mod n ".

Thereafter, the decoder 1110 generates a predetermined message digest using the same one-way hash function with the received fingerprint information (1540), and then generates the generated message digest and the decrypted message. By comparing the digest (1545), the validity of the received fingerprint information may be confirmed.

If the generated message digest and the decrypted message digest coincide with each other (1550), the decryption unit 1110 may transfer the fingerprint information to the information confirming unit 1120, and the information confirming unit 1120 User identification information corresponding to the decrypted biometric information may be identified (or extracted) from a predetermined storage medium.

FIG. 16 is a diagram illustrating a functional configuration of a card company server 1600 according to an exemplary embodiment of the present invention.

In more detail, FIG. 16 is connected to a server shown in FIG. 10 by a predetermined network (eg, a payment network), and the payment approval request details and the user's unique identification information (eg, name, social security number, Insurance number, driver's license number, financial transaction instrument information, etc.), check the user card information from the payment approval request details, query the card user information associated with the confirmed card information, the user unique identification As a method of implementing a card company server 1600 that performs identity verification for the card user by checking whether the information corresponds to the inquired card user information, a person having ordinary knowledge in the technical field to which the present invention belongs. User identification information and the card transmitted from the server by referring to and / or modifying the drawing 16. By comparing the user information stored in the user information (customer information) DB (or storage medium), it is possible to infer the configuration of a variety of card company server 1600 for authenticating the card user, the present invention provides all the inference method It is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 16 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 16, the card company server 1600 may include a receiver 1605, a reader 1610, a specialized processor 1615, a user authenticator 1620, a limit checker 1630, and information storage. It may be configured to include a unit 1625, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 1605 receives the payment approval request details and the user identification information of a predetermined card user from the server shown in FIG. 10, and reads the received payment approval request details and the user identification information. Transfer to section 1610.

The reading unit 1610 reads the payment approval request details and confirms user card information when the payment approval request details received through the receiving unit 1605 and the user unique identification information are delivered, and confirms the user card information. Card information and payment approval request details (for example, payment amount, etc.) are transmitted to the limit check unit 1630, and the card information and the user unique identification information are transmitted to the user authentication unit 1620. do.

The limit checking unit 1630 checks the payment limit information corresponding to the card information when the user card information and payment approval request details (for example, payment amount) are transmitted through the reading unit 1610, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is transmitted to the specialized processing unit 1615, and the determination result is transmitted to the information storage unit 1625 and the card company DB (or storage). Media).

When the user card information and the user unique identification information are transmitted through the reader 1610, the user authentication unit 1620 confirms user information corresponding to the user card information, and checks the identified user information and the user information. And comparing the user identification information, and performing the user authentication. The user authentication result is transmitted to the specialized processor 1615 and the user authentication result is transmitted to the information storage 1625. The card company DB (or storage medium) to be stored.

The expert processing unit 1615 includes the transmitted details when the user authentication result is delivered through the user authentication unit 1620, and the settlement result of the payment is determined through the limit checking unit 1630. Comprising a payment approval response history characterized in that the transmission to the server.

17 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

More specifically, the process shown in FIG. 17 is characterized in that performed on the user authentication information processing system shown in FIG. 3, and includes a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.) In step 400, the biometric information input from the card user is encrypted, and the full payment approval request message including the encrypted biometric information, the user card information, and the payment information (eg, the payment amount) is networked (eg, a VAN). When the server transmits the encrypted biometric information to the predetermined biometric information management server 1100, the server transmits the encrypted biometric information to the server (eg, a VAN company server). , Identification number, insurance number, driver's license number, financial transaction means information, etc.), and the encrypted biometric information in the biometric information management server 1100 Decrypts the user identification information corresponding to the biometric information and transmits the identified user identification information to the server, the server identifies the identified user identification information and the payment approval request message; An embodiment of the present invention is a method for transmitting the card user's identity through the user's unique identification information transmitted from the card company server 1600 to the card company server 1600 corresponding to the user card. Those skilled in the art will be able to infer various user authentication information processing procedures by referring to and / or modifying the drawing 17, but the present invention includes all the implementation methods inferred from the embodiment shown in the drawing 17 It is not limited to the method.

According to the user authentication information processing shown in FIG. 17, the payment terminal 400 shown in FIG. 4 reads card information from a user card, checks payment information input through a predetermined key input means (1700). In step 1702, the user waits for input of the user fingerprint information through a predetermined fingerprint input means.

When the fingerprint information of the card user is input (1704), the payment terminal 400 generates a payment approval request message including card information and payment information (1706), and the input user fingerprint information is described with reference to FIGS. Encrypt as shown in Figure 9 (1708).

The encryption process of the fingerprint information will be described with reference to the contents described with reference to FIGS. 6 to 9, and detailed description of the fingerprint information encryption process will be omitted in FIG. 17.

The payment terminal 400 transmits the generated payment approval request message and the encrypted user fingerprint information to a server on a network (1710), and the server transmits the encrypted user fingerprint information transmitted from the payment terminal 400. The biometric information management server 1100 transmits a request for user identification information corresponding to the fingerprint information (1712).

In addition, the biometric information management server 1100 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 12 to 15 corresponding to the encryption method of the payment terminal 400 (1714). ).

The decryption process of the encrypted fingerprint information will be described with reference to the contents described with reference to FIGS. 12 to 15, and detailed description thereof will be omitted in FIG. 17.

When the encrypted fingerprint information is decrypted, the biometric information management server 1100 identifies a user uniquely corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 1100). Check the code (1716).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (1718), the biometric information management server 1100 transmits the verified unique identification code to the server (1720), while the If the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 1100 may notify the server that there is no corresponding identification code (1722).

When the server receives user identification information corresponding to the encrypted fingerprint information from the biometric information management server 1100 (1724), the server reads the payment approval request message from the payment terminal 400 and corresponds to the user card. Check the card company information (1726), and transmits the user identification information and the payment approval request details to the confirmed card company server 1600 (1728).

Then, the card company server 1600 reads the received payment approval request details to check the payment amount and card information (1730), and to query the payment limit corresponding to the confirmed card information to pay for the payment amount It is determined whether or not (1732).

In addition, the card company server 1600 checks user information corresponding to the card information, and compares the identified user information with user unique identification information to perform user authentication whether the card user is the actual card owner (1734).

Thereafter, the card company server 1600 transmits a payment approval response including the user authentication result and the payment availability result to the server (1736), and the server reads the received payment approval response, The user authentication result is checked (1738).

If the card user and the card owner are the same, and user authentication has been successfully performed (1740), the server stores the sales slip including the payment approval details and the encrypted fingerprint information in a storage medium in association with the card user. In operation 1744, the full payment approval response message including the payment approval history is transmitted to the payment terminal 400.

On the other hand, if the card user and the card owner is not the same, so that the user authentication fails, the server transmits the full text of the payment approval response to the payment terminal 400 without storing the encrypted fingerprint information ( 1746).

18 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 18 encrypts biometric information input from a card user in a payment terminal equipped with predetermined biometric information input means (for example, fingerprint recognition means, etc.), and encrypts the encrypted biometric information and the user card information. And a payment approval request message including payment information (e.g., payment amount) to a server (e.g., a VAN company server, etc.) on a network (e.g., a VAN company), the server transmits to the predetermined biometric information management server. Transmitting encrypted biometric information and card information, decrypting the encrypted biometric information at the biometric information management server, confirming user unique identification information corresponding to the biometric information, and checking the identified user unique identification information on the card. When transmitting to the card company server corresponding to the information, the card company server through the user identification information and the card information transmitted through the As an implementation method for a system configuration for performing user authentication, a person having ordinary knowledge in the technical field to which the present invention pertains can refer to and / or modify this figure 18 to infer various user authentication information processing system configurations. As will be appreciated, the present invention includes all implementation methods inferred from the above, and is not limited to the implementation method shown in FIG.

Referring to FIG. 18, a user authentication information processing system according to another embodiment of the present invention includes a network in which a payment terminal, a server (eg, a VAN company server, etc.), a biometric information management server, and a card company server (or a financial company server) are predetermined. Characterized in that connected through.

The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. Obtaining the biometric information, encrypting the obtained user biometric information, constructing a full payment approval request message including card information (eg, credit card number, etc.) read from the user card and predetermined payment information, The payment approval request text and the encrypted user biometric information is characterized in that it is provided in at least one or more merchants that transmit to the server on the network.

The server is connected to the payment terminal through a predetermined network (eg, a VAN). When the payment approval request message and the encrypted user biometric information are received from the payment terminal, the payment approval request message is read. Confirming the user card information, transmitting the confirmed user card information and the received encrypted biometric information to a predetermined biometric information management server, and the card company server corresponding to the payment approval request details. It characterized in that the transmission to.

The biometric information management server is connected to the server through a predetermined network, receives the encrypted user biometric information and the user card information from the server, decrypts the received encrypted user biometric information, And identifying the user unique identification information corresponding to the decrypted user biometric information, and transmitting the identified user unique identification information to a card company server corresponding to the user card information.

Here, the biometric information management server is linked to the biometric information registration server shown in FIG. 1 or has a storage medium shown in FIG. 1, and in the present invention, the biometric information registration and Although the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the management, it is noted that the biometric information registration server and the biometric information management server may be the same server or may be provided at the same institution. .

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., payment network, etc.), and receives payment approval request details from the server. When the user identification information (eg, name, resident registration number, insurance number, driver's license number, financial transaction means information, etc.) is received from the biometric information management server, the received user card information is checked and the confirmed card information Querying the user information associated with the card, and confirming that the user's unique identification information corresponds to the inquired card user information, performing identity verification for the card user, and providing the card user identity verification result to the server. Characterized in that.

19 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

In more detail, FIG. 19 is connected to the payment terminal shown in FIG. 4 through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal. Reading the received payment approval request message, confirming user card information included in the full payment approval request message, and transmitting the checked user card information and the encrypted biometric information to a predetermined biometric information management server; And a server (eg, a VAN company server) configured to transmit the payment approval request details to a card company server corresponding to the confirmed card information and to receive the payment approval response details and user authentication results from the card company server. As a method for implementing the present invention, those skilled in the art may refer to and / or refer to the present invention 19. In other words, various server configurations for transmitting the encrypted biometric information and user card information to a predetermined biometric information management server may be inferred, but the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to implementation method.

In addition, although the server illustrated in FIG. 19 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 19, the server includes a receiver 1905, a reader 1910, a specialized processor 1915, an approval requester 1920, an information transmitter 1935, and a sales information processor 1925. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 1905 is a full payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. And receiving encrypted fingerprint information of the user input through the payment terminal, transferring the received payment approval request message to the reader 1910, and transmitting the encrypted fingerprint information to the information transmitter 1935. To pass.

When the payment unit 1910 receives the payment approval request text received through the receiving unit 1905, the read approval message is read and user card information (eg, a credit card) included in the payment approval request message is read. Number, etc.), and the card company information corresponding to the confirmed card information, and then the confirmed card company information and the payment approval request details are transmitted to the approval request unit 1920. The card company information is transmitted to the information transmitter 1935.

When the encrypted fingerprint information received through the receiving unit 1905 is transmitted, and the user card information is transmitted through the reading unit 1910, the information transmitting unit 1935 stores the encrypted fingerprint information and the card information. Transfer to the biometric information management server shown in FIG.

The approval request unit 1920, when the payment approval request details and the card company information are transmitted through the reading unit 1910, transmits the payment approval request details to the card company server to request the approval of the payment. Receive a payment approval response and a user authentication response to the payment approval request from the card company server.

The specialized processing unit 1915 receives the payment approval response received through the approval request unit 1920, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send. In this case, the full text of the payment approval response may include the payment approval processing details and the user authentication details.

When the information processing unit receives a payment approval response and a user authentication response for the payment approval request from the card company server through the approval request unit 1920, the sales slip including the payment approval details according to the response result. In this configuration, the encrypted fingerprint information is processed in association with the information storage unit 1930 to store in a predetermined storage medium.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The information storage unit 1930 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

20 is a diagram illustrating a functional configuration of the biometric information management server 2000 according to another exemplary embodiment of the present invention.

More specifically, FIG. 20 is connected to a server shown in FIG. 19 through a predetermined network (eg, a VAN), and receives encrypted user biometric information and the user card information from the server. A biometric that decrypts the received encrypted user biometric information, identifies user unique identification information corresponding to the decrypted user biometric information, and transmits the identified user unique identification information to a card company server corresponding to the user card information As an implementation method for the configuration of the information management server 2000, a person having ordinary knowledge in the technical field to which the present invention belongs, the user biometric information by decrypting the encrypted biometric information by referring to and / or modifying this figure 20 Although various server configurations may be inferred for identifying user-specific identification information corresponding to the present invention, It includes all embodiments estimation method, not limited to the exemplary method shown in the figure 20.

In addition, although the server illustrated in FIG. 20 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 20, the biometric information management server 2000 may include an information receiver 2005, a decoder 2010, an information transmitter 2015, and an information checker 2020. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 2005 receives predetermined encrypted user biometric information and the user card information from the server shown in FIG. 19, and transmits the received encrypted biometric information to the decryption unit 2010. The received user card information is transferred to the information transmitter 2015.

When the encrypted biometric information received through the information receiver 2005 is transmitted, the decryption unit 2010 decrypts the encrypted biometric information. 2020).

An encrypted biometric information decryption process of the decryption unit 2010 will be described with reference to FIGS. 12 to 15, and a detailed description thereof will be omitted in FIG. 20.

When the encrypted biometric information is decrypted by the decryption unit 2010, the information checking unit 2020 confirms (or extracts) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 2015.

The information transmitting unit 2015 checks (or extracts) unique user identification information corresponding to the biometric information through the information checking unit 2020, and transmits the user card information from the information receiving unit 2005. When delivered, the user identification information is transmitted to a card company server corresponding to the user card information.

21 is a diagram showing the functional configuration of a card company server 2100 according to another embodiment of the present invention.

More specifically, FIG. 21 is connected to a server shown in FIG. 19 by a predetermined network (eg, a payment network, etc.), and also to a biometric information management server 2000 shown in FIG. 20 by a predetermined network. Characterized in that the connection, and when the user's unique identification information (for example, name, resident registration number, insurance number, driver's license number, financial transaction means information, etc.) and card information is received from the biometric information management server 2000, As a method for implementing a card company server 2100 that performs identity verification for the card user by checking card user information associated with the information and confirming that the user unique identification information corresponds to the inquired card user information. For those skilled in the art to which the present invention pertains, a reference to and / or modification of this figure 21 is transmitted from the server. By comparing the user identification information and the user information stored in the card company DB (or storage medium), it is possible to infer the configuration of the various card company server 2100 for authenticating the card user, the present invention is all inferred implementation method It includes, and is not limited to the embodiment shown in FIG.

In addition, although the card company server 2100 illustrated in FIG. 21 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively. At least one or more functional components included in 2100 may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system illustrated in FIG. 18.

Referring to FIG. 21, the card company server 2100 includes a receiving unit 2105, a reading unit 2110, a specialized processing unit 2115, a user authentication unit 2120, a limit checking unit 2130, and information storage. It may be configured to include a unit 2125, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 2105 receives the payment approval request details of a predetermined card user from the server shown in FIG. 19 and transfers the received payment approval request details to the reading unit 2110.

The receiving unit 2105 may receive the user unique identification information and the card information from the biometric information management server 2000 shown in FIG. 20. The received user unique identification information and the user card information may be received. It is transmitted to the user authentication unit 2120.

The reading unit 2110 reads the payment approval request history when the payment approval request details received through the receiving unit 2105 are delivered, confirms user card information, and confirms the confirmed card information and payment approval request. The details (eg, payment amount, etc.) are transmitted to the limit checker 2130.

When the user card information and payment approval request details (for example, payment amount, etc.) are transferred through the reading unit 2110, the limit check unit 2130 checks payment limit information corresponding to the card information. Determining whether payment of the payment amount included in the payment approval request details is possible; and delivering the determination result to the specialized processing unit 2115, and also transferring the determination result to the information storage unit 2125, wherein the card company DB (or Storage medium).

When the user card information and the user unique identification information are transmitted through the receiving unit 2105, the user authentication unit 2120 confirms user information corresponding to the user card information, and checks the identified user information and the user. Characterized by comparing the unique identification information, characterized in that for performing the user authentication, the user authentication result is delivered to the specialized processing unit 2115, and also passes the user authentication result to the information storage unit 2125 to the Store in the card company DB (or storage medium).

The professional processing unit 2115 includes the transmitted details when the user authentication result is delivered through the user authentication unit 2120 and the settlement result of the settlement is determined through the limit checking unit 2130. Comprising a payment approval response history characterized in that the transmission to the server.

22 is a diagram illustrating a process of processing user authentication information according to another embodiment of the present invention.

More specifically, the process shown in FIG. 22 is performed on the user authentication information processing system shown in FIG. 18, and in a payment terminal equipped with a predetermined biometric information input means (eg, fingerprint recognition means, etc.). A server on a network (for example, a VAN) encrypts biometric information input from a card user, and transmits a payment approval request message including the encrypted biometric information and the user card information and payment information (for example, a payment amount). For example, when the server is transmitted to a VAN company, etc., the server confirms user card information included in the full payment approval request message, and transmits the encrypted biometric information and the user card information to a predetermined biometric information management server 2000. When the biometric information management server 2000 decrypts the encrypted biometric information, the user unique identification information corresponding to the biometric information is displayed. When the identification and identification information are transmitted to the card company server 2100 corresponding to the user card information, the card company server 2100 may identify the user information and the user unique identification corresponding to the transmitted user card information. As an implementation method of performing the user identification by comparing information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.), a person having ordinary knowledge in the technical field to which the present invention belongs. Although various user authentication information processing processes may be inferred by referring to and / or modifying the drawing 22, the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in the drawing 22.

According to the user authentication information processing shown in FIG. 22, the payment terminal shown in FIG. 4 reads card information from the user card, checks payment information input through a predetermined key input means (2200), and The user waits for the user's fingerprint information input through the fingerprint input means (2202).

When the fingerprint information of the card user is input (2204), the payment terminal generates a payment approval request text including card information and payment information (2206), and inputs the input user fingerprint information in FIGS. 6 to 9. Encrypt as shown (2208).

The encryption process of the fingerprint information will be described with reference to the contents described with reference to FIGS. 6 to 9. In FIG. 22, a detailed description of the fingerprint information encryption process will be omitted.

The payment terminal transmits the generated payment approval request message and the encrypted user fingerprint information to a server (eg, a VAN company server, etc.) on a network (2210), and the server reads the payment approval request message from the payment terminal. In operation 2212, the user card information included in the full payment approval request message is checked and the confirmed user card information and the encrypted user fingerprint information are transmitted to the biometric information management server 2000 shown in FIG. 20. .

Then, the biometric information management server 2000 receives the user card information and the encrypted user fingerprint information from the server, and the received encrypted fingerprint information corresponding to the encryption method of the payment terminal 12 to 12 Decryption is performed through a decoding process as shown in FIG. 15 (2214).

The decryption process of the encrypted fingerprint information will be described with reference to the contents described with reference to FIGS. 12 to 15, and detailed description thereof will be omitted in FIG. 22.

When the encrypted fingerprint information is decrypted, the biometric information management server 2000 identifies a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 2000). Check the code (2216).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (2218), the biometric information management server 2000 sends the identified unique identification code to the card company server 2100 corresponding to the user card information. If the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 2000 transmits the corresponding unique identification code to the server (or card company server 2100). It may be notified (2222).

The card company server 2100 receives user identification information corresponding to the encrypted fingerprint information and the user card information from the biometric information management server 2000 (2224), and confirms user information corresponding to the card information. In operation 2226, the card user is authenticated by comparing the identified user information with user unique identification information.

In addition, the card company server 2100 receives the payment approval request details from the server (2228), and reads the received payment approval request details to confirm the payment amount and card information (2230), the confirmed card information The payment limit corresponding to the query is queried to determine whether payment is possible for the payment amount (2232).

Thereafter, the card company server 2100 transmits a payment approval response including the user authentication result and the payment determination result to the server (2234), and the server reads the received payment approval response to the user. The authentication result is confirmed (2236).

If the card user and the card owner are the same, and user authentication is successfully performed (2238), the server stores the sales slip including the payment approval history and the encrypted fingerprint information in a storage medium in association with the card user. In operation 2240, the payment approval response message including the payment approval history is transmitted to the payment terminal (2242).

On the other hand, if the card user and the card owner is not the same, and the user authentication fails, the server transmits the full text of the payment approval response to the payment terminal without storing the encrypted fingerprint information (2244).

23 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 23 encrypts biometric information input from a card user in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.), and encrypts the encrypted biometric information and the user card information. And a payment approval request message including payment information (e.g., payment amount) to a server (e.g., a VAN company server, etc.) on a network (e.g., VAN company), the server transmits the predetermined bioinformation management server. Transmitting encrypted biometric information and the payment approval request details, decrypting the encrypted biometric information at the biometric information management server, confirming user unique identification information corresponding to the biometric information, and identifying the identified user unique identification information. And transmitting the payment approval request details to a card company server corresponding to the user card information included in the payment approval request details. The card company server confirms the card information included in the transmitted payment approval history, performs the user identification using the confirmed card information and the user unique identification information, and further includes payment included in the payment approval history. As an implementation method for a system configuration for confirming whether or not the card payment is possible by confirming information (for example, a payment amount, etc.), a person having ordinary knowledge in the technical field to which the present invention belongs may refer to FIG. 23 and / or Or it may be modified to infer a variety of user authentication information processing system configuration, but the present invention includes all the implementation method inferred, and is not limited to the implementation method shown in FIG.

Referring to FIG. 23, a user authentication information processing system according to another embodiment of the present invention includes a network in which a payment terminal, a server (for example, a VAN company server, etc.), a biometric information management server, and a card company server (or a financial company server) are predetermined. Characterized in that connected through.

The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. Obtaining the biometric information, encrypting the obtained user biometric information, constructing a full payment approval request message including card information (eg, a credit card number, etc.) read out from the user card and predetermined payment information; The payment approval request text and the encrypted user biometric information is characterized in that it is provided in at least one or more merchants that transmit to the server on the network.

The server is connected to the payment terminal through a predetermined network (eg, a VAN). When the payment approval request message and the encrypted user biometric information are received from the payment terminal, the payment approval request message is read. The method may include verifying payment approval request details included in the full payment approval request message and transmitting the payment approval request details and the encrypted user biometric information to a predetermined biometric information management server.

The biometric information management server is connected to the server through a predetermined network, receives the encrypted user biometric information and the payment approval request history from the server, and decrypts the received encrypted user biometric information. And identifying the user unique identification information corresponding to the decrypted user biometric information, and transmitting the identified user unique identification information and the payment approval request history to a card company server corresponding to the user card information.

Here, the biometric information management server is linked to the biometric information registration server shown in Figure 1, or characterized in that it comprises a storage medium shown in Figure 1, in the present invention, registration and management of biometric information In order to more effectively explain the biometric information registration server and the biometric information management server separately, it is noted that the biometric information registration server and the biometric information management server may be provided at the same server or at the same institution.

The card company server (or financial company server) is connected to the server through a predetermined network (eg, payment network, etc.), and the user identification information (eg, name, resident registration number, insurance number, driver's license) from the biometric information management server. Number, financial transaction information, etc.) and the payment approval request details, check the card information included in the received payment approval request details, and query the card user information associated with the confirmed card information, By confirming whether the received user unique identification information corresponds to the inquired card user information, identity authentication is performed on the card user, and the card user identity authentication result is provided to the server.

In addition, the card company server checks the payment amount information included in the payment approval request history, and checks the payment limit corresponding to the card information, characterized in that it is possible to provide the server to check the card payment availability. .

24 is a diagram showing the configuration of a server function according to another embodiment of the present invention.

More specifically, FIG. 24 is connected to the payment terminal shown in FIG. 4 through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal. Read the received payment approval request text, confirm the payment approval request details, and transmit the checked payment approval request details and the encrypted biometric information to a predetermined biometric information management server, and from the card company server, As an implementation method for configuring a server (for example, a VAN company server) on a network that receives payment approval response details and user authentication results, the person of ordinary skill in the art to which the present invention belongs will refer to FIG. And / or modify and transmit various encrypted biometric information and payment approval request details to a predetermined biometric information management server. Sex may be inferred, but the present invention includes all implementation methods inferred above and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 24 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 24, the server includes a receiver 2405, a reader 2410, a specialized processor 2415, an approval response unit 2420, an information transmitter 2435, and a sales information processor 2425. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 2405 is a full payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. 4. And receiving encrypted fingerprint information of the user input through the payment terminal, transferring the received payment approval request message to the reading unit 2410, and transmitting the encrypted fingerprint information to the information transmitting unit 2435. To pass.

When the payment approval request message received through the reception unit 2405 is delivered, the reading unit 2410 reads the payment approval request message and stores user card information (eg, a credit card) included in the payment approval request message. Number, etc.), payment amount, payment merchant, payment terminal, etc., and confirms the payment approval request details, and transmits the confirmed payment approval request details to the information transmission unit 2435.

When the encrypted fingerprint information received through the receiving unit 2405 is transmitted and the payment approval request details are transmitted through the reading unit 2410, the information transmitting unit 2435 transmits the encrypted fingerprint information and payment approval. The request details are transmitted to the biometric information management server shown in FIG.

The approval response unit 2420 receives a payment approval response and a user authentication response to the payment approval request from the card company server, and transmits the received payment approval response and user authentication response to the specialized processing unit 2415 and the information processing unit.

The specialized processor 2415 receives the payment approval response received through the approval request unit, configures a payment approval response message to be transmitted to the payment terminal, and transmits the configured payment approval response message to the payment terminal. In this case, the full text of the payment approval response may include the payment approval processing details and the user authentication details.

When the information processing unit receives a payment approval response and a user authentication response to the payment approval request from the card company server through the approval request unit, and forms a sales slip including the payment approval details according to the response result, The information is stored in a predetermined storage medium through the information storage unit 2430 by being associated with the encrypted fingerprint information.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The information storage unit 2430 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

FIG. 25 is a diagram illustrating a functional configuration of a biometric information management server 2500 according to another exemplary embodiment of the present invention.

More specifically, FIG. 25 is connected to a server shown in FIG. 19 through a predetermined network (for example, a VAN, etc.), and a card company server and a predetermined network (for example, a payment network, etc.) shown in FIG. And receiving predetermined encrypted user biometric information from the server and payment approval request details due to payment of the user card, decrypting the received encrypted user biometric information, and decrypting the data. The biometrics management server 2500 configured to check the user's unique identification information corresponding to the user's biometric information, and transmit the identified user's unique identification information and the payment approval request history to a card company server corresponding to the user card. As a method of implementation, those skilled in the art to which the present invention pertains may refer to and / or modify this drawing 25. By verifying the user identification information corresponding to the user biometric information by decrypting the encrypted biometric information, various server configurations for transmitting the payment approval history and the user identification information to the card company server can be inferred The present invention includes all implementation methods inferred from the above, and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 25 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the functional unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 25, the biometric information management server 2500 may include an information receiver 2505, a decoder 2510, an information transmitter 2515, and an information checker 2520. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 2505 receives predetermined encrypted user biometric information and the payment approval request history from the server illustrated in FIG. 24, and transmits the received encrypted biometric information to the decryption unit 2510. The payment approval request details are transmitted to the information transmission unit 2515.

The decryption unit 2510 decrypts the encrypted biometric information when the encrypted biometric information received through the information receiving unit 2505 is transmitted. 2520).

An encrypted biometric information decryption process of the decryption unit 2510 will be described with reference to FIGS. 12 to 15, and a detailed description thereof will be omitted.

When the encrypted biometric information is decrypted by the decryption unit 2510, the information checking unit 2520 identifies (or extracts) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmission unit 2515.

The information transmitting unit 2515 may identify (or extract) user-specific identification information corresponding to the biometric information through the information confirming unit 2520, and transfer the payment approval request details from the information receiving unit 2505. When the information is delivered, the user's unique identification information and payment approval request history are transmitted to a card company server corresponding to user card information included in the payment approval request details.

FIG. 26 is a diagram illustrating a functional configuration of a card company server 2600 according to another exemplary embodiment of the present invention.

More specifically, FIG. 26 is connected to the biometric information management server 2500 shown in FIG. 25 by a predetermined network (eg, a payment network), and the user unique identification information from the biometric information management server 2500. (E.g., name, resident registration number, insurance number, driver's license number, financial transaction information, etc.) and payment approval request details are received, the card user information associated with the card information included in the payment approval request details is inquired, By confirming whether the received unique user identification information corresponds to the inquired card user information, perform identity verification for the card user, and transmit a payment approval response to the payment approval request details and the user authentication result to the server. As an implementation method for the configuration of the card company server 2600, the person having ordinary knowledge in the art to which the present invention pertains, Various card company server 2600 configurations for authenticating the card user by comparing user unique identification information transmitted from the server with reference to FIG. 26 and / or modified user information stored in the card company DB (or storage medium) are described. It may be inferred, but the present invention includes all implementation methods inferred from the above, and is not limited to the implementation method shown in FIG.

In addition, although the card company server 2600 illustrated in FIG. 26 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively. At least one functional component included in 2600 specifies that it may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 26, the card company server 2600 includes a receiving unit 2605, a reading unit 2610, a specialized processing unit 2615, a user authentication unit 2620, a limit checking unit 2630, and information storage. It may be configured to include a part 2625, it may be possible to add a predetermined functional configuration within the scope of the present invention.

In addition, the receiving unit 2605 may receive the user unique identification information and payment approval request details from the biometric information management server 2500 illustrated in FIG. 25, and the received user unique identification information may be received by the user. The authentication unit 2620 transmits the received payment approval request history to the reading unit 2610.

The reading unit 2610, when the payment approval request history received through the receiving unit 2605 is delivered, reads the payment approval request details, checks the user card information, the confirmed card information and payment approval request The details (eg, payment amount, etc.) are transmitted to the limit check unit 2630.

The limit checking unit 2630 checks the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 2610, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is transmitted to the specialized processor 2615, and the decision result is transmitted to the information storage unit 2625, whereby the card company DB is stored (or stored). Media).

The user authentication unit 2620 checks user information corresponding to the user card information when the payment approval request history and the user unique identification information are transmitted through the receiving unit 2605, and the confirmed user information and The user authentication is performed by comparing the user unique identification information, and the user authentication result is transmitted to the specialized processing unit 2615, and the user authentication result is transmitted to the information storage unit 2625. To store in the card company DB (or storage medium).

The professional processing unit 2615 includes the transmitted details when the user authentication result is transmitted through the user authentication unit 2620 and the settlement result of the settlement is determined through the limit checking unit 2630. Comprising a payment approval response history characterized in that the transmission to the server.

27 is a diagram showing a user authentication information processing procedure according to another embodiment of the present invention.

More specifically, the user authentication information processing shown in FIG. 27 is performed on the user authentication information processing system shown in FIG. 23, and predetermined biometric information input means (for example, fingerprint recognition means, etc.) is provided. The payment terminal encrypts the biometric information input from the card user, and completes a payment approval request message including the encrypted biometric information and the user card information and the payment information (eg, payment amount). When the transmission is sent to a server (eg, a VAN company server), the server reads the payment approval request text, and the payment approval request details and the encrypted biometric information are transmitted to a predetermined biometric information management server 2500. When transmitting, the biometric information management server 2500 decrypts the encrypted biometric information to identify a user's unique identification corresponding to the biometric information. Confirming the information, and transmitting the confirmed user unique identification information and the payment approval request history to the card company server 2600 corresponding to the user card information, the card company server 2600 corresponding to the transmitted user card information. In the technical field to which the present invention belongs, an implementation method of performing the user identity authentication by comparing user information with the user's unique identification information (for example, name, social security number, insurance number, driver's license number, financial transaction means information, etc.). Those skilled in the art will be able to infer various user authentication information processing procedures by referring to and / or modifying the drawing 27, but the present invention includes all the inferred implementation methods, as shown in the drawing 27 It is not limited to implementation method.

According to the user authentication information processing shown in FIG. 27, the payment terminal shown in FIG. 4 reads card information from the user card, checks payment information input through a predetermined key input means (2700), and The user waits for input of the user fingerprint information through the fingerprint input means (2702).

When the fingerprint information of the card user is input (2704), the payment terminal generates a payment approval request text including card information and payment information (2706), and the input user fingerprint information is stored in FIGS. 6 to 9. Encrypt as shown (2708).

The encryption process of the fingerprint information will be described with reference to the contents described with reference to FIGS. 6 to 9, and a detailed description of the fingerprint information encryption process will be omitted in FIG. 27.

The payment terminal transmits the generated payment approval request message and the encrypted user fingerprint information to a server (eg, a VAN company server, etc.) on a network (2710), and the server reads the payment approval request message from the payment terminal. By checking the payment approval request details contained in the full payment approval request, and transmitting the confirmed payment approval request details and the encrypted user fingerprint information to the biometric information management server 2500 shown in FIG. 25 ( 2712).

Then, the biometric information management server 2500 receives the payment approval request details and the encrypted user fingerprint information from the server, and converts the received encrypted fingerprint information into the encryption method of the payment terminal. Or it decodes through a decoding process as shown in FIG. 15 (2714).

The decryption process of the encrypted fingerprint information will be described with reference to the contents described with reference to FIGS. 12 to 15, and detailed description thereof will be omitted in FIG. 27.

When the encrypted fingerprint information is decrypted, the biometric information management server 2500 identifies a user uniquely corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 2500). Verify the information (2716).

If the user identification information corresponding to the decrypted fingerprint information is confirmed (2718), the biometric information management server 2500 corresponds to the user identification information and the identification information and the payment approval request details If the user's unique identification information corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 2500 is sent to the server (or the card company server 2600). The corresponding unique identification information may be notified (2722).

When the card company server 2600 receives the user unique identification information and the user payment approval request details corresponding to the encrypted fingerprint information from the biometric information management server 2500 (2724), the received payment approval request details are read. The payment amount and the card information are checked (2726), and the payment limit corresponding to the confirmed card information is inquired to determine whether the payment is possible for the payment amount (2728).

In addition, the card company server 2600 checks user information corresponding to the card information, and compares the identified user information with user unique identification information to perform user authentication whether a card user is a real card owner (2730).

Thereafter, the card company server 2600 transmits a payment approval response including the user authentication result and the payment determination result to the server (2732), and the server reads the received payment approval response to the user. The authentication result is confirmed (2734).

If the card user and the card owner are the same, and user authentication has been successfully performed (2736), the server stores the sales slip including the payment authorization and the encrypted fingerprint information in a storage medium in association with the card user. In operation 2740, the payment approval response message including the payment approval history is transmitted to the payment terminal.

On the other hand, if the card user and the card owner is not the same, so that the user authentication fails, the server transmits the full text of the payment approval response to the payment terminal without storing the encrypted fingerprint information (2742).

28 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 28 encrypts biometric information input from a card user in a payment terminal equipped with a predetermined biometric information input means (eg, fingerprint recognition means, etc.), and encrypts the encrypted biometric information and the user card information. And a payment approval request message including payment information (e.g., payment amount) to a server (e.g., VAN company server, etc.) on a network (e.g., VAN company), the encrypted biometric information received from the server and The payment approval request history is transmitted to the card company server corresponding to the user card information, the card company server transmits the transmitted encrypted biometric information to a predetermined biometric information management server, the user unique identification corresponding to the biometric information When the information is requested, the biometric information management server decrypts the encrypted biometric information and corresponds to the biometric information. After confirming the unique identification information, and transmits the confirmed user unique identification information to the card company server, the card company server checks the card information included in the payment approval history, the confirmed card information and the user unique identification information As an implementation method for a system configuration for verifying whether the user can perform the user's own authentication, and also check the payment information (for example, the payment amount, etc.) included in the payment approval history and the card payment is possible, Those skilled in the art will be able to infer various user authentication information processing system configurations by referring to and / or modifying this drawing 28, but the present invention includes all the inferred implementation methods, It is not limited to the implementation method shown in FIG.

Referring to FIG. 28, in the user authentication information processing system according to another embodiment of the present invention, a payment terminal, a server (e.g., a VAN company server, etc.), a biometric information management server, and a card company server (or financial company server) establish a predetermined network. Characterized in that connected through.

The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. Obtaining the biometric information, encrypting the obtained user biometric information, constructing a full payment approval request message including card information (eg, a credit card number, etc.) read out from the user card and predetermined payment information; The payment approval request message and the encrypted user biometric information are transmitted to a server on the network, and characterized in that it is provided in at least one or more affiliated stores.

The server is connected to the payment terminal through a predetermined network (eg, a VAN). When the payment approval request message and the encrypted user biometric information are received from the payment terminal, the payment approval request message is read. Confirming card information included in the full payment approval request message and transmitting the payment approval request details and the encrypted user biometric information to a card company server corresponding to the card information.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.). When the payment approval request details and the encrypted user biometric information are received from the server, the encrypted user biometric information is received. To the biometric information management server, requesting user unique identification information (e.g., name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information, and from the biometric information management server When the user identification information corresponding to the biometric information is received, the card user authentication is performed by comparing the received user identification information with user information included in the card company DB (or storage medium), and the card user. Characterized in that the authentication results are provided to the server.

In addition, the card company server checks the payment amount information included in the payment approval request history, and checks the payment limit corresponding to the card information, characterized in that it is possible to provide the server to check the card payment availability. .

The biometric information management server is connected to the card company server through a predetermined network, receives predetermined user biometric information from the card company server, decrypts the received encrypted user biometric information, and decrypts the decrypted user. Confirming the user unique identification information corresponding to the biometric information, and transmitting the identified user unique identification information to the card company server.

Here, the biometric information management server is linked to the biometric information registration server shown in Figure 1, or characterized in that it comprises a storage medium shown in Figure 1, in the present invention, registration and management of biometric information In order to more effectively describe the biometric information registration server and the biometric information management server separately, it is noted that the biometric information registration server and the biometric information management server may be provided at the same server or at the same institution. .

29 is a diagram illustrating a server function configuration according to another embodiment of the present invention.

More specifically, FIG. 29 is connected to the payment terminal shown in FIG. 4 through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal. Reading the received payment approval request text, confirming the user card information, and transmitting the payment approval request details and the encrypted biometric information to a card company server corresponding to the confirmed card information, and from the card company server. As an implementation method for configuring a server (for example, a VAN company server) on a network that receives the payment approval response details and user authentication results, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to FIG. 29. And / or modified to transmit the encrypted user biometric information and payment approval request details to a predetermined card company server One server configuration may be inferred, but the present invention encompasses all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 29 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 29, the server includes a receiver 2905, a reader 2910, a specialized processor 2915, an approval response unit 2920, an information transmitter 2935, and a sales information processor 2925. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 2905 includes a payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. And receiving encrypted fingerprint information of the user input through the payment terminal, transferring the received payment approval request message to the reader 2910, and transmitting the encrypted fingerprint information to the information transmitter 2935. To pass.

The reading unit 2910, when the payment approval request message received through the receiving unit 2905 is delivered, reads the payment approval request message, the user card information included in the payment approval request message (for example, credit card) Number or card company information, etc.), and transmits the confirmed card information and other payment approval request details to the information transmitting unit 2935.

When the encrypted fingerprint information received through the receiving unit 2905 is transmitted and the payment approval request details are transmitted through the reading unit 2910, the information transmitting unit 2935 receives the encrypted fingerprint information and the payment approval. The request details are transmitted to the card company server shown in FIG.

The approval response unit 2920 receives a payment approval response and a user authentication response to the payment approval request from the card company server, and transmits the received payment approval response and user authentication response to the specialized processing unit 2915.

The specialized processing unit 2915 receives the payment approval response received through the approval request unit, configures a payment approval response message to be transmitted to the payment terminal, and transmits the configured payment approval response message to the payment terminal. In this case, the full text of the payment approval response may include the payment approval processing details and the user authentication details.

When the information processing unit receives a payment approval response and a user authentication response to the payment approval request from the card company server through the approval request unit, and forms a sales slip including the payment approval details according to the response result, The information is stored in a predetermined storage medium through the information storage unit 2930 by being associated with the encrypted fingerprint information.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The information storage unit 2930 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

30 is a diagram showing the functional configuration of a card company server 3000 according to another embodiment of the present invention.

More specifically, FIG. 30 is connected to a server shown in FIG. 29 by a predetermined network (eg, a payment network, etc.), and when the payment approval request details and encrypted user biometric information are received from the server, the encrypted data is encrypted. By transmitting the user biometric information to the biometric information management server shown in Figure 31 below, the user unique identification information corresponding to the biometric information (for example, name, social security number, insurance number, driver's license number, financial transaction means information, etc.) Request, and when the user identification information corresponding to the biometric information is received from the biometric information management server, by comparing the received user identification information and the user information provided in the card company DB (or storage medium), Performing a card user authentication, for the card company server (3000) configuration for providing the card user identification results to the server As an implementation method, a person having ordinary knowledge in the art to which the present invention pertains may refer to and / or modify this drawing 30 and the user identification information transmitted from the biometric information management server and the card company DB (or storage medium). By comparing the user information stored in the above, it is possible to infer the configuration of the various card company server 3000 for authenticating the card user, the present invention includes all the inferred implementation method, as shown in this embodiment 30 It is not limited.

In addition, although the card company server 3000 illustrated in FIG. 30 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively. At least one or more functional components provided at 3000 may be implemented as a server (or apparatus) or a functional means for performing a corresponding function on the user authentication information processing system illustrated in FIG. 28.

Referring to FIG. 30, the card company server 3000 includes a receiver 3005, a reader 3010, a professional processor 3015, a user authenticator 3020, a limit checker 3035, and information. It may be configured to include a storage unit 3025 and the information processing unit 3030, it may be possible to add a predetermined functional configuration within the scope of the present invention.

In addition, the receiving unit 3005 may receive the payment approval request details and the encrypted user biometric information from the server illustrated in FIG. 29, and transmit the received payment approval request details to the reading unit 3010. The received encrypted user biometric information is transmitted to the information processor 3030.

The reading unit 3010 reads the payment approval request details received through the receiving unit 3005, reads the payment approval request details, checks user card information, and confirms the confirmed card information and payment approval request. The details (eg, payment amount, etc.) are transmitted to the limit check unit 3035.

The limit checking unit 3035 checks the payment limit information corresponding to the card information when the user card information and payment approval request details (for example, payment amount) are transmitted through the reading unit 3010. It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is transferred to the specialized processing unit 3015, and the result of the determination is transferred to the information storage unit 3025 and the card company DB (or stored). Media).

When the encrypted user biometric information received through the receiver 3005 is transferred, the information processor 3030 transmits the transmitted encrypted user biometric information to the biometric information management server illustrated in FIG. 31 below. User unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction means information, etc.) corresponding to the biometric information is requested.

In addition, the information processor 3030 when the user identification information (eg, name, social security number, insurance number, driver's license number, financial transaction means information, etc.) corresponding to the biometric information is transmitted from the biometric information management server, The transmitted user unique identification information is transmitted to the user authenticator 3020.

When the user unique identification information is transmitted through the information processor 3030, the user authentication unit 3020 confirms user information corresponding to the user card information, and confirms the identified user information and the user unique identification information. By comparing the, characterized in that to perform the user authentication, the user authentication result is delivered to the specialized processing unit 3015, and also the user authentication results are delivered to the information storage unit 3025 to the card company DB ( Or storage media).

The expert processing unit 3015 includes the transmitted details when the user authentication result is transmitted through the user authentication unit 3020 and the settlement result of the payment is determined through the limit check unit 3035. Comprising a payment approval response history characterized in that the transmission to the server.

31 is a diagram showing the functional configuration of the biometric information management server 3100 according to another embodiment of the present invention.

More specifically, FIG. 31 is connected to a card company server 3000 shown in FIG. 30 through a predetermined network, receives predetermined user biometric information from the card company server 3000, and receives the received encryption. A biometric information management server 3100 configured to decrypt the user biometric information, confirm user unique identification information corresponding to the decrypted user biometric information, and transmit the identified user unique identification information to the card company server 3000. As a method for implementing the present invention, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or modify this figure 31 to decrypt the encrypted biometric information to identify the user unique identification information corresponding to the user biometric information. And to infer a variety of server configuration to transmit the identified unique user identification information to the card company server 3000 Would be, the present invention includes all embodiments in which the inference method, not limited to the exemplary method shown in the figure 31.

In addition, although the biological information management server 3100 illustrated in FIG. 31 is illustrated as including at least one or more functional components, this is only one embodiment for more effectively explaining the present invention. At least one or more functional components provided in the above may be implemented as a server (or apparatus) or a functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 31, the biometric information management server 3100 may include an information receiver 3105, a decoder 3110, an information transmitter 3120, and an information checker 3125. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiver 3105 receives encrypted user biometric information from the card company server 3000 illustrated in FIG. 30, and transmits the received encrypted biometric information to the decryption unit 3110.

The decryption unit 3110 decrypts the encrypted biometric information when the encrypted biometric information received through the information receiver 3105 is transmitted. 3125).

An encrypted biometric information decryption process of the decryption unit 3110 will be described with reference to FIGS. 12 to 15, and detailed description thereof will be omitted in FIG. 31.

When the encrypted biometric information is decrypted by the decryption unit 3110, the information checking unit 3125 checks (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 3120.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information verification unit 3125, the information transmission unit 3120 transmits the user identification information to the card company server 3000. To send.

32 is a diagram showing a user authentication information processing procedure according to another embodiment of the present invention.

More specifically, the user authentication information processing shown in FIG. 32 is performed on the user authentication information processing system shown in FIG. 28, and predetermined biometric information input means (for example, fingerprint recognition means, etc.) is provided. The payment terminal encrypts the biometric information input from the card user, and completes a payment approval request message including the encrypted biometric information and the user card information and the payment information (eg, payment amount). When the server transmits the payment approval request details and the encrypted biometric information to the card company server 3000, the card company server 3000 transmits the encrypted data. Transmitted biometric information to a predetermined biometric information management server 3100, and the biometric information management server 3100 decrypts the encrypted biometric information. By confirming the user unique identification information corresponding to the biometric information, and transmitting the identified user unique identification information to the card company server 3000, the card company server 3000, the transmitted user unique identification information (for example , Name, social security number, insurance number, driver's license number, financial transaction means information, etc.) and the card user information stored in the card company DB (or storage medium), the method of performing the user's own authentication, the present invention belongs to Those skilled in the art will be able to infer various user authentication information processing procedures by referring to and / or modifying the drawing 32, but the present invention includes all the implementation methods inferred from the drawing 32 It is not limited to the implementation method shown by.

According to the user authentication information processing shown in FIG. 32, the payment terminal shown in FIG. 4 reads card information from the user card, checks payment information input through a predetermined key input means (3200), and The user waits for input of the user fingerprint information through the fingerprint input means (3202).

When the fingerprint information of the card user is input (3204), the payment terminal generates a payment approval request text including card information and payment information (3206), and the input user fingerprint information is described with reference to FIGS. 6 to 9. Encrypt as shown at 3208.

The encryption process of the fingerprint information will be described with reference to the contents described with reference to FIGS. 6 to 9, and a detailed description of the fingerprint information encryption process will be omitted in FIG. 32.

The payment terminal transmits the generated payment approval request message and the encrypted user fingerprint information to a server (eg, a VAN company server, etc.) on the network (3210), and the server reads the payment approval request message from the payment terminal. The payment approval request details included in the full payment approval request are checked, and the confirmed payment approval request details and the encrypted user fingerprint information are transmitted to the card company server 3000 illustrated in FIG. 30 (3212). .

Then, the card company server 3000 transmits the received encrypted fingerprint information to the biometric information management server shown in FIG. 31 (3214), and the biometric information management server transmits the received encrypted fingerprint information to the payment. In response to the encryption method of the terminal, the decryption process is performed through the decryption process as shown in FIGS. 12 to 15 (3216).

The decryption process of the encrypted fingerprint information will be described with reference to the contents described with reference to FIGS. 12 to 15, and a detailed description thereof will be omitted in FIG. 32.

When the encrypted fingerprint information is decrypted, the biometric information management server 3100 identifies a user uniquely corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 3100). Verify the information (3218).

If the user identification information corresponding to the decrypted fingerprint information is confirmed (3220), the biometric information management server 3100 transmits the identified identification information to the card company server 3000 (3222), On the other hand, if the user identification information corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 3100 may notify the card company server 3000 (or server) that there is no corresponding identification information. (3224).

The user's unique identification information corresponding to the encrypted fingerprint information is received from the card company server 3000 from the biometric information management server 3100 (3226), and the payment approval request received from the server at the card company server 3000. If the payment amount and the card information are confirmed by reading the details (3228), the card company server 3000 determines whether payment is possible for the payment amount by inquiring the payment limit corresponding to the confirmed card information (3230). .

In addition, the card company server 3000 checks user information corresponding to the card information, and compares the identified user information with user unique identification information to perform user authentication whether the card user is the actual card owner (3232).

Thereafter, the card company server 3000 transmits a payment approval response including the user authentication result and the payment availability determination result to the server (3234), and the server reads the received payment approval response to the user. The authentication result is confirmed (3236).

If the card user and the card owner are the same, and user authentication is successfully performed (3238), the server stores the sales slip including the payment authorization and the encrypted fingerprint information in a storage medium in association with the card user. In operation 3240, the payment approval response message including the payment approval history is transmitted to the payment terminal (3242).

On the other hand, if the card user and the card owner is not the same, and the user authentication fails, the server transmits the full text of the payment approval response to the payment terminal without storing the encrypted fingerprint information (3244).

33 is a diagram showing a user authentication information processing system configuration according to another embodiment of the present invention.

More specifically, FIG. 33 encrypts biometric information input from a card user in a payment terminal equipped with predetermined biometric information input means (for example, fingerprint recognition means, etc.), and encrypts the encrypted biometric information and the user card information. And a payment approval request message including payment information (e.g., payment amount) to a server (e.g., a VAN company server, etc.) on a network (e.g., a VAN company), the payment approval request details are transferred to the user card information. Provided to the corresponding card company server, and when the payment approval response for the payment approval request is received from the card company server, the server constitutes a sales slip including the payment approval details, the sales slip and the encrypted user biometrics The user card included in the sales slip from the card company server after storing the information in a predetermined storage medium by linking processing information When requesting the card user confirmation by use or the like, the server confirms the requested sales slip, confirms the encrypted user biometric information associated with the sales slip, and determines the encrypted user biometric information. The biometric information management server to request confirmation of user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information, and the biometric information management server. Decodes the encrypted biometric information, confirms the user unique identification information corresponding to the biometric information, and transmits the identified user unique identification information to the server, the server identifies the identified user unique identification information Transmitting to the card company server, the user identification information transmitted from the card company server As an implementation method for a system configuration for performing a card user's own authentication, a person having ordinary knowledge in the technical field to which the present invention pertains refers to this drawing 33 and / or modified to infer various user authentication information processing system configurations. As will be appreciated, the present invention includes all implementation methods inferred above and is not limited to the implementation method shown in FIG.

A user authentication information processing system according to an embodiment of the present invention with reference to FIG. 33 is characterized in that a payment terminal, a server, a biometric information management server and a card company server (or financial company server) are connected through a predetermined network. The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. When the card user requests payment of a predetermined user, the card user may receive the biometric information through the biometric information input means. Acquiring the biometric information of the user, encrypting the obtained biometric information, and constructing a full payment approval request message including card information (eg, a credit card number) read out from the user card and predetermined payment information; At least one transfer the configured payment approval request message and the encrypted user biometric information to a server on the network. Characterized in that the merchant is provided.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal, the payment approval request from the card company server. Receiving a payment approval response corresponding to the, and stores the payment approval history and the encrypted user biometric information in association with the request from the card company server to confirm the card user (for example, card misuse, etc.) Sending the received encrypted biometric information to a predetermined biometric information management server, requesting user unique identification information corresponding to the biometric information, and transmitting the user unique identification information corresponding to the biometric information from the biometric information management server. If so, it is characterized in that for transmitting the transmitted unique user identification information to the card company server Gong.

The biometric information management server is connected to the server through a predetermined network, receives encrypted user biometric information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. Identifying the user unique identification information corresponding to the, characterized in that for transmitting the identified user unique identification information to the server.

Here, the biometric information management server may be linked with the biometric information registration server shown in FIG. 1 or may include a storage medium shown in FIG.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server for user confirmation of the card for which the user's illegal use is requested, and receiving the user's unique identification information (e.g., Name, resident registration number, insurance number, driver's license number, financial transaction information, etc.), the card user information associated with the confirmed card information is queried, and the user's unique identification information corresponds to the inquired card user information. By confirming that the identity of the card user, characterized in that to perform.

34 is a diagram showing the function of the payment terminal 3400 according to an embodiment of the present invention.

More specifically, FIG. 34 includes predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. When the card payment request of a predetermined user is requested, the card is input through the biometric information input means. Obtaining a user's biometric information, encrypting the obtained user's biometric information, and constructing a full payment approval request message including card information (eg, credit card number, etc.) read from the user card and predetermined payment information, As the embodiment of the present invention relates to a method for configuring the payment terminal 3400 provided in the at least one affiliated store that transmits the configured payment approval request message and the encrypted user biometric information to a server on the network. Those of ordinary skill in the art can refer to and / or modify this drawing 34 to encrypt the encrypted user biometrics. It is possible to infer the configuration of the various payment terminal 3400 function to transmit the information and the full text of the payment approval request to the server on the network, but the technical features of the present invention is not limited by this figure 34, all inferred It is to be understood that it includes the method of implementation.

In addition, FIG. 34 exemplifies and describes the user biometric information as fingerprint information, and it is understood that the biometric information may vary in addition to the fingerprint information described in the present invention without departing from the spirit of the present invention (for example, , Iris, retina, vein, etc.).

Referring to FIG. 34, the payment terminal 3400 basically includes a control unit 3405, a memory unit 3450, a card reader unit 3410, a key input unit 3420, a screen output unit 3415, and a fingerprint input unit ( 3455, a communication processor 3430, a print output unit 3440, and a power supply unit 3425 for supplying power to the payment terminal 3400, and at least one terminal function according to the intention of those skilled in the art. Part (eg, security application module 3435, etc.) may be further included.

The control unit 3405 controls the overall operation of the payment terminal 3400 shown in the functional configuration, manages the flow of information or data between each component, the user fingerprint information input from the fingerprint input unit 3455, The payment terminal (for example, VAN company server, etc.) for transmission to the server (for example, VAN company server, etc.) with the payment approval request text including the card information (for example, credit card number, etc.) read from the user card and predetermined payment information ( Characterized in that interlocking and controlling at least one or more components provided in the 3400, the payment terminal 3400 is at least one or more comprising a hardware (Central Processing Unit) / MPU (Micro Processing Unit) It may include a processor and execution memory (e.g., a register and / or random access memory (RAM)) and a bus that inputs and outputs certain data. have.

 In addition, the payment terminal 3400 is loaded into the execution memory from a predetermined recording medium in order to perform a function specific to the payment terminal 3400 by a predetermined program routine (operation processing by the processor ( A user's fingerprint information input from the fingerprint input unit 3455, card information read from the user card (for example, a credit card number, etc.) and predetermined payment information. In order to transmit the full payment approval request message to a server on the network, a predetermined program recorded on a recording medium provided in the payment terminal 3400, and / or a functional configuration provided in the payment terminal 3400 is processed in software. Possible components are shown in the control unit 3405).

According to the exemplary embodiment of the present invention, the controller 3405 may include components (for example, the memory unit 3450, the card reader unit 3410, the key input unit 3420, and the fingerprint input unit) included in the payment terminal 3400. 3455, the screen output unit 3415, the communication processing unit 3430, the security application module 3435 and the print output unit 3440 and / or the terminal functional unit (not shown) according to the intention of those skilled in the art) By controlling and managing providing the electronic payment service defined in the payment terminal 3400, as well as encrypting the user fingerprint information input from the fingerprint input unit 3455 in accordance with the present invention and the encrypted user fingerprint information and In addition, the payment terminal 3400 is provided in the payment terminal 3400 to transmit a full payment approval request message including a card information (eg, a credit card number, etc.) read from the user card to a server on a network. Control by mutually linking the group component, or for this purpose it is preferred to run the program to be recorded in a recording medium provided in the payment terminal (3400).

The memory unit 3450 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the payment terminal 3400 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, the predetermined program routine and the program data required for the control unit 3405 to perform a predetermined control function (for example, data input or output for the program routine to perform a predetermined function) ) Is stored.

According to an embodiment of the present invention, the memory unit 3450 encrypts user fingerprint information inputted from the fingerprint input unit 3455 by the payment terminal 3400 according to the present invention, and the encrypted user fingerprint information; It is preferable to store the information (or data) generated in the process of transmitting to the server the payment approval request text including the card information (for example, credit card number, etc.) read from the user card and predetermined payment information. Do.

The user card that reads user card information (eg, credit card number, etc.) included in the full payment approval request message through the payment terminal 3400 may be a contact IC card (or wireless) based on ISO / IEC 7816 standard. IC chip), and / or a card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, wherein the card reader unit 3410 is provided to the user card. An interface for reading at least one or more information or data provided may be provided.

According to the exemplary embodiment of the present invention, the card reader unit 3410 may include a contact IC reader unit providing an interface between the contact IC card and the payment terminal 3400, or the contactless IC card and the payment terminal 3400. A contactless IC reader may be provided to provide an interface between the terminals.

In the present invention, although the card reader unit 3410 is provided in the payment terminal 3400, any one or more card readers 3410 of the card reader unit 3410 is the payment terminal 3400. It is noted that it can be detached from or connected via a predetermined cable.

For example, when the contact IC reader unit is a card reader unit 3410 based on ISO / IEC 7816, at least one or more electrical contact forms with a chip on board (COB) provided in the contact IC card. It comprises a contact point, and supplies power to the IC chip of the user card through the contact point, and predetermined information from the IC chip through the half-duplex transaction using an Application Protocol Data Unit (APDU) (Eg, a credit card number, etc.) or data may be interfaced to the payment terminal 3400.

According to another exemplary embodiment of the present disclosure, when the fingerprint information of the user is mounted in the user IC card, the contact IC reader may interface the user fingerprint information to the payment terminal 3400 from the IC card. have.

In addition, when the contactless IC reader unit is a card reader unit 3410 based on ISO / IEC 14443, the contactless electrical contact with the contactless IC card using capacitive coupling and / or inductive coupling is performed. It comprises at least one antenna to form a power supply, the power supply to the IC chip of the user card through the antenna, and predetermined information from the IC chip through the half-duplex transaction using the APDU ( For example, a credit card number, etc.) or data may be interfaced to the payment terminal 3400.

According to another exemplary embodiment of the present invention, when the fingerprint information of the user is mounted in the user IC card, the contactless IC reader may interface the user fingerprint information to the payment terminal 3400 from the IC card. .

In addition, the payment terminal 3400 may further include an MS reader unit, and the MS reader unit is a card reader unit 3410 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil. Head), and the MS card in which predetermined information (e.g., magnetized binary data) is recorded is moved in a predetermined direction in close contact with the magnetic head (or the magnetic head records predetermined information). When the mobile terminal is in close contact with the MS card, the payment terminal 3400 receives predetermined information or data from at least one track provided in the MS of the MS card by using a predetermined electrical signal loaded on the magnetic head. Can be interfaced with

The key input unit 3420 is provided with at least one key button including at least one number key and / or character key and / or function key. Detects information (or a signal) input from a key input device of a predetermined key and is provided to the key input device in a specific input mode and / or operation mode of the payment terminal 3400 controlled by the controller 3405. When predetermined information (or signal) is input from a key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 3405. The controller 3405 obtains predetermined key data corresponding to the key event in the current input mode and / or operation mode of the payment terminal 3400, and / or is defined to match the key event. Characteristic for acquiring a command to execute a predetermined function.

Here, the key input unit 3420 and the key input device having at least one key button interoperate with each other to perform a function of key input means provided in the payment terminal 3400.

The key input device interoperating with the key input unit 3420 may include a keypad device including at least one numeric key and a function key, and / or at least one numeric key and a character key (eg, English character key, and / or Korean character). Key) and / or a keyboard device having a function key, and / or having at least one numeric key and a function key in conjunction with the screen output means, and / or having at least one numeric key, a character key and a function key. It is preferable to include at least one touch screen device.

For example, the key input unit 3420 may receive a key data (eg, a payment amount) corresponding to the electronic payment service from at least one or more key input devices for the electronic payment service defined in the payment terminal 3400. It is preferable to perform a function of an input means, and further, encrypting user fingerprint information input from the fingerprint input unit 3455 according to an embodiment of the present invention, the encrypted fingerprint information, and a card read from the user card. Performs a function of a key input means for receiving at least one or more key data required in the process of transmitting to the server on the network a payment approval request text including information (for example, credit card number) and predetermined payment information It is desirable to.

The screen output unit 3415 is a liquid crystal display (LCD) by the control unit 3405 while the payment terminal 3400 performs a predetermined function (eg, a user fingerprint information processing function, an electronic payment processing function, etc.). And / or at least one or more information or data which is predefined or defined in real time to be output to a predetermined display device including a Cathode Ray Tube (CRT) and / or a CRT (Cathode Ray Tube). The screen output unit 3415 and the screen output device interoperate with each other to perform a function of a screen output unit provided in the payment terminal 3400.

Predefined information or data to be output from the payment terminal 3400 to the screen output device may include key data input through the key input unit 3420, and / or components included in the payment terminal 3400. Information (or data) stored or generated by the information, information (or data) transmitted / received through the communication processing unit 3430, and / or information corresponding to a predetermined operation result performed by the payment terminal 3400 (or Data) and at least one.

According to a preferred embodiment of the present invention, the screen output unit 3415 performs a function of a screen output means for outputting a predetermined processing screen according to fingerprint information processing and electronic payment steps defined in the payment terminal 3400. .

The fingerprint input unit 3455 scans the user fingerprint when a user inputs a fingerprint through a predetermined fingerprint recognition (or input) device (or fingerprint input means, etc.), and the scanned user fingerprint information is stored in the controller ( 3405).

The communication processor 3430 performs a payment network (eg, a value added network (VAN)) while the payment terminal 3400 performs a predetermined function (for example, a fingerprint information processing function or an electronic payment processing function). Communication with a VAN company server or terminal (or device) connected to the payment terminal 3400 via a predetermined cable or a terminal (or device) connected to the payment terminal 3400 through a predetermined short-range wireless communication. It provides a predetermined communication means for connecting a session, and a communication session with a predetermined terminal (or device) through a network communication unit for connecting a predetermined communication channel with a VAN company server on a wired or wireless network, or a predetermined cable communication port. A predetermined communication session with a predetermined short distance communication terminal (or device) device through a cable communication unit for connecting or at least one short distance wireless communication means. It includes a short-range wireless communication unit for connecting, and comprises a communication protocol and / or driver for connecting the communication channel (or communication session) by software.

The network communication unit may include a predetermined wired network and / or a mobile communication network including a Value Added Network (VAN) or a financial common network or high-speed Internet (eg, ADSL / VDSL / Cable Network /.../ satellite communication). And a communication channel with a server (for example, a VAN company server) on a wired / wireless network through a predetermined wireless network including a wireless data communication network. The payment terminal 3400 is connected to a predetermined wired / wireless network by hardware. It may include a modem or a network interface card (NIC) for access, and may include a communication protocol and / or a driver for connecting the payment terminal 3400 to the wired / wireless network in software. have.

The cable communication unit connects a cable communication session with a predetermined terminal (or device) through a predetermined cable communication (eg, RS-232c or Universal Serial Bus (USB)), and the cable is connected in hardware. It comprises a predetermined cable communication port, and may comprise a communication protocol and / or driver for the cable communication in software.

Here, the terminal (or device) to which the cable communication session is connected through the cable communication unit preferably includes a predetermined point of sales (POS) terminal.

The short range wireless communication unit includes at least one of infrared ray communication, RF (Radio Frequency) communication, Bluetooth (BlueTooth), Wireless LAN (Wi-Fi), Wi-Fi (Wi-Fi), and Universal Serial Bus (USB). Characterized in that to connect a predetermined terminal (or device) and a short-range wireless communication session through at least one or more short-range wireless communication means, the hardware includes the infrared communication, RF communication, Bluetooth, WLAN, WiFi, UWB And a predetermined short range wireless communication module for short range wireless communication, and includes a communication protocol and / or a driver for the short range wireless communication in software.

Here, the terminal (or device) to which the short-range communication session is connected through the short-range communication unit preferably includes a user wireless terminal that mounts or detaches a predetermined wireless IC chip.

The Secure Application Module (SAM) is a confidentiality and / or authentication required by the payment terminal 3400 to perform electronic payment and / or electronic payment using the user card. Security requirements, including authentication and / or integrity and / or nonrepudiation, can be secured within the payment terminal 3400 without using an authentication server (or server 3405) on the payment network. As a safety device for performing a reliable and reliable structure, the payment terminal 3400 performs a predetermined message (information) processed in the process of performing a predetermined security request function (for example, fingerprint information processing function, electronic payment processing function, etc.). Or encrypting or decrypting data), adding an authenticator to prevent forgery (or tampering) of the message, or performing the security request function. The ability to store important document key information can be performed.

In general, the security application module 3435 may be composed of a predetermined security application module 3435 inserter and a security application module 3435 chip, the chip of the security application module 3435 is a chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It may be made, including.

In addition, the security application module 3435 is at least one or more security application data (eg, at least one identifier, version, expiration date, issue date, code value, etc.) required to perform a predetermined security request function to the payment terminal 3400 ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocess / cancel command).

The print output unit 3440 may be configured to perform a predetermined function (eg, an electronic payment processing function) by the payment terminal 3400 and / or predetermined information or data (eg, payment approval details) generated as a result. Data, etc.) to a predetermined printing device 3445 (for example, a receipt printer), and to print the print information or data through the predetermined printing device 3445 according to a predefined printing form. It can be made by including a printing protocol and a driver.

Referring to FIG. 34, the control unit 3405 of the payment terminal 3400 generates scanned user fingerprint data provided from the fingerprint input unit 3455 as fingerprint information including a predetermined feature point, and generates the generated fingerprint. Fingerprint information processing unit 3460 for encrypting information, card information (eg, credit card number, etc.) read from the user card through the card reader unit 3410 and transaction information input through the key input unit 3420. A professional component unit 3465 constituting a full payment approval request message including (eg, payment amount information) and information for transmitting the full payment approval request message and the user fingerprint information to the VAN company server (or payment server). It may include a transmission unit 3470, and a professional receiving unit 3475 for receiving a payment approval response message corresponding to the payment approval request full text from the VAN company server.

Here, when the user fingerprint data scanned from the fingerprint input unit 3455 is provided, the fingerprint information processing unit 3460 applies a predetermined pattern recognition algorithm to the provided fingerprint data in the same manner as other user's fingerprint information. Except for the common points that may have, the fingerprint information in the form of a template may be generated by extracting only feature points (eg, ridges, valleys, shortcomings, and the like) of the user.

In this case, the size of the template increases as the number of feature points increases, but the recognition error rate decreases. In general, about 15 to 60 feature points are included in the template, and the payment terminal 3400 It is noted that the recognition error rate and size of the fingerprint information may be changed according to the specification.

According to another exemplary embodiment of the present invention, when the user fingerprint information is mounted on the user IC card, the fingerprint information processing unit 3460 may receive the user fingerprint information read from the IC card from the card reader unit. Can be.

The fingerprint information processor 3460 encrypts the generated fingerprint information so that the fingerprint information cannot be used even if the user's fingerprint information is illegally stolen or leaked, and the user fingerprint of the fingerprint information processor 3460 is encrypted. The information encryption process will be described in more detail with reference to FIGS. 35 to 39 below.

The specialized component 3465 may include card information (eg, a credit card number) read from the user card through the card reader unit 3410 and transaction information (eg, through the key input unit 3420). And a payment approval request message including payment amount information, etc.) and merchant information (or payment terminal 3400 information, etc.) previously stored in the memory unit 3450. Transfer to the information transmission unit 3470.

The information transmission unit 3470, when the payment approval request full text configured through the specialized component 3465 is delivered, and the user fingerprint information is transmitted through the fingerprint information processing unit 3460, the payment approval request full text and the The user fingerprint information may be transmitted to the VAN company server (or payment server).

According to the exemplary embodiment of the present invention, the information transmission unit 3470 includes the full text of the payment approval request, but if the fingerprint is not input from the user, the user's fingerprint information is input after the user's fingerprint is input. Waiting for transmission of the payment approval request message until delivery, and when the user fingerprint information is transmitted through the fingerprint input unit 3455 and the fingerprint information processing unit 3460, the payment approval request message is transmitted together with the transferred user fingerprint information. Can be sent to a server on the network.

35 is a diagram showing the configuration of the fingerprint information processor 3460 with a function of encrypting fingerprint information through a predetermined encryption key according to one embodiment of the present invention.

In more detail, in FIG. 35, in the fingerprint information processing unit 3460 of the payment terminal 3400 illustrated in FIG. 34, fingerprint information input from a predetermined fingerprint input unit is inputted to a fingerprint information processing unit of the payment terminal 3400 ( A function configuration provided by encrypting through a predetermined encryption key in 3460, and a person skilled in the art to which the present invention pertains, the fingerprint input unit 3455 by referring to and / or modified in this figure 35 It is possible to infer various implementation methods for the fingerprint information processing unit 3460 by encrypting fingerprint information inputted from a predetermined encryption key, but the present invention includes all of the inferred implementation methods, as shown in FIG. It is not limited to the implemented method.

Referring to FIG. 35, the fingerprint information processing unit 3460 stores a memory that associates and stores a predetermined encryption key for encrypting fingerprint information input from the fingerprint input unit 3455 and the encryption key index, and the encryption key. Characterized in that it comprises a password processing unit 3500 for encrypting the fingerprint information input through.

The memory may store a predetermined encryption key for encrypting the input fingerprint information, wherein the encryption key is processed in association with a predetermined encryption key index to store the memory (or the payment terminal 3400, a memory unit 3450). It is characterized in that stored in).

Here, the encryption key is an encryption key for encrypting the fingerprint information in a symmetric key (or secret key) encryption method, and / or an encryption key for encrypting the fingerprint information in a public key encryption method, and / or the fingerprint information. It may include at least one or more of an encryption key for encrypting the electronic envelope encryption method, and / or an encryption key for encrypting the fingerprint information in a key exchange encryption method.

In addition, the encryption key index stored in the memory in association with the encryption key is index information (for example, merchant code) for identifying a predetermined decryption key associated with the encryption key in a host that decrypts the encrypted fingerprint information. Or a payment terminal 3400 code or the like, whereby a host (eg, a biometric information management server, etc.) that decrypts the encrypted fingerprint information is assigned to the encryption key based on the encryption key index. At least one corresponding decryption key may be identified and the encrypted fingerprint information may be decrypted using the identified decryption key.

Here, the decryption key identified through the encryption key index is a decryption key for decrypting the encrypted fingerprint information by a symmetric key (or secret key) decryption method, or decrypting the encrypted fingerprint information by a public key decryption method. At least one or more of a decryption key for decryption, a decryption key for decrypting the encrypted fingerprint information by an electronic envelope decryption method, or a decryption key for decrypting the encrypted fingerprint information by a key exchange decryption method.

According to another exemplary embodiment of the present invention, when the payment terminal 3400 information (or merchant code information) included in the payment approval request message generated by the payment terminal 3400 performs the encryption key index function, the memory The encryption key index may be omitted, and the present invention is not limited thereto.

The encryption processing unit 3500 may transmit the user fingerprint information input through the fingerprint input unit 3455 through a symmetric key (or secret key) encryption method, and / or public key encryption method, and / or via an encryption key stored in the memory. And encrypting through at least one or more of an electronic envelope encryption scheme and / or a key exchange encryption scheme.

The fingerprint information encrypted by the fingerprint information processing unit 3460 is preferably secured until a predetermined decryption key is decrypted by a predetermined host (for example, a biometric information management server).

36 is a diagram illustrating a method for encrypting fingerprint information in a symmetric key (or secret key) method by the fingerprint information processing unit 3460 according to an embodiment of the present invention.

More specifically, FIG. 36 illustrates a method of encrypting the fingerprint information by a symmetric key (or secret key) in a fingerprint information processing unit 3460 having an encryption function as shown in FIG. 35. Those skilled in the art may refer to and / or modify this drawing 36 to infer various implementation methods for encrypting the fingerprint information in a symmetric key (or secret key) manner by the fingerprint information processing unit 3460. It will be appreciated that the present invention encompasses all of the inferred practice methods and is not limited to the practice method shown in FIG.

In this figure 36 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the memory (or payment terminal 3400, memory unit 3450) provided in the fingerprint information processing unit 3460. Do.

Referring to FIG. 36, when user fingerprint information is input through the fingerprint input unit 3455, the user fingerprint information is provided to the encryption processing unit 3500 (3600). When the user fingerprint information is provided, the encryption processing unit 3500 is provided. Read a predetermined symmetric key (or secret key) for encrypting fingerprint information from the memory (or payment terminal 3400 memory unit 3450) included in the fingerprint information processing unit 3460 (3605), The fingerprint information is encrypted using a symmetric key (or secret key) (3610).

Here, the encryption function of the encryption processing unit 3500 is called E (Encryption), the symmetric key (or secret key) is k (key), the fingerprint information is P (Plaintext), and the symmetric key (or secret key). If the fingerprint information encrypted with) is C (Ciphertext), the encryption function of the encryption processing unit 3500 may be expressed by an expression such as "Ek (P) = C".

According to the embodiment of the present invention, the encryption processing unit 3500 encrypts the fingerprint information through the symmetric key (or secret key), SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA It is preferable to include at least one or more of the International Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

FIG. 37 illustrates a method of encrypting user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit 3460 according to an embodiment of the present invention.

More specifically, FIG. 37 is a method for encrypting the user fingerprint information in a public key infrastructure structure in a fingerprint information processing unit 3460 equipped with an encryption function as shown in FIG. 35, in the technical field to which the present invention pertains. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information using the public key method by referring to and / or modifying the drawing 37. It includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In this figure 37 according to an embodiment of the present invention, the server-side public key is preferably read from the memory (or memory 3450 of payment terminal 3400) included in the fingerprint information processing unit 3460.

Referring to FIG. 37, when user fingerprint information is input through the fingerprint input unit 3455, the fingerprint information unit 3500 is provided to the encryption processing unit 3500 (3700). When the fingerprint information is provided, the encryption processing unit 3500 is A predetermined server-side public key for encrypting the fingerprint information is extracted from a memory (3705), and the fingerprint information is encrypted using the extracted server-side public key (3710).

Here, the encryption function of the encryption processing unit 3500 is called E (Encryption), the server-side public key is k1 (key), the fingerprint information is P (Plaintext), and the fingerprint information encrypted with the server-side public key. Suppose C (Ciphertext), the encryption function of the encryption processing unit 3500 can be expressed by a formula such as "Ek1 (P) = C".

According to an embodiment of the present invention, the encryption processing unit 3500 encrypts the fingerprint information through the server-side public key: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the fingerprint information through the RSA encryption algorithm, among the encryption algorithms, the published method (Modulus) used in the encryption process is n, and the undisclosed prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 3500 may be expressed as" C = Ek1 (P) = Pe mod n ".

38 is a diagram illustrating a method of encrypting fingerprint information by an electronic envelope method in the fingerprint information processor 3460 according to an exemplary embodiment of the present invention.

In more detail, FIG. 38 is an embodiment of the method for encrypting the user fingerprint information by an electronic envelope method in the fingerprint information processing unit 3460 having an encryption function as shown in FIG. 35, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in an electronic envelope by the fingerprint information processing unit 3460 by referring to and / or modifying the drawing 38. It includes all the implementation methods, and is not limited to the implementation method shown in FIG.

In the diagram 38 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the memory terminal 3450 of the payment terminal 3400) provided in the fingerprint information processing unit 3460.

Referring to FIG. 38, when user fingerprint information is input from the fingerprint input unit 3455, the fingerprint input unit 3455 provides the fingerprint information to the encryption processing unit 3500 (3800). When the fingerprint information is provided, the encryption processing unit 3500 provides the fingerprint. Generates a random random secret key for encrypting the information in a secret key (symmetric key) method (3805), and encrypts the fingerprint information using the generated secret key (3810) .

Here, the encryption function of the encryption processing unit 3500 is called E (Encryption), the secret key is r (random secret key), the user fingerprint information is P (Plaintext), and the fingerprint information encrypted with the secret key is C In the case of (Ciphertext), the encryption function of the encryption processing unit 3500 can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, the encryption processing unit 3500 encrypts the fingerprint information through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data Encryption Algorithm). It is preferable to include at least one of), and in addition to the encryption algorithm of various forms may be used, but the present invention is not limited by a specific encryption algorithm.

Thereafter, the encryption processor 3500 encrypts the secret key (random secret key) used to encrypt the user fingerprint information. To this end, the encryption processor 3500 extracts a predetermined server-side public key from the memory. In operation 3815, the secret key is encrypted using the server-side public key (3820).

Here, the encryption function of the encryption processing unit 3500 is called E (Encryption), the server-side public key is k1 (key), the secret key is r (random Secret key), and the secret encrypted with the server-side public key. If the key is C (Ciphertext), the encryption function of the encryption processing unit 3500 can be expressed by an expression such as "Ek1 (r) = C".

According to an embodiment of the present invention, the encryption processing unit 3500 encrypts the secret key through the server-side public key: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 3500 may be expressed as" C = Ek1 (r) = re mod n ".

If the fingerprint information is encrypted with the secret key and the secret key is encrypted with the server-side public key, the encryption processing unit 3500 may encrypt the fingerprint information encrypted with the secret key and the secret key encrypted with the server-side public key. Interworking

39 is a diagram illustrating a method of encrypting fingerprint information in a key exchange method in the fingerprint information processing unit 3460 according to an embodiment of the present invention.

More specifically, FIG. 39 is a method of encrypting and transmitting the fingerprint information by a key exchange method in a fingerprint information processing unit 3460 equipped with an encryption function as shown in FIG. 35, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the fingerprint information by key exchange in the fingerprint information processing unit 3460 by referring to and / or modifying the present invention. It includes all implementation methods and is not limited to the implementation method shown in FIG.

According to the present invention 39, the fingerprint input unit 3455 side private key and the server side public key may include the memory (or payment terminal 3400) memory unit 3450 provided in the fingerprint information processing unit 3460. It is preferable to read from).

Referring to FIG. 39, when user fingerprint information is input through the fingerprint input unit 3455, it is provided to the encryption processing unit 3500 (3900). When the fingerprint information is provided, the encryption processing unit 3500 is provided. Generates a message digest including a predetermined one-way hash function (eg, a hash code of a predetermined length regardless of the length of the fingerprint information), and generates the hash code (or message digest). One-way hash function that cannot verify (or infer) the original message through the message input unit 3455 and the host decrypting the encrypted fingerprint information use the same hash function). Generate a digital signature (3905), and digitally sign the message digest by encrypting the message digest using the private key of the fingerprint information processor 3460 (3910).

Herein, the encryption function of the encryption processing unit 3500 is referred to as E (Encryption), the fingerprint information processing unit 3460 side private key is t1 (yerminal side key), the message digest is m (message digest), and the fingerprint If the message digest encrypted with the private key of the input unit 3455 is called C (Ciphertext), the digital signature function of the encryption processing unit 3500 may be expressed by an expression such as "Et1 (m) = C".

According to an embodiment of the present invention, the encryption processing unit 3500 encrypts the message digest using the private information side of the fingerprint information processing unit 3460, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA. (Digie Signature Algorithm), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH is preferably included at least one or more, and various forms of encryption algorithms may be used, but specific The present invention is not limited by the encryption algorithm.

For example, in the case of encrypting the message digest through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the digital signature function of the encryption processing unit 3500 can be expressed as" C = Et1 (m) = me mod n ".

In addition, the encryption processing unit 3500 generates a predetermined random secret key for encrypting the fingerprint information using a secret key (symmetric key) method (3915), and the fingerprint information and the fingerprint. The message digest encrypted with the private key of the input unit 3455 and the copy of the certificate (for example, a certificate including the public key of the fingerprint information processing unit 3460) of the memory are linked to each other and encrypted using the generated private key ( 3920).

Here, the encryption function of the encryption processing unit 3500 is called E (Encryption), the secret key is r (random secret key), the fingerprint information and the copy of the certificate P (Plaintext), and the fingerprint information encrypted with the secret key If the certificate copy is called C (Ciphertext), the encryption function of the encryption processing unit 3500 can be expressed by an equation such as "Er (P) = C".

According to the embodiment of the present invention, the encryption processing unit 3500 encrypts the fingerprint information and the certificate copy through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International) It is preferable to include at least one or more of Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

In addition, the encryption processing unit 3500 extracts a predetermined server side public key from the memory 393 to encrypt the secret key that encrypts the fingerprint information, and uses the server side public key to extract the fingerprint information. The encrypted secret key is encrypted (3930).

Here, the encryption function of the encryption processing unit 3500 is called E (Encryption), the server-side public key is encrypted with s1 (server side key), the secret key is r (random secret key), and the server-side public key. When the secret key is referred to as C (Ciphertext), the encryption function of the encryption processing unit 3500 may be expressed by an expression such as "Es1 (r) = C".

According to an embodiment of the present invention, the encryption processing unit 3500 encrypts the secret key through the server-side public key: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 3500 may be expressed as" C = Es1 (r) = re mod n ".

A copy of a certificate including the message digest encrypted with the fingerprint information and the private key of the fingerprint information processing unit 3460 and the public key of the fingerprint information processing unit 3460 is linked and encrypted through the generated secret key, and the secret When a key is encrypted through the server-side public key, the encryption processing unit 3500 encrypts the message digest and the fingerprint information processing unit encrypted with the fingerprint information encrypted with the secret key and the private key of the fingerprint information processing unit 3460. A predetermined copy of the fingerprint information is generated by associating a copy of the certificate including the side public key with the secret key encrypted with the server side public key (3460).

40 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

More specifically, FIG. 40 is connected to the payment terminal 3400 shown in FIG. 34 through a predetermined network (eg, a VAN), and the full text of the payment approval request and the encrypted message from the payment terminal 3400. When the user biometric information is received, the payment approval history included in the full payment approval request is transmitted to a card company server corresponding to the user card, to receive a payment approval response from the card company server, and the sales including the payment approval history. By linking and storing a slip and the encrypted user biometric information, if the card company server is requested to confirm the unauthorized use of the card included in the sales slip, by confirming the encrypted user biometric information associated with the sales slip, The encrypted user biometric information is transmitted to a predetermined biometric information management server to correspond to the biometric information. A server on a network (eg, a VAN company) that requests user unique identification information and transmits the transmitted user unique identification information to the card company server when the user identification information corresponding to the biometric information is transmitted from the biometric information management server. Server, etc.), a person having ordinary knowledge in the technical field to which the present invention pertains, with reference to and / or modification of this drawing 40, in response to a request for confirming the unauthorized use of a card included in the sales slip, By transmitting encrypted biometric information corresponding to the sales slip to a predetermined biometric information management server, user's unique identification information corresponding to the biometric information (eg, name, social security number, insurance number, driver's license number, financial transaction means information, etc.). While various server configurations may be inferred requesting confirmation of the invention, the present invention is directed to all inferred implementation methods. It includes, and is not limited to the exemplary method shown in the figure 40.

In addition, although the server illustrated in FIG. 40 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. The function configuration unit specifies that it may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 40, the server includes a receiver 4005, a reader 4010, a specialized processor 4015, an approval request unit 4020, a biometric information processor 4035, and a sales information processor 4025. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 4005 may include payment information including user card information (eg, credit card number) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal 3400 illustrated in FIG. 34. Receive the encrypted fingerprint information of the user entered through the full approval request and the payment terminal 3400, and transfers the received payment approval request full text to the reading unit 4010, and transmits the encrypted fingerprint information Transfer to the biometric information processing unit 4035.

When the payment approval request message received through the receiving unit 4005 is delivered, the reading unit 4010 reads the payment approval request message and stores user card information (eg, a credit card) included in the payment approval request message. Number, etc.), the card company information corresponding to the confirmed card information is confirmed, and the confirmed card company information and the payment approval request details are transmitted to the approval request unit 4020.

The approval request unit 4020, when the payment approval request details and the card company information are transmitted through the reading unit 4010, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

When the information processing unit receives a payment approval response for the payment approval request from the card company server through the approval request unit 4020, the information processing unit configures a sales slip including the payment approval details according to the response result. In connection with the encrypted user fingerprint information, the information storage unit 4030 stores the data in a predetermined storage medium.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The biometric information processing unit 4035 transmits encrypted fingerprint information associated with the sales slip to a biometric information management server in response to a request for confirming fraudulent use of a card included in the sales slip from the card company server. Request identification of corresponding user identification information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.), and the user identification information corresponding to the fingerprint information is stored through the biometric information management server. When the identification is confirmed, the received unique user identification information is received, and the received user unique identification information is transmitted to the card company server.

The expert processing unit 4015 receives the payment approval response received through the approval request unit 4020, configures a payment approval response message to be transmitted to the payment terminal 3400, and writes the configured payment approval response message. Transfer to the payment terminal 3400.

The information storage unit 4030 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

41 is a diagram showing the functional configuration of a card company server 4100 according to an embodiment of the present invention.

More specifically, FIG. 41 is connected to the server shown in FIG. 40 by a predetermined network (eg, a payment network). When the payment approval request details are received from the server, the payment corresponding to the payment approval request details is shown. When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for unauthorized use confirmation of the card is made to the server, and the card user unique identification information is received from the server. As a method of implementing a card company server 4100 configured to perform identity verification for the card user by receiving and confirming whether the user unique identification information corresponds to the card user information, the present invention is a general method in the art. If you have the knowledge, the user notice transmitted from the server by referring to and / or modifying this figure 41 A variety of card company servers 4100 configured to authenticate the card user by comparing identification information with user information stored in the card user information (customer information) DB (or storage medium), and responding to a request for confirming the unauthorized use of the card. It may be inferred that, but the present invention includes all the implementation methods inferred above, and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 41 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. The function configuration unit specifies that it may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 41, the card company server 4100 includes a receiver 4105, a reader 4110, a specialized processor 4115, a user authenticator 4120, a limit checker 4130, and information storage. It may be configured to include a portion 4125, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 4105 receives the payment approval request details of a predetermined card user from the server illustrated in FIG. 40, and transmits the received payment approval request details to the reading unit 4110.

The reading unit 4110 reads the payment approval request history received through the receiving unit 4105, confirms user card information, and checks the confirmed card information and payment approval request details (for example, a payment amount). Characterized in that the transfer to the limit checker (4130).

The limit checking unit 4130 checks the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 4110. It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is transferred to the specialized processor 4115, and the result of the determination is transferred to the information storage unit 4125, and the card company DB (or stored). Media).

The specialized processing unit 4115, when the settlement determination result is delivered through the limit checking unit 4130, constructs a payment approval response details including the transferred details and transmits the details to the server.

When the user authentication unit 4120 is requested to confirm the illegal use of the user card, the user authentication unit 4120 requests the user's unique identification information according to the request for the unauthorized use of the card to correspond to the user card information from the server. When the unique user identification information is delivered, the user identification information is compared with the transmitted card user information, characterized in that for performing the user authentication for the transaction.

42 is a diagram illustrating a functional configuration of the biometric information management server 4200 according to an embodiment of the present invention.

More specifically, FIG. 42 is connected to the server shown in FIG. 40 through a predetermined network (eg, a VAN) and receives encrypted user biometric information from the server, thereby receiving the encrypted user. A method for implementing a biometric information management server 4200 for decoding biometric information, checking user unique identification information corresponding to the decrypted user biometric information, and transmitting the identified user unique identification information to the server, Those skilled in the art to which the present invention pertains, various server configurations for identifying and identifying the user unique identification information corresponding to the user biometric information by decrypting the encrypted biometric information by referring to and / or modified in this figure 42 It may be inferred that, but the present invention includes all the implementation method inferred, the embodiment shown in Figure 42 It is not limited to the method.

In addition, although the server illustrated in FIG. 42 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. The function configuration unit specifies that it may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 42, the biometric information management server 4200 may include an information receiver 4105, a decoder 4210, an information transmitter 4215, and an information checker 4220. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 4105 may receive predetermined encrypted biometric information from the server illustrated in FIG. 40 and transfer the received encrypted biometric information to the decryption unit 4210.

The decryption unit 4210 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 4105 is transmitted. 4220).

An encrypted biometric information decryption process of the decryption unit 4210 will be described in more detail with reference to FIGS. 43 to 46 below.

When the encrypted biometric information is decrypted by the decryption unit 4210, the information checking unit 4220 confirms (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 4215.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information verification unit 4220, the information transmission unit 4215 sends the encrypted user identification information to the encrypted biometrics. Send the information to the server that sent it.

43 is a diagram illustrating a method of decrypting predetermined encrypted biometric information received from the biometric information management server 4200 by the symmetric key (or secret key) method according to an embodiment of the present invention.

More specifically, FIG. 43 is encrypted from the payment terminal 3400 equipped with the encryption function as shown in FIG. 34, and the biometric information management server 4200 shown in FIG. 42 converts the encrypted biometric information transmitted through the server. The present invention relates to a method of decrypting by a symmetric key (or secret key) method. It is possible to infer various implementation methods for decrypting by the symmetric key (or secret key) method, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

43 according to an embodiment of the present invention will be presented fingerprint information as an example of the biometric information.

Referring to FIG. 43, the information receiver 4105 of the biometric information management server 4200 provides the encrypted fingerprint information received from the server to the decryption unit 4210 (4300).

Thereafter, the decryption unit 4210 is configured to decrypt the encrypted fingerprint information from a storage medium provided in the biometric information management server 4200 or provided in a predetermined key management server (eg, an authentication server) on a network. The extracted symmetric key (or secret key) is extracted or provided (4305), and the encrypted fingerprint information is decrypted through the extracted symmetric key (or secret key) (4310).

Here, the decryption function of the decryption unit 4210 is called D (Decryption), the symmetric key (or secret key) is k (key), and the fingerprint information encrypted with the symmetric key (or secret key) is C (Ciphertext). And, if the decrypted fingerprint information is called P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 4210 is "Dk = P, or Dk (Ek (P)) = P" and The same formula can be used.

According to the exemplary embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 4210 via the symmetric key (or secret key) may include SEED, DES (Data Encryption Standard), Triple-DES, and Skipjack. It is preferable to include at least one or more of the International Data Encryption Algorithm (IDEA), and various types of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 3400. The present invention is not limited by the specific decoding algorithm.

When the fingerprint information encrypted through the symmetric key (or the secret key) is decrypted as described above, the decryption unit 4210 transmits the decrypted fingerprint information to the information verification unit 4220, and the information verification unit 4220. ) May identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium.

44 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server 4200 in the public key infrastructure according to an embodiment of the present invention.

In more detail, FIG. 44 illustrates a structure of a public key infrastructure in the biometric information management server 4200 for the encrypted biometric information encrypted from a payment terminal 3400 having an encryption function as shown in FIG. 34 and transmitted through the server. Method for decrypting by the method, if the present invention is known in the art, fingerprints encrypted with the server-side public key in the payment terminal 3400 by referring to and / or modified in Figure 44 Various implementation methods for decrypting information in a public key based structure may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 44 according to an embodiment of the present invention, a server-side private key for decrypting fingerprint information encrypted with the server-side public key in a public key infrastructure structure is provided in the biometric information management server 4200 or on a network. It is preferable to read from the storage medium provided in the key management server (for example, authentication server, etc.), and the present invention is not limited thereby.

Referring to FIG. 44, the encrypted fingerprint information received through the information receiver 4105 of the biometric information management server 4200 is provided to the decryption unit 4210 (4400).

Thereafter, the decryption unit 4210 extracts a server-side private key for decrypting the encrypted fingerprint information from a storage medium provided in the biometric information management server 4200 or a predetermined key management server (4405). The encrypted fingerprint information is decrypted using the extracted server-side private key (4410).

Here, the decryption function of the decryption unit 4210 is called D (Decryption), the server-side private key is k2 (key), the fingerprint information encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When the fingerprint information decrypted by the key is called P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 4210 is expressed by a formula such as "Dk2 = P, or Dk2 (Ek (P)) = P". I can express it.

According to an embodiment of the present invention, an algorithm for decrypting fingerprint information encrypted by a server-side public key in the payment terminal 3400 by the decryption unit 4210 via the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it matches the encryption algorithm used in the payment terminal 3400, the invention is not limited by a specific decryption algorithm.

For example, when the fingerprint information is decoded through the RSA decryption algorithm among the public key based decryption algorithms, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the reading unit 4110 may be expressed as" P = Dk2 = Cd mod n ".

When the fingerprint information encrypted with the server-side public key is decrypted by the payment terminal 3400 through the server-side private key as described above, the decryption unit 4210 transmits the decrypted fingerprint information to the information verification unit 4220. The information checking unit 4220 may identify (or extract) user unique identification information corresponding to the decrypted biometric information from a predetermined storage medium.

45 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server 4200 from the server according to an embodiment of the present invention by an electronic envelope method.

More specifically, FIG. 45 is encrypted by the biometric information management server 4200 which receives the encrypted biometric information encrypted from the payment terminal 3400 equipped with the encryption function as shown in FIG. 34 and transmitted through the server. The present invention relates to a method for decoding biometric information by an electronic envelope method. If the present invention belongs to those skilled in the art, the electronic device may be referred to and / or modified with reference to FIG. 45. It will be able to infer various implementation methods for decrypting the fingerprint information encrypted in the manner in the biometric information management server 4200 in the same electronic envelope method, the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to the implementation method shown.

In FIG. 45 according to an embodiment of the present invention, a server-side private key for decrypting the encrypted fingerprint information by an electronic envelope method is provided in the biometric information management server 4200 or a predetermined key management server (for example, on a network). It is preferable to read from the storage medium provided in the authentication server, etc., whereby the present invention is not limited.

Referring to FIG. 45, the encrypted fingerprint information received through the information receiver 4105 of the biometric information management server 4200 is provided to the decryption unit 4210 (4500), and thereafter, the decryption unit 4210 ) Extracts a server-side private key for decrypting the encrypted secret key included in the fingerprint information from a storage medium provided in the biometric information management server 4200 or provided in a predetermined key management server (4505), By decrypting the private key encrypted with the server-side public key in the payment terminal 3400 through the extracted server-side private key (4510), a predetermined secret key for decrypting the fingerprint information is extracted (4515), By decrypting the fingerprint information using the extracted secret key (4520), the payment terminal 3400 extracts the fingerprint information encrypted with the secret key (4525).

Here, the decryption function of the decryption unit 4210 is called D (Decryption), the server-side private key is k2 (key), the secret key encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When a secret key decrypted with a key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 4210 is "Dk2 = r, or Dk2 (Ek1 (r)) = r". It can be expressed as an expression.

According to the exemplary embodiment of the present invention, an algorithm for decrypting the secret key encrypted by the payment terminal 3400 with the server-side public key through the server-side private key is RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it matches the encryption algorithm used in the payment terminal 3400, the invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b", and d is de de a-1) (b-1) ", wherein the decoding function of the decoder 4210 may be expressed as" P = Dk2 = Cd mod n ".

Here, the decryption function of the decryption unit 4210 is called D (Decryption), the secret key is r (random secret key), the fingerprint information encrypted with the secret key (C (Ciphertext)), and the decrypted When fingerprint information is referred to as P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 4210 may be expressed by a formula such as "Dr = P or Dr (Er (P)) = P". .

According to the embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 4210 using the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data) It is preferable to include at least one or more of the Encryption Algorithm, and various forms of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 3400, The present invention is not limited by the specific decoding algorithm.

When the fingerprint information is decrypted as described above, the decryption unit 4210 may provide the decrypted fingerprint information to the information verification unit 4220, and the information verification unit 4220 corresponds to the decrypted biometric information. User identification information can be identified (or extracted) from a predetermined storage medium.

46A and 46B illustrate a method of decrypting encrypted biometric information received from the biometric information management server 4200 by the key exchange method according to an embodiment of the present invention.

In more detail, FIGS. 46A and 46B illustrate the encrypted fingerprint information in the biometric information management server 4200 that receives the encrypted fingerprint information from the payment terminal 3400 having the encryption function as shown in FIG. 34 through the server. The present invention relates to a method of decrypting by a key exchange method, and if the present invention belongs to a general knowledge, referring to and / or modifying this drawing 46 to the key exchange method in the payment terminal 3400 Various implementation methods for decrypting the encrypted payment means information in the biometric information management server 4200 by the same key exchange method may be inferred, but the present invention includes all the inferred implementation methods, and is shown in FIG. 46. It is not limited to the implemented method.

In this figure 46 according to an embodiment of the present invention, the server-side private key and the payment terminal 3400-side public key for decrypting the encrypted fingerprint information in a key exchange method are provided in the biometric information management server 4200 or It is preferable to read from a storage medium provided in a predetermined key management server or the like, and the present invention is not limited thereto.

46A and 46B, when the encrypted fingerprint information is received and transmitted through the information receiver 4105 of the biometric information management server 4200 (4600), the encrypted fingerprint information is decrypted by the decryption unit 4210. The fingerprint information encrypted with the secret key is a copy of a certificate including the message digest encrypted with the private key of the payment terminal 3400 and the public key of the payment terminal 3400, and the server. It is preferable to include the secret key encrypted with the side public key.

Thereafter, the decryption unit 4210 is configured to store the server-side private key from a storage medium provided in the biometric information management server 4200 or provided in a predetermined key management server to decrypt the secret key encrypted with the server-side public key. Extracting (4610) and decrypting the secret key through the server-side private key (4615), thereby revealing the message digest and the payment terminal 3400 side encrypted with the fingerprint information and the private key on the payment terminal 3400 side. The secret key for decrypting the copy of the certificate containing the key is extracted (4620).

Here, the decryption function of the decryption unit 4210 is called D (Decryption), the server side private key is s2 (server side key), the secret key encrypted with the server side public key is C (Ciphertext), and the server. When the secret key decrypted with the side private key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 4210 is "Ds2 = r, or Ds2 (Es1 (r)) = r". It can be expressed as

According to an embodiment of the present invention, the decryption unit 4210 decrypts the secret key encrypted with the server-side public key in the payment terminal 3400 through the server-side private key, RSA (Ron Rivest, Adi). Shamir, Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH, at least one or more of the various forms of decoding algorithms Although it can be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 3400, the invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 4210 may be expressed as" P = Ds2 = Cd mod n ".

When the secret key is extracted as described above, the decryption unit 4210 uses the extracted secret key to encrypt the message digest and the private terminal with the fingerprint information and the payment terminal 3400 side. By decrypting a copy of the certificate including the public key (4625), the message digest encrypted with the secret key and the message digest encrypted with the private key of the payment terminal (3400) and the public key on the payment terminal (3400) Extract a copy of the certificate.

Here, the decryption function of the decryption unit 4210 is called D (Decryption), and the secret key is encrypted with r (random secret key), fingerprint information encrypted with the secret key, and a private key of the payment terminal 3400 side. A copy of a certificate including a message digest and a public key of the payment terminal 3400 is C (Ciphertext), and the message digest and the payment terminal 3400 encrypted with the decrypted fingerprint information and the private key of the payment terminal 3400. When the copy of the certificate including the public key is called P (Plaintext), the decryption unit 4210 is encrypted with the encrypted fingerprint information and the payment terminal 3400 side private key and the payment terminal 3400. The function of decrypting the copy of the certificate including the public key can be expressed by an expression such as "Dr = P, or Dr (Er (P)) = P".

According to the exemplary embodiment of the present invention, the decryption unit 4210 is encrypted with the encrypted fingerprint information and the private key of the payment terminal 3400 through the secret key and the public key of the payment terminal 3400. Algorithm for decrypting the copy of the certificate, including, is preferably made of at least one or more of SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data Encryption Algorithm (IDEA), in addition to various forms of decryption An algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the payment terminal 3400, and the present invention is not limited to a specific decryption algorithm.

In addition, the decryption unit 4210 decrypts the message digest encrypted with the private key of the payment terminal 3400 through the public key of the payment terminal 3400 (4630), thereby allowing the fingerprint in the payment terminal 3400 to be decrypted. The message digest generated and transmitted from the information is extracted (4635).

Here, the decryption function of the decryption unit 4210 is referred to as D (Decryption), and the message digest encrypted with the terminal side key (t2) of the payment terminal 3400 and the private key of the payment terminal 3400 is When the message digest decrypted with C (Ciphertext) and the payment terminal 3400 side public key is m (Message Digest), the function of decrypting the encrypted message digest by the decryption unit 4210 is "Dt2 = m," Or Dt2 (Es1 (r)) = m ".

According to an embodiment of the present invention, an algorithm for decrypting the message digest encrypted by the decryption unit 4210 with the private key of the payment terminal 3400 from the payment terminal 3400 through the public terminal of the payment terminal 3400 may include: , At least one of RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. In addition, various types of decryption algorithms may be used. However, the decryption algorithm is matched with the encryption algorithm used in the payment terminal 3400, and the present invention is not limited to the specific decryption algorithm.

For example, when decrypting the message digest through the RSA decryption algorithm of the public key-based decryption algorithm, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoding unit 4210 may be expressed as" P = Dt2 = Cd mod n ".

Thereafter, the decryption unit 4210 generates a predetermined message digest through the same one-way hash function with the received fingerprint information (4640), and then generates the generated message digest and the decrypted message. By comparing the digest (4645), the validity of the received fingerprint information may be confirmed.

If the generated message digest and the decrypted message digest match (4650), the decryption unit 4210 may transfer the fingerprint information to the information verification unit 4220, and the information confirmation unit 4220 may User identification information corresponding to the decrypted biometric information may be identified (or extracted) from a predetermined storage medium.

47 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

More specifically, the process shown in FIG. 47 is characterized in that performed on the user authentication information processing system shown in FIG. 33, and includes a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.) In step 3400, the biometric information input from the card user is encrypted, and the full payment approval request message including the encrypted biometric information, the user card information, and the payment information (eg, payment amount, etc.) is networked (eg, a VAN). When transmitting to the server (eg, VAN company server, etc.), the payment approval request details are provided to the card company server 4100 corresponding to the user card information, and the payment for the payment approval request from the card company server 4100 When the approval response is received, the server configures a sales slip including the payment approval details, and the sales slip and the encrypted user biometric information. The card company server 4100 requests the card user confirmation for the illegal use of the user card included in the sales slip after storing the data in a predetermined storage medium by linking the data. Check the received sales slip, verify encrypted user biometric information associated with the sales slip, and transmit the identified encrypted user biometric information to a predetermined biometric information management server 4200 to correspond to the biometric information. Request confirmation of user's unique identification information (for example, name, resident registration number, insurance number, driver's license number, financial transaction information, etc.), and decrypts the encrypted biometric information at the biometric information management server 4200. Checking the user unique identification information corresponding to the biometric information and transmitting the identified user unique identification information to the server, the server By transmitting the checked user unique identification information to the card company server 4100, the card company server 4100 performs the card user's identity authentication through the transmitted user unique identification information, as an embodiment of the present invention Those skilled in the art will be able to infer various user authentication information processing procedures by referring to and / or modifying the drawings, but the present invention includes all the inferred implementation methods. It is not limited to the implementation method shown by.

According to the user authentication information processing shown in FIG. 47, the payment terminal 3400 shown in FIG. 34 reads card information from the user card, checks payment information input through a predetermined key input means (4700). In operation 4702, the user waits for input of the user fingerprint information through a predetermined fingerprint input means.

When the fingerprint information of the card user is input (4704), the payment terminal 3400 generates a full payment approval request message including the card information and the payment information (4706), and the input user fingerprint information is described with reference to FIG. As shown in FIG. 39, encryption is performed (4708).

The encryption process of the fingerprint information will be described with reference to the contents described with reference to FIGS. 36 to 39. In FIG. 47, a detailed description of the fingerprint information encryption process will be omitted.

The payment terminal 3400 transmits the generated payment approval request message and the encrypted user fingerprint information to a server on a network (4710), and the server records the payment approval request details included in the received payment approval request message. The card company server 4100 transmits the request for approval (4712).

When the payment approval response corresponding to the approval request is received from the card company server 4100, the server transmits a full text of the payment approval response to the payment terminal 3400 (4714), and includes the payment approval details. The sales slip and the encrypted user fingerprint information are stored in association with each other (4716).

Then, when the server is requested to confirm the unauthorized use of the card included in the sales slip from the card company server 4100 (4718), the server receives the encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use In operation 4720, the encrypted user fingerprint information is transmitted to the biometric information management server 4200, and the user unique identification information corresponding to the fingerprint information is requested in operation 4472.

In addition, the biometric information management server 4200 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 43 to 46 corresponding to an encryption method of the payment terminal 3400 (4724). ).

The decryption process of the encrypted fingerprint information will be described with reference to the contents described with reference to FIGS. 43 to 46, and detailed description thereof will be omitted in FIG. 47.

When the encrypted fingerprint information is decrypted, the biometric information management server 4200 may identify a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 4200). Check the code (4726).

If the user identification code corresponding to the decrypted fingerprint information is confirmed (4728), the biometric information management server 4200 transmits the identified unique identification code to the server (4730), while the decryption If the user identification code corresponding to the fingerprint information is not confirmed, the biometric information management server 4200 may notify the server that there is no corresponding identification code (4732).

When the user identification information corresponding to the encrypted fingerprint information is received from the biometric information management server 4200, the server transmits the received user identification information to the card company server 4100 (4734).

When the user unique identification information is received, the card company server 4100 checks user information corresponding to the card information, and compares the identified user information with the user unique identification information to perform user authentication (4736). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

48 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 48 encrypts biometric information input from a card user in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.), and encrypts the encrypted biometric information and the user card information. And a payment approval request message including payment information (e.g., payment amount) to a server (e.g., a VAN company server, etc.) on a network (e.g., a VAN company), the payment approval request details are stored in the user card information Provided to the corresponding card company server, and when the payment approval response for the payment approval request is received from the card company server, the server constitutes a sales slip including the payment approval details, the sales slip and the encrypted user biometrics The user card included in the sales slip from the card company server after storing the information in a predetermined storage medium by linking processing information When requesting the card user confirmation by use, etc., the server confirms the requested sales slip and confirms the encrypted user biometric information associated with the sales slip, thereby confirming the encrypted user biometric information and the When the card information is transmitted to a predetermined biometric information management server, the encrypted biometric information is decrypted by the biometric information management server to confirm user unique identification information corresponding to the biometric information, and the identified user unique identification information is stored. When transmitting to the card company server corresponding to the card information, an implementation method for a system configuration for performing the card user identity through the transmitted user unique identification information from the card company server, the present invention generally Those skilled in the art can refer to and / or modify this drawing 48 to various User credentials would be able to infer the processing system configuration, the present invention includes all embodiments in which the inference method, not limited to the exemplary method shown in the figure 48.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 48, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. When the card user requests payment of a predetermined user, the card user may receive the biometric information through the biometric information input means. Acquiring the biometric information of the user, encrypting the obtained biometric information, and constructing a full payment approval request message including card information (eg, a credit card number) read out from the user card and predetermined payment information; At least one of transmitting the configured payment approval request message and the encrypted user biometric information to a server on the network; It characterized in that provided on the merchants.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal, the payment approval request from the card company server. Receiving a payment approval response corresponding to the, and the payment approval history and the encrypted user biometric information in association with the stored, and if the card company request to confirm the card user (for example, card misuse, etc.), And transmitting the received encrypted biometric information and the user card information to a predetermined biometric information management server.

The biometric information management server is connected to the server via a predetermined network, receives encrypted user biometric information and user card information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. And identifying the user unique identification information corresponding to the user biometric information, and transmitting the identified user unique identification information to a card company server corresponding to the received user card information.

Here, the biometric information management server may be linked to the biometric information registration server shown in FIG. 1 or may include a storage medium shown in FIG.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server to confirm the user's card for which the user's card is used for confirmation, and the user's unique identification information from the biometric information management server. (E.g., name, social security number, insurance number, driver's license number, financial transaction information, etc.) is received, the card user information associated with the confirmed card information is inquired, and the user's unique identification information is the card user whose inquiry is made. Verifying that information conforms to the identity of the card user. All.

49 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

More specifically, FIG. 49 is connected to the payment terminal shown in FIG. 34 through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal. And transmitting the payment approval details included in the full payment approval request message to a card company server corresponding to the user card, receiving a payment approval response from the card company server, and a sales slip including the payment approval details and the encrypted user. The biometric information is linked and stored, and when the card company server is requested to confirm the illegal use of the card included in the sales slip, the encrypted user biometric information associated with the sales slip is checked to confirm the encrypted user. On the network for transmitting the biometric information and the user card information to a predetermined biometric information management server As a method for implementing a server (for example, a VAN server, etc.), a person having ordinary knowledge in the art to which the present invention pertains can refer to and / or modify this drawing 49 and deny the card included in the sales slip. According to the usage confirmation request, various server configurations for transmitting encrypted biometric information and user card information corresponding to the sales slip to a predetermined biometric information management server may be inferred. It is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 49 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 49, the server includes a receiver 4905, a reader 4910, a specialized processor 4915, an approval request unit 4920, a biometric information processor 4935, and a sales information processor 4825. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 4905 has a payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. 34. And receiving encrypted fingerprint information of the user input through the payment terminal, transferring the received payment approval request text to the reader 4910, and transmitting the encrypted fingerprint information to the biometric information processor 4955. To pass.

The reading unit 4910 may read the payment approval request text and receive user card information included in the payment approval request text (for example, a credit card) when the payment approval request text received through the receiving section 4905 is delivered. Number, etc.), the card company information corresponding to the confirmed card information is confirmed, and the confirmed card company information and the payment approval request details are transmitted to the approval request unit 4920.

The approval request unit 4920, when the payment approval request details and the card company information is transmitted through the reading unit 4910, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

The information processing unit, when the payment approval response for the payment approval request is received from the card company server through the approval request unit 4920, according to the response result, configures a sales slip including the payment approval history, The data is processed in association with the encrypted user fingerprint information to be stored in a predetermined storage medium through the information storage unit 4930.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The biometric information processing unit 4937 transmits the encrypted fingerprint information and the user card information associated with the sales slip to the biometric information management server in response to a request for confirming the unauthorized use of the card included in the sales slip from the card company server. .

The expert processing unit 4915 receives the payment approval response received through the approval request unit 4920, configures a payment approval response message to be transmitted to the payment terminal, and transfers the configured payment approval response message to the payment terminal. send.

The information storage unit 4930 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

50 is a diagram illustrating a functional configuration of a card company server 5000 according to an exemplary embodiment of the present invention.

More specifically, the drawing 50 is connected to the server shown in the drawing 49 to a predetermined network (e.g., payment network, etc.), and when the payment approval request details are received from the server, the payment corresponding to the payment approval request details If an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for confirmation of unauthorized use of the card is made to the server, and the card user is requested from a predetermined biometric information management server. An embodiment of the present invention relates to a card company server 5000 configured to perform identity verification for the card user by receiving the unique identification information and confirming that the user identification information corresponds to the card user information. Those skilled in the art can refer to and / or modify this drawing 50 from the server. Various card company servers for comparing the transmitted user unique identification information and the user information stored in the card user information (customer information) DB (or storage medium) to authenticate the card user in response to a request for confirming the unauthorized use of the card ( 5000) The configuration may be inferred, but the present invention includes all the implementation methods inferred above and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 50 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 50, the card company server 5000 may include a receiver 5005, a reader 5010, a professional processor 5015, a user authenticator 5020, a limit checker 5030, and information storage. It may be configured to include a portion 5025, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 5005 receives a payment approval request history of a predetermined card user from the server shown in FIG. 49 and transfers the received payment approval request details to the reading unit 5010.

The reading unit 5010 reads the payment approval request history received through the receiving unit 5005, confirms user card information, and checks the confirmed card information and payment approval request details (for example, payment amount). Characterized in that the transfer to the limit check unit 5030.

The limit checking unit 5030 checks the payment limit information corresponding to the card information when the user card information and payment approval request details (for example, payment amount) are transmitted through the reading unit 5010, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is delivered to the specialized processing unit 5015, and the result of the determination is transmitted to the information storage unit 5025 to the card company DB (or storage). Media).

The specialized processing unit 5015 may be configured to transmit the payment approval response details including the transmitted details to the server when the settlement result of the settlement is delivered through the limit checking unit 5030.

When the user authentication unit 5020 is required to confirm the illegal use of the user card, the user authentication unit 5020 requests the user's unique identification information according to the request for the unauthorized use of the card, and the user from a predetermined biometric information management server When the user specific identification information corresponding to the card information is transmitted, the user identification information for the transaction is performed by comparing the transmitted user unique identification information with the card user information.

51 is a diagram showing the functional configuration of the biometric information management server 5100 according to an embodiment of the present invention.

In more detail, FIG. 51 is connected to the server shown in FIG. 49 through a predetermined network (eg, a VAN, etc.), and receives predetermined encrypted user biometric information and user card information from the server. A biometric that decrypts the encrypted user biometric information, verifies user unique identification information corresponding to the decrypted user biometric information, and transmits the identified user unique identification information to a card company server 5000 corresponding to the card information. As an implementation method for the configuration of the information management server 5100, those of ordinary skill in the art to which the present invention pertains can refer to and / or modify this figure 51 to decrypt the encrypted biometric information to decode the user biometric information. Although various server configurations may be inferred for identifying user unique identification information corresponding to the present invention, It includes all implementation methods and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 51 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 51, the biometric information management server 5100 may include an information receiver 5105, a decoder 5110, an information transmitter 5115, and an information checker 5120. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 5105 receives predetermined encrypted biometric information and user card information from the server shown in FIG. 49, and transmits the received encrypted biometric information to the decryption unit 5110. do.

The decryption unit 5110 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 5105 is transmitted. 5120).

An encrypted biometric information decryption process of the decryption unit 5110 will be described with reference to FIGS. 43 and 46.

When the encrypted biometric information is decrypted by the decryption unit 5110, the information checking unit 5120 checks (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 5115.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information verification unit 5120, the information transmission unit 5115 transfers the transferred user identification information to the card information. It transmits to the corresponding card company server 5000.

52 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

More specifically, the process shown in FIG. 52 is performed on the user authentication information processing system shown in FIG. 48, and in a payment terminal equipped with a predetermined biometric information input means (eg, fingerprint recognition means, etc.). A server on a network (for example, a VAN) encrypts biometric information input from a card user, and transmits a payment approval request message including the encrypted biometric information and the user card information and payment information (for example, a payment amount). For example, the VAN company server, etc.), the payment approval request details are provided to the card company server 5000 corresponding to the user card information, and the payment approval response for the payment approval request is received from the card company server 5000. When received, the server configures a sales slip including the payment approval details, and the sales slip and the encrypted user biometric information. After the cooperative process is stored in a predetermined storage medium, when the card user confirmation is requested from the card company server 5000 by the illegal use of the user card included in the sales slip, the server check the sales slip requested And confirming the encrypted user biometric information associated with the sales slip, and transmitting the identified encrypted user biometric information and the card information to a predetermined biometric information management server 5100, the biometric information management server. When the encrypted biometric information is decrypted at 5100 to confirm user unique identification information corresponding to the biometric information, and the identified user unique identification information is transmitted to the card company server 5000 corresponding to the card information. For the process of performing the card user's own authentication through the user identification information transmitted from the card company server 5000 As a method of implementation, one of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 52 to infer various user authentication information processing processes, but the present invention is intended to implement all the inferred embodiments. It includes a method, and is not limited to the embodiment shown in FIG.

According to the user authentication information processing shown in FIG. 52, the payment terminal shown in FIG. 34 reads card information from the user card, checks payment information input through a predetermined key input means (5200), and The user waits for the user fingerprint information input through the fingerprint input means (5202).

When the fingerprint information of the card user is input (5204), the payment terminal generates a payment approval request text including card information and payment information (5206), and inputs the input user fingerprint information in FIGS. 36 to 39. Encrypt as shown (5208).

The encryption process of the fingerprint information will be described with reference to the contents described with reference to FIGS. 36 to 39, and detailed description of the fingerprint information encryption process will be omitted in FIG. 52.

The payment terminal transmits the generated payment approval request text and the encrypted user fingerprint information to a server on a network (5210), and the server transmits the payment approval request details included in the received payment approval request text to a card company server ( 5000) to request approval (5212).

When the payment approval response corresponding to the approval request is received from the card company server 5000, the server transmits a payment approval response message to the payment terminal (5214), and a sales slip including the payment approval details. The encrypted user fingerprint information is stored in a cooperative process (5216).

Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 5000 (5218), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. In operation 5320, the encrypted user fingerprint information and the user card information are transmitted to the biometric information management server 5100, and the user unique identification information corresponding to the fingerprint information is requested in operation 5122.

The biometric information management server 5100 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 43 to 46 corresponding to the encryption method of the payment terminal (5224).

The decryption process of the encrypted fingerprint information will be described with reference to the contents described with reference to FIGS. 43 to 46, and detailed description thereof will be omitted in FIG.

When the encrypted fingerprint information is decrypted, the biometric information management server 5100 identifies a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 5100). Check the code (5226).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (5228), the biometric information management server 5100 sends the identified unique identification code to the card company server 5000 corresponding to the user card information. If the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 5100 sends the corresponding unique identification code to the server (or the card company server 5000). It may be notified (5232).

When the user identification information is received, the card company server 5000 checks user information corresponding to the card information, and compares the identified user information with the user identification information to perform user authentication (5234). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

53 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 53 encrypts biometric information input from a card user in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.), and encrypts the encrypted biometric information and the user card information. And a payment approval request message including payment information (e.g., payment amount) to a server (e.g., a VAN company server, etc.) on a network (e.g., a VAN company), the payment approval request details are transferred to the user card information. Provided to the corresponding card company server 5000, and when the payment approval response for the payment approval request is received from the card company server 5000, the server constitutes a sales slip including the payment approval history, the sales The document and the encrypted user biometric information are processed in association with a predetermined storage medium, and then used in the sales slip from the card company server 5000. When requesting the card user confirmation due to the illegal use of a card, the server confirms the requested sales slip, checks the encrypted user biometric information associated with the sales slip, and confirms the encrypted user biometric. When information is transmitted to the card company server 5000, the encrypted user biometric information is transmitted from the card company server 5000 to a predetermined biometric information management server 5100, and the biometric information management server 5100. When the encrypted biometric information is decrypted, the user unique identification information corresponding to the biometric information is confirmed, and the identified user unique identification information is transmitted to the card company server 5000, and the card company server 5000 transmits the identification information. As an implementation method for a system configuration for performing the card user's own authentication through the unique user identification information, the present invention Those skilled in the art will be able to infer various user authentication information processing system configurations by referring to and / or modifying the drawing 53, but the present invention includes all the inferred implementation methods. It is not limited to the implementation method shown in FIG.

Referring to FIG. 53, in the user authentication information processing system according to an embodiment of the present invention, a payment terminal, a server, a biometric information management server 5100, and a card company server 5000 (or a financial company server) are connected to each other through a predetermined network. The payment terminal includes a predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and inputs the biometric information when a user requests a card payment of a predetermined user. Means for acquiring the biometric information of the card user through the means, encrypting the obtained biometric information for the card user, and including a card information (eg, a credit card number, etc.) read from the user card and predetermined payment information. Write a full message to transmit the configured payment approval request full text and the encrypted user biometric information to a server on the network. It characterized in that provided in at least one merchant.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal, the card company server 5000 receives the information. Receiving a payment approval response corresponding to a payment approval request, and storing and processing the payment approval history and the encrypted user biometric information, and receives the card user confirmation from the card company server 5000 (for example, Card misuse, etc.), and transmits the received encrypted biometric information to the card company server 5000.

The biometric information management server 5100 is connected to the card company server 5000 through a predetermined network, receives predetermined encrypted user biometric information from the card company server 5000, and receives the received encrypted user biometric information. And decrypts the user unique identification information corresponding to the decrypted user biometric information, and transmits the identified user unique identification information to the card company server 5000.

Here, the biometric information management server 5100 may be linked to the biometric information registration server shown in FIG. 1 or may include a storage medium shown in FIG.

In addition, in the present invention, the biometric information registration server and the biometric information management server 5100 are separately illustrated in order to more effectively explain the registration and management of biometric information. However, the biometric information registration server and the biometric information management server 5100 are illustrated. It is specified that the same server, or may be provided in the same institution.

The card company server 5000 (or the financial company server) is connected to the server through a predetermined network (eg, a payment network, etc.), and when a full payment approval request message is received from the server, the card company server 5000 (or the financial company server) corresponding to the received payment approval request is received. Provide a payment approval response to the server, and when the user is requested to confirm the illegal use of the user card, request the user to confirm the user's card that the user needs to confirm the illegal use, and the encrypted user biometric from the server. When the information is received, the received encrypted user biometric information is transmitted to a predetermined biometric information management server 5100, and the user unique identification information (for example, name, social security number, insurance number) from the biometric information management server 5100. Call, driver's license number, financial transaction information, etc.), the card user information associated with the confirmed card information is inquired W, by conforming to ensure that the user-specific identification information of inquiry with your card information and features to perform identity authentication for the card user.

54 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

More specifically, FIG. 54 is connected to the payment terminal shown in FIG. 34 through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal. Receiving a payment approval response included in the full payment approval request to the card company server 5000 corresponding to the user card, receives a payment approval response from the card company server 5000, the sales including the payment approval history The document and the encrypted user biometric information are processed in association with each other, and when the card company server 5000 requests the unauthorized use of the card included in the sales slip, the encrypted user biometric information associated with the sales slip is requested. A server on the network (for example, a VAN) that checks and transmits the encrypted user biometric information to the card company server 5000. Server, etc.), a person having ordinary knowledge in the technical field to which the present invention pertains can refer to and / or modify this drawing 54 in response to a request for confirming unauthorized use of a card included in the sales slip. In addition, it is possible to infer various server configurations for transmitting encrypted biometric information and user card information corresponding to the sales slip to a predetermined biometric information management server 5100, but the present invention includes all the inferred implementation methods. However, the present invention is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 54 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. The function configuration unit specifies that it may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 54, the server includes a receiving unit 5405, a reading unit 5410, a specialized processing unit 5415, an approval request unit 5520, a biometric information processing unit 5535, and a sales information processing unit 5525. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 5405 is a full payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. 34. And receiving encrypted fingerprint information of the user input through the payment terminal, transferring the received payment approval request text to the reader 5510, and transmitting the encrypted fingerprint information to the biometric information processor 5535. To pass).

When the payment approval request message received through the reception unit 5405 is delivered, the reading unit 5410 reads the payment approval request message and stores user card information (eg, a credit card) included in the payment approval request message. Number, etc.), and the card company information corresponding to the confirmed card information, and then the confirmed card company information and the payment approval request details are transmitted to the approval request unit 5520.

The approval request unit 5520, when the payment approval request details and the card company information are transmitted through the reading unit 5410, transmits the payment approval request details to the card company server 5000 to approve the payment. Request, and receives a payment approval response to the payment approval request from the card company server 5000.

The information processing unit, when the payment approval response for the payment approval request is received from the card company server 5000 through the approval request unit 5520, according to the response result, the sales slip including the payment approval history; In this case, the information is stored in a predetermined storage medium through the information storage unit 5430 in association with the encrypted user fingerprint information.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The biometric information processing unit 5535 checks the encrypted fingerprint information associated with the sales slip in response to a request for confirming the unauthorized use of the card included in the sales slip from the card company server 5000, and thereby confirms the encrypted fingerprint. Information is transmitted to the card company server 5000.

The specialized processing unit 5415 receives the payment approval response received through the approval request unit 5520, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send.

The information storage unit 5430 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

55 is a diagram showing the functional configuration of a card company server 5500 according to an embodiment of the present invention.

In more detail, the drawing 55 is connected to the server shown in the drawing 54 by a predetermined network (eg, a payment network). When the payment approval request details are received from the server, the payment corresponding to the payment approval request details is shown. If an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for unauthorized use confirmation of the card is made to the server, and the encrypted user biometric information is received from the server. Receiving and transmitting the received encrypted user biometric information to a predetermined biometric information management server 5100, receiving the card user unique identification information from the biometric information management server 5100, The card company performing identity verification for the card user by checking whether the card user information is met. (5500) As an implementation method for the configuration, a person having ordinary knowledge in the art to which the present invention pertains may refer to and / or modify this figure 55 and the user unique identification information and the card user information (transmitted from the server). Customer information) By comparing the user information stored in the DB (or storage medium), it is possible to infer the configuration of the various card company server (5500) for authenticating the card user in response to the request for confirming the unauthorized use of the card, but the present invention Includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In addition, although the card company server 5500 illustrated in FIG. 55 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention. At least one functional component is provided that it can be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 55, the card company server 5500 includes a receiver 5505, a reader 5510, a professional processor 5515, a user authentication unit 5520, a limit check unit 5530, and information storage. It may be configured to include a section 5525, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 5505 receives the payment approval request details of a predetermined card user from the server shown in FIG. 54 and transfers the received payment approval request details to the reading unit 5510.

The reading unit 5510 reads the payment approval request history received through the receiving unit 5505 to confirm user card information, and checks the confirmed card information and payment approval request details (for example, payment amount). Characterized in that the transfer to the limit check unit 5530.

The limit checking unit 5530, when the user card information and payment approval request details (for example, payment amount, etc.) are transmitted through the reading unit 5510, checks the payment limit information corresponding to the card information, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is delivered to the specialized processor 5515, and the decision result is transmitted to the information storage unit 5525 and the card company DB (or stored). Media).

When the result of the settlement determination is delivered through the limit checking unit 5530, the specialized processor 5515 constructs a payment approval response detail including the transferred details and transmits the details to the server.

When the user authentication unit 5520 is requested to confirm the illegal use of the user card, the user authentication unit 5520 requests the user's unique identification information according to the request for the unauthorized use of the card from the server, thereby encrypting the user's encrypted biometrics from the server. When the information is received, the encrypted biometric information is transmitted to a predetermined biometric information management server 5100 to request user identification information corresponding to the encrypted biometric information. When the user specific identification information corresponding to the user card information is transmitted, the user identification information for the transaction is performed by comparing the transmitted user unique identification information with the card user information.

56 is a diagram showing the configuration of the biological information management server 5600 according to an embodiment of the present invention.

More specifically, FIG. 56 is connected to the card company server 5500 shown in FIG. 55 through a predetermined network, receives predetermined user biometric information from the card company server 5500, and receives the received encryption. A biometric information management server 5600 configured to decrypt the user biometric information, verify user unique identification information corresponding to the decrypted user biometric information, and transmit the identified user unique identification information to the card company server 5500. As a method for implementing the present invention, a person having ordinary knowledge in the art to which the present invention pertains may refer to and / or modify this figure 56 to decrypt the encrypted biometric information to identify the user unique identification information corresponding to the user biometric information. It will be possible to infer various server configurations to confirm, but the present invention includes all implementation methods inferred and If it not limited by the exemplary process shown in 56.

In addition, although the server illustrated in FIG. 56 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. The function configuration unit specifies that it may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 56, the biometric information management server 5600 may include an information receiver 5505, a decoder 5610, an information transmitter 5615, and an information confirmer 5620. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 5560 receives predetermined encrypted biometric information from the card company server 5500 illustrated in FIG. 55, and transmits the received encrypted biometric information to the decryption unit 5610. do.

The decryption unit 5610 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 5560 is transferred. 5620).

An encrypted biometric information decryption process of the decryption unit 5610 will be described with reference to FIGS. 43 and 46.

When the encrypted biometric information is decrypted by the decryption unit 5610, the information checking unit 5620 checks (or extracts) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 5615.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information verification unit 5620, the information transmission unit 5615 transfers the transferred user identification information to the card company server ( 5500).

57 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

More specifically, the process shown in FIG. 57 is performed on the user authentication information processing system shown in FIG. 53, and in a payment terminal provided with a predetermined biometric information input means (eg, fingerprint recognition means, etc.). A server on a network (for example, a VAN) encrypts biometric information input from a card user, and transmits a payment approval request message including the encrypted biometric information and the user card information and payment information (for example, a payment amount). For example, VAN company server, etc.), the payment approval request details are provided to the card company server (5500) corresponding to the user card information, the payment approval response for the payment approval request from the card company server (5500) When received, the server configures a sales slip including the payment approval details, and converts the sales slip and the encrypted user biometric information. After the cooperative process is stored in a predetermined storage medium, when the card user confirmation is requested from the card company server (5500) by the illegal use of the user card included in the sales slip, the server checks the sales slip requested Check and confirm the encrypted user biometric information associated with the sales slip, and transmit the confirmed encrypted user biometric information to the card company server 5500, and the transmitted encryption from the card company server 5500. Transmits the user biometric information to a predetermined biometric information management server 5600, decrypts the encrypted biometric information at the biometric information management server 5600, and verifies user unique identification information corresponding to the biometric information, When the confirmed user unique identification information is transmitted to the card company server 5500, the card company server 5500 transmits the user unique expression. As a method for performing the card user's own authentication through the information, a person having ordinary knowledge in the technical field to which the present invention pertains can refer to and / or modify this drawing 57 to perform various user authentication information processing processes. It may be inferred, but the present invention includes all implementation methods inferred from the above, and is not limited to the implementation method shown in FIG.

According to the user authentication information processing shown in FIG. 57, the payment terminal shown in FIG. 34 reads card information from the user card, confirms payment information input through a predetermined key input means (5700), and The fingerprint input means waits until the user fingerprint information input (5702).

When fingerprint information of the card user is input (5704), the payment terminal generates a payment approval request message including card information and payment information (5706), and inputs the user fingerprint information to the drawings 36 to 39. Encrypt as shown (5708).

The encryption process of the fingerprint information will be described with reference to the contents described with reference to FIGS. 36 to 39. In FIG. 57, detailed description of the fingerprint information encryption process will be omitted.

The payment terminal transmits the generated payment approval request message and the encrypted user fingerprint information to a server on a network (5710), and the server transmits the payment approval request details included in the received payment approval request message card company server ( 5500) to request approval (5712).

When the payment approval response corresponding to the approval request is received from the card company server 5500, the server transmits a full payment approval response message to the payment terminal (5714) and a sales slip including the payment approval details. The encrypted user fingerprint information is stored in a cooperative process (5716).

Thereafter, when the server is requested to confirm fraudulent use of the card included in the sales slip from the card company server 5500 (5718), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the misuse. In operation 5720, the encrypted user fingerprint information is transmitted to the card company server 5500 in operation 5722.

Then, the card company server 5500 transmits the transmitted encrypted user fingerprint information to the biometric information management server 5600 (5724), and the biometric information management server 5600 transmits the received encrypted fingerprint information. In response to the encryption method of the payment terminal, the decryption process is performed through the decryption process as shown in FIGS. 43 to 46 (5726).

The decryption process of the encrypted fingerprint information will be described with reference to the contents described with reference to FIGS. 43 to 46, and detailed description thereof will be omitted in FIG.

When the encrypted fingerprint information is decrypted, the biometric information management server 5600 may identify a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 5600). Check the code (5728).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (5730), the biometric information management server 5600 transmits the identified unique identification code to the card company server (5500) (5734), On the other hand, if the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biological information management server 5600 may notify the server (or card company server 5500) that the corresponding unique identification code is missing. (5732).

When the user unique identification information is received, the card company server 5500 checks user information corresponding to the card information, and compares the identified user information with the user unique identification information to perform user authentication (5736). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

58 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 58 illustrates a network of payment approval request messages including user card information and payment information (eg, payment amount) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.). When transmitted to a server (eg, a VAN company server, etc.) on the server (eg, a VAN company), the payment approval request history is provided to a card company server corresponding to the user card information, and the payment for the payment approval request is made from the card company server. When the approval response is received, the biometric information input from the card user is encrypted, and the encrypted biometric information is transmitted to the server, and the sales slip including the payment approval details is configured by the server, and the sales slip and The encrypted user biometric information is cooperatively processed and stored in a predetermined storage medium, and then included in the sales slip from the card company server. When requesting the card user confirmation due to the illegal use of the user card, the server checks the sales slip requested by the server, and checks the encrypted user biometric information associated with the sales slip, thereby verifying the encrypted Send user biometric information to a predetermined biometric information management server, request confirmation of user unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information, When the biometric information management server decrypts the encrypted biometric information to confirm user unique identification information corresponding to the biometric information, and transmits the identified user unique identification information to the server, the confirmed user on the server The unique identification information is transmitted to the card company server, so that the user uniqueness transmitted from the card company server As an implementation method for a system configuration for performing the card user's own identity through identification information, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to FIG. 58 and / or modify various user authentication information. Although the configuration of the processing system can be inferred, the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 58, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and card information read from the user card (eg, when the card user requests payment of a predetermined user). Credit card number) and a predetermined payment approval request message including predetermined payment information, and transmits the configured payment approval request message to a server on the network, and the payment approval corresponding to the payment approval request message is received from the server. When the response message is received, the biometric information of the card user is obtained through the biometric information input means, and the stroke And encrypting the obtained user biometric information and transmitting the encrypted user biometric information to a server on the network.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal, the payment approval request from the card company server. Receiving a payment approval response corresponding to the, and the payment approval history and the encrypted user biometric information in association with the stored, and if the card company request to confirm the card user (for example, card misuse, etc.), Sending the received encrypted biometric information to a predetermined biometric information management server, requesting user unique identification information corresponding to the biometric information, and transmitting the user unique identification information corresponding to the biometric information from the biometric information management server. If so, it is characterized in that for transmitting the transmitted unique user identification information to the card company server It shall be.

The biometric information management server is connected to the server through a predetermined network, receives encrypted user biometric information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. Identifying the user unique identification information corresponding to the, characterized in that for transmitting the identified user unique identification information to the server.

Here, the biometric information management server may be linked with the biometric information registration server shown in FIG. 1 or may include a storage medium shown in FIG.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server for user confirmation of the card for which the user's illegal use is requested, and receiving the user's unique identification information (e.g., Name, resident registration number, insurance number, driver's license number, financial transaction information, etc.), the card user information associated with the confirmed card information is queried, and the user's unique identification information corresponds to the inquired card user information. By confirming that the identity of the card user, characterized in that to perform.

59 is a diagram showing the function of the payment terminal 5900 according to another embodiment of the present invention.

In more detail, in Fig. 59, in the payment terminal 5900 shown in Fig. 58, the payment terminal 5900 includes predetermined fingerprint recognition means for acquiring card payment customer fingerprint information. When a card payment request is made, a payment approval request message including a card information (eg, a credit card number, etc.) read out from the payment customer card and predetermined payment information are configured, and the configured payment approval request message is included in the VAN company on the network. Transmitting to the server, and maintaining a communication session with the VAN company server until the fingerprint information of the payment customer is obtained through the fingerprint recognition means, and when the payment customer fingerprint information is obtained, through the maintained communication session. The present invention relates to an implementation method having a function configuration for transmitting payment customer fingerprint information to the VAN company server. If the person having knowledge of the above, after the completion of the approval response to the payment approval request full text by referring to and / or modifying the Figure 59, the payment terminal 5900 function for transmitting the payment customer fingerprint information to the VAN company server on the network Although the configuration can be inferred, it is to be understood that the technical features of the present invention are not limited by the present invention, but include all the inferred implementation methods.

Referring to FIG. 59, the payment terminal 5900 basically includes a control unit 5905, a memory unit 5950, a card reader 5910, a key input unit 5920, a screen output unit 5915, and a fingerprint input unit ( 5955, a communication processing unit 5930, a print output unit 5940, and a power supply unit 5525 for supplying power to the payment terminal 5900, and at least one terminal function according to the intention of a person skilled in the art. Part (eg, security application module 5535, etc.) may be further included.

The control unit 5905 controls the overall operation of the payment terminal 5900 shown in the functional configuration, manages the flow of information or data between each component, and card information (eg, credit card) read from the payment customer card. Number, etc.) and predetermined payment information is transmitted to the VAN company server, and when an approval response message corresponding to the payment approval request is received, the communication session with the VAN company server is not terminated. And interworking and controlling at least one component provided in the payment terminal 5900 to transmit payment customer fingerprint information input from the fingerprint input unit 5955 to the VAN server. The payment terminal 5900 may include at least one processor and execution memory including a central processing unit (CPU) and a micro processing unit (MPU) in hardware. (Eg, a register and / or random access memory (RAM)) and a bus for inputting and outputting predetermined data.

 In addition, the payment terminal 5900 is loaded into the execution memory from a predetermined recording medium to perform a function specific to the payment terminal 5900 by a predetermined program routine (operation processing by the processor ( Transmit the full payment approval request message including the routine information and / or the program data (thus, the card information read from the payment customer card (eg, credit card number, etc.) and predetermined payment information to the VAN company server). When the approval response message corresponding to the payment approval request is received, to transmit payment customer fingerprint information input from the fingerprint input unit 5955 to the VAN server without ending the communication session with the VAN company server. Of the predetermined program recorded on the recording medium provided in the payment terminal 5900, and / or the functional configuration provided in the payment terminal 5900 A standing software process as a possible component can be made by also shown to be provided in the control section (5905)).

According to the exemplary embodiment of the present invention, the control unit 5905 may include components (for example, the memory unit 5950, the card reader unit 5910, the key input unit 5920, and the fingerprint input unit included in the payment terminal 5900). (5955) and the screen output unit 5915, the communication processing unit 5930, the security application module (5935) and the print output unit (5940) and / or the terminal functional unit (not shown) according to the intention of those skilled in the art Control and manage the provision of the electronic payment service defined in the payment terminal 5900, as well as card information (eg, credit card number, etc.) and predetermined payment information read from the payment customer card according to the present invention. The payment approval request message is transmitted to the VAN company server, and when an approval response message corresponding to the payment approval request is received, the fingerprint input unit 5955 does not terminate the communication session with the server. Payment amount entered In order to transmit the guest fingerprint information to the VAN company server, the components provided in the payment terminal 5900 interoperate with each other, or a program recorded in a recording medium provided in the payment terminal 5900 for this purpose. It is preferable to carry out.

The memory unit 5950 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the payment terminal 5900 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, the predetermined program routine and program data required for the control unit 5905 to perform a predetermined control function (for example, data input or output for the program routine to perform a predetermined function) ) Is stored.

According to an embodiment of the present invention, the memory unit 5950 may include card information (eg, a credit card number, etc.) read out from the payment customer card by the payment terminal 5900 according to the present invention, and predetermined payment information. Transmits a payment approval request message configured to the VAN company server, and receives an approval response message corresponding to the payment approval request, inputting from the fingerprint input unit 5955 without ending the communication session with the VAN company server. It is preferable to store information (or data) generated or required in the process of transmitting the output payment customer fingerprint information to the VAN company server.

The payment customer card that reads payment customer card information (eg, credit card number, etc.) included in the full payment approval request message through the payment terminal 5900 may be a contact IC card based on ISO / IEC 7816 standard. Or a wireless IC chip), and / or a card including at least one contactless IC card (or wireless IC chip) based on ISO / IEC 14443, wherein the card reader 5910 is the customer. An interface for reading at least one or more information or data included in the card may be provided.

According to the exemplary embodiment of the present invention, the card reader 5910 may be a contact IC reader that provides an interface between the contact IC card and the payment terminal 5900, or the contactless IC card and the payment terminal 5900. A contactless IC reader may be provided to provide an interface between the terminals.

In the present invention, the card reader 5910 is shown as being provided in the payment terminal 5900, but any one or more card readers 5910 of the card reader 5910 is the payment terminal 5900. It is noted that it can be detached from or connected via a predetermined cable.

For example, when the contact IC reader unit is a card reader unit 5910 based on ISO / IEC 7816, at least one or more electrical contact forms a contact with a chip on board (COB) provided in the contact IC card. It comprises a contact point, and supplies power to the IC chip of the customer card through the contact point, and predetermined information from the IC chip through the half-duplex transaction using an Application Protocol Data Unit (APDU) (Eg, a credit card number, etc.) or data may be interfaced to the payment terminal 5900.

According to another exemplary embodiment of the present invention, when the fingerprint information of the customer is mounted in the payment customer IC card, the contact IC reader unit interfaces the payment customer fingerprint information to the payment terminal 5900 from the IC card. can do.

In addition, when the contactless IC reader unit is a card reader unit 5910 based on ISO / IEC 14443, the contactless electrical contact with the contactless IC card using capacitive coupling and / or inductive coupling, etc. It comprises at least one antenna to form a power supply, the power supply to the IC chip of the customer card through the antenna, and predetermined information from the IC chip through the half-duplex transaction using the APDU ( For example, a credit card number, etc.) or data may be interfaced to the payment terminal 5900.

According to another exemplary embodiment of the present invention, when the fingerprint information of the customer is mounted in the payment customer IC card, the contactless IC reader unit may interface the payment customer fingerprint information to the payment terminal 5900 from the IC card. Can be.

In addition, the payment terminal 5900 may further include an MS reader, wherein the MS reader is a card reader 5910 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil. Head), and the MS card in which predetermined information (e.g., magnetized binary data) is recorded is moved in a predetermined direction in close contact with the magnetic head (or the magnetic head records predetermined information). The mobile terminal is brought into close contact with the MS card), and a predetermined information or data is transmitted from at least one track provided in the MS of the MS card by using a predetermined electrical signal loaded on the magnetic head. Can be interfaced with

The key input unit 5920 may include at least one key button including at least one number key and / or a character key and / or a function key. Detects information (or a signal) input from a key input device of a predetermined key and is provided to the key input device in a specific input mode and / or operation mode of the payment terminal 5900 controlled by the controller 5905. When predetermined information (or signal) is input from the key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 5905. The controller 5905 obtains predetermined key data corresponding to the key event in the current input mode and / or operation mode of the payment terminal 5900, and / or is matched with the key event and defined. Characterized in that for obtaining a command to execute a predetermined function.

Here, the key input unit 5920 and the key input device having at least one key button interoperate with each other to perform a function of key input means provided in the payment terminal 5900.

The key input device which is interlocked with the key input unit 5920 may include a keypad device having at least one numeric key and a function key, and / or at least one numeric key and a character key (eg, English character key, and / or Korean character). Key) and / or a keyboard device having a function key, and / or having at least one numeric key and a function key in conjunction with the screen output means, and / or having at least one numeric key, a character key and a function key. It is preferable to include at least one touch screen device.

For example, the key input unit 5920 may receive a key data (eg, a payment amount) corresponding to the electronic payment service from at least one or more key input devices for the electronic payment service defined in the payment terminal 5900. It is preferable to perform a function of an input means, and furthermore, according to the present invention, a VAN completes a payment approval request message including card information (eg, credit card number, etc.) read from the payment customer card and predetermined payment information. If the transmission is sent to the server, and the approval response message corresponding to the payment approval request is received, the payment customer fingerprint information input from the fingerprint input unit 5955 without ending the communication session with the VAN company server, the VAN company It is preferable to perform the function of the key input means for receiving at least one or more key data required in the process of transmitting to the server.

The screen output unit 5915 is a liquid crystal display (LCD) by the controller 5905 in the process of the payment terminal 5900 performs a predetermined function (for example, payment customer fingerprint information processing function, electronic payment processing function, etc.). At least one information or data that is predefined or defined in real time to be output to a predetermined display device including a display and / or a CRT (Cathode Ray Tube), and is output through a predefined interface screen. The screen output unit 5915 and the screen output device interoperate with each other to perform a function of a screen output means provided in the payment terminal 5900.

Predefined information or data to be output from the payment terminal 5900 to the screen output device may include key data input through the key input unit 5920 and / or components included in the payment terminal 5900. Information (or data) stored or generated by the information, information (or data) transmitted / received through the communication processor 5930, and / or information corresponding to a predetermined operation result performed by the payment terminal 5900 (or Data) and at least one.

According to a preferred embodiment of the present invention, the screen output unit 5915 performs a function of a screen output means for outputting a predetermined processing screen according to the fingerprint information processing and electronic payment steps defined in the payment terminal 5900. .

When a customer inputs a fingerprint through a predetermined fingerprint recognition (or input) device, the fingerprint input unit 5955 scans the customer fingerprint and transfers the scanned customer fingerprint data to the controller 5905.

The communication processor 5930 may perform a payment network (eg, a value added network (VAN)) while the payment terminal 5900 performs a predetermined function (for example, a fingerprint information processing function or an electronic payment processing function). Communication with a VAN company server or a terminal (or device) connected to the payment terminal 5900 and a predetermined cable or a terminal (or device) connected to the payment terminal 5900 through a predetermined short-range wireless communication. It provides a predetermined communication means for connecting a session, and a communication session with a predetermined terminal (or device) through a network communication unit for connecting a predetermined communication channel with a VAN company server on a wired or wireless network, or a predetermined cable communication port. A predetermined communication session with a predetermined local area communication terminal (or device) device through a cable communication unit or at least one local area wireless communication unit for connection; Comprised, including the short-range wireless communication unit for connection, it comprises a communication protocol and / or the driver for connecting the communication channel (or communication session) by software.

The network communication unit may include a predetermined wired network and / or a mobile communication network including a Value Added Network (VAN) or a financial common network or high-speed Internet (eg, ADSL / VDSL / Cable Network /.../ satellite communication). And a communication channel with a server (for example, a VAN company server) on a wired / wireless network through a predetermined wireless network including a wireless data communication network. The payment terminal 5900 is hardware-connected to a predetermined wired / wireless network. It may include a modem or a network interface card (NIC) for access, and may include a communication protocol and / or driver for software to connect the payment terminal 5900 to the wired / wireless network. have.

The cable communication unit connects a cable communication session with a predetermined terminal (or device) through a predetermined cable communication (eg, RS-232c or Universal Serial Bus (USB)), and the cable is connected in hardware. It comprises a predetermined cable communication port, and may comprise a communication protocol and / or driver for the cable communication in software.

Here, the terminal (or device) to which the cable communication session is connected through the cable communication unit preferably includes a predetermined point of sales (POS) terminal.

The short range wireless communication unit includes at least one of infrared ray communication, RF (Radio Frequency) communication, Bluetooth (BlueTooth), Wireless LAN (Wi-Fi), Wi-Fi (Wi-Fi), and Universal Serial Bus (USB). Characterized in that to connect a predetermined terminal (or device) and a short-range wireless communication session through at least one or more short-range wireless communication means, the hardware includes the infrared communication, RF communication, Bluetooth, WLAN, WiFi, UWB And a predetermined short range wireless communication module for short range wireless communication, and includes a communication protocol and / or a driver for the short range wireless communication in software.

Here, the terminal (or device) to which the short-range communication session is connected through the short-range communication unit preferably includes a customer wireless terminal that mounts or detaches a predetermined wireless IC chip.

The secure application module (5935) (SAM) is a confidentiality and / or authentication (required in the process of performing the electronic payment and / or electronic payment by the payment terminal 5900 using the customer card ( Security requirements, including authentication and / or integrity and / or nonrepudiation, can be secured and trusted within the payment terminal 5900 without using an authentication server (or server) on the payment network. As a safety device for performing the structure, the payment terminal 5900 has a predetermined message (information or data) processed in the process of performing a predetermined security request function (for example, fingerprint information processing function, electronic payment processing function, etc.). In the process of encrypting or decrypting, adding an authenticator that prevents forgery (or tampering) of the message, or performing the security request function. It can perform an important function to save vital information.

In general, the security application module (5935) may be composed of a predetermined security application module (5935) inserter and a security application module (5935) chip, the chip of the security application module (5935) chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It may be made, including.

In addition, the security application module 5935 may include at least one or more security application data (eg, at least one or more identifiers, versions, expiration dates, issue dates, code values, etc.) required to perform a predetermined security request function in the payment terminal 5900. ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocess / cancel command).

The print output unit 5940 may be configured to perform a predetermined function (eg, an electronic payment processing function) by the payment terminal 5900 and / or predetermined information or data (eg, payment approval details) generated as a result. Data, etc.) to a predetermined printing device (5945) (for example, a receipt printer), and to print the print information or data through the predetermined printing device (5945) in accordance with a predefined printing form. It can be made by including a printing protocol and a driver.

Referring to FIG. 59, the control unit 5905 of the payment terminal 5900 generates the scanned payment customer fingerprint data provided from the fingerprint input unit 5955 as fingerprint information including a predetermined feature point, and generates the generated fingerprint information. A fingerprint information processing unit 5960 for encrypting fingerprint information, a card information (for example, a credit card number, etc.) read out of the customer card through the card reader 5910 and the key input unit 5920 are input. A specialized component unit 5965 constituting a payment approval request text including information (for example, payment amount information) and the payment approval request text or payment customer fingerprint information to the VAN company server (or payment server). An information transmission unit 5970, a specialized reception unit 5975 for receiving a payment approval response message corresponding to the payment approval request message, and the payment customer fingerprint information from the VAN company server. It may be made, including the session-holding portion (5980) to maintain a communication session with the VAN company server.

Here, when the payment customer fingerprint data scanned from the fingerprint input unit 5955 is provided, the fingerprint information processing unit 5960 applies a predetermined pattern recognition algorithm or the like to the provided fingerprint data, Except for the common points that may have the same, only the feature points (eg, ridges and valleys, shortcomings, and the like) of the payment customer are generated to generate fingerprint information in the form of a template.

In this case, the size of the template increases as the number of feature points increases, but the recognition error rate decreases. In general, about 15 to 60 feature points are included in the template, and the payment terminal 5900 It is noted that the recognition error rate and size of the fingerprint information may be changed according to the specification.

According to another exemplary embodiment of the present invention, when the customer fingerprint information is mounted on the customer IC card, the fingerprint information processing unit 5960 may receive customer fingerprint information read from the IC card from the card reader unit. Can be.

The fingerprint information processor 5960 may encrypt the generated fingerprint information so that the fingerprint information of the payment customer cannot be used even if the fingerprint information of the payment customer is illegally stolen or leaked. The fingerprint information encryption process will be described with reference to FIGS. 61 to 64, which will not be described separately in this figure.

The specialized component unit 5965 may include card information (eg, a credit card number, etc.) read from the customer card through the card reader unit 5910 and transaction information (eg, through the key input unit 5920). And a payment approval request message including payment amount information, etc.) and merchant information (or payment terminal 5900 information, etc.) previously stored in the memory unit 5950. Transfer to the information transmission unit 5970.

The information transmission unit 5970 may transmit the payment approval request message to the VAN company server (or payment server) when the payment approval request message configured through the expert component 5965 is delivered.

The session maintaining unit 5980 may establish a communication session with the VAN company server in cooperation with the communication processing unit 5930 even if a payment approval response message corresponding to the payment approval request is received through the specialized reception unit 5975. In order not to terminate, the payment customer fingerprint information is transmitted through the fingerprint information processing unit 5960 to maintain the communication session until the payment customer fingerprint information is transmitted to the VAN company server (or payment server) through the information transmission unit 5970. do.

60 is a diagram showing the configuration of a fingerprint information processing unit 5960 provided with a function of encrypting fingerprint information through a predetermined encryption key according to one embodiment of the present invention.

More specifically, FIG. 360 shows fingerprint information input from a predetermined fingerprint input unit in the fingerprint information processing unit 5960 of the payment terminal 5900 shown in FIG. 59. The fingerprint information processing unit of the payment terminal 5900 ( A function configuration provided by encrypting through a predetermined encryption key at 5960 is provided. If a person of ordinary skill in the art belongs to the present invention, the fingerprint input unit 5955 may be referred to and / or modified with reference to FIG. It is possible to infer various implementation methods for the fingerprint information processing unit 5960 by encrypting fingerprint information inputted from a predetermined encryption key, but the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to the implemented method.

Referring to FIG. 60, the fingerprint information processor 5960 may store a memory that associates and stores a predetermined encryption key for encrypting fingerprint information input from the fingerprint input unit 5955 and the encryption key index, and the encryption key. Characterized in that it comprises a password processing unit 6000 for encrypting the fingerprint information input through.

The memory may store a predetermined encryption key for encrypting the input fingerprint information, wherein the encryption key is processed in association with a predetermined encryption key index to store the memory (or the payment terminal 5900 memory unit 5950). It is characterized in that stored in).

Here, the encryption key is an encryption key for encrypting the fingerprint information in a symmetric key (or secret key) encryption method, and / or an encryption key for encrypting the fingerprint information in a public key encryption method, and / or the fingerprint information. It may include at least one or more of an encryption key for encrypting the electronic envelope encryption method, and / or an encryption key for encrypting the fingerprint information in a key exchange encryption method.

In addition, the encryption key index stored in the memory in association with the encryption key is index information (for example, merchant code) for identifying a predetermined decryption key associated with the encryption key in a host that decrypts the encrypted fingerprint information. Or a payment terminal 5900 code, etc.), whereby a host (for example, a biometric information management server, etc.) that decrypts the encrypted fingerprint information is assigned to the encryption key based on the encryption key index. At least one corresponding decryption key may be identified and the encrypted fingerprint information may be decrypted using the identified decryption key.

Here, the decryption key identified through the encryption key index is a decryption key for decrypting the encrypted fingerprint information by a symmetric key (or secret key) decryption method, or decrypting the encrypted fingerprint information by a public key decryption method. At least one or more of a decryption key for decryption, a decryption key for decrypting the encrypted fingerprint information by an electronic envelope decryption method, or a decryption key for decrypting the encrypted fingerprint information by a key exchange decryption method.

According to another exemplary embodiment of the present invention, when the payment terminal 5900 information (or merchant code information) included in the payment approval request message generated by the payment terminal 5900 performs the encryption key index function, the memory The encryption key index may be omitted, and the present invention is not limited thereto.

The encryption processing unit 6000 may be configured to encrypt the user fingerprint information input through the fingerprint input unit 5955 through a symmetric key (or secret key) encryption method, and / or public key encryption method, and / or via an encryption key stored in the memory. And encrypting through at least one or more of an electronic envelope encryption scheme and / or a key exchange encryption scheme.

The fingerprint information encrypted by the fingerprint information processing unit 5960 is preferably secured until a predetermined decryption key is decrypted by a predetermined host (for example, a biometric information management server).

61 is a diagram illustrating a method for encrypting fingerprint information by a symmetric key (or secret key) method in the fingerprint information processing unit 5960 according to an embodiment of the present invention.

In more detail, the present invention relates to a method of encrypting the fingerprint information by a symmetric key (or secret key) method in the fingerprint information processing unit 5960 having an encryption function as shown in FIG. 60. Those skilled in the art may refer to and / or modify this drawing 61 to infer various implementation methods for encrypting the fingerprint information in a symmetric key (or secret key) manner by the fingerprint information processing unit 5960. It will be appreciated that the present invention encompasses all of the inferred practice methods and is not limited to the practice method shown in FIG.

In this figure 61 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the memory (or payment terminal 5900 memory unit 5950) provided in the fingerprint information processing unit 5960. Do.

Referring to FIG. 61, when user fingerprint information is input through the fingerprint input unit 5955, the fingerprint information is provided to the encryption processing unit 6000 (6100). When the user fingerprint information is provided, the encryption processing unit 6000 is provided. A predetermined symmetric key (or secret key) for encrypting fingerprint information is read from the memory (or payment terminal 5900 memory unit 5950) included in the fingerprint information processing unit 5960 (6105). The fingerprint information is encrypted using a symmetric key (or secret key) (6110).

Here, the encryption function of the encryption processing unit 6000 is called E (Encryption), the symmetric key (or secret key) is k (key), the fingerprint information is P (Plaintext), and the symmetric key (or secret key). If the fingerprint information encrypted with) is referred to as C (Ciphertext), the encryption function of the encryption processing unit 6000 can be expressed by a formula such as "Ek (P) = C".

According to the embodiment of the present invention, the encryption processing unit 6000 encrypts the fingerprint information through the symmetric key (or secret key), SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA It is preferable to include at least one or more of the International Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

62 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in the fingerprint information processor 5960 according to an embodiment of the present invention.

More specifically, FIG. 62 is a method for encrypting the user fingerprint information in a public key based structure in a fingerprint information processing unit 5960 having an encryption function as shown in FIG. 60. In the technical field to which the present invention pertains, FIG. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information by the public key method in the fingerprint information processing unit 5960 by referring to and / or modifying the drawing 62. It includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In this figure 62 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 5900 memory unit 5950) provided in the fingerprint information processing unit 5960.

Referring to FIG. 62, when user fingerprint information is input through the fingerprint input unit 5955, the fingerprint information is provided to the encryption processing unit 6000 (6200). When the fingerprint information is provided, the encryption processing unit 6000 may provide the fingerprint information. A predetermined server-side public key for encrypting the fingerprint information is extracted from a memory (6205), and the fingerprint information is encrypted using the extracted server-side public key (6210).

Here, the encryption function of the encryption processing unit 6000 is called E (Encryption), the server-side public key is k1 (key), the fingerprint information is P (Plaintext), and the fingerprint information encrypted with the server-side public key. Suppose C (Ciphertext), the encryption function of the encryption processing unit 6000 can be expressed by a formula such as "Ek1 (P) = C".

According to an embodiment of the present invention, the encryption processing unit 6000 encrypts the fingerprint information through the server-side public key: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the fingerprint information through the RSA encryption algorithm among the encryption algorithms, the published method (Modulus) used in the encryption process is n, and the undisclosed prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 6000 may be expressed as" C = Ek1 (P) = Pe mod n ".

63 is a diagram illustrating a method of encrypting fingerprint information in an electronic envelope method in the fingerprint information processor 5960 according to an embodiment of the present invention.

More specifically, FIG. 63 is a method for encrypting the user fingerprint information by an electronic envelope method in a fingerprint information processing unit 5960 provided with an encryption function as shown in FIG. 60, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in the electronic envelope method in the fingerprint information processing unit 5960 by referring to and / or modifying the drawing. It includes all the implementation methods, and is not limited to the implementation method shown in FIG.

In the figure 63 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 5900 memory unit 5950) provided in the fingerprint information processing unit 5960.

Referring to FIG. 63, when the user fingerprint information is input from the fingerprint input unit 5955, the fingerprint input unit 5500 provides the fingerprint information to the encryption processing unit 6000 (6300). When the fingerprint information is provided, the encryption processing unit 6000 provides the fingerprint. Generates a random random secret key for encrypting the information in a secret key (symmetric key) method (6305), and encrypts the fingerprint information using the generated secret key (6310) .

Here, the encryption function of the encryption processing unit 6000 is called E (Encryption), the secret key is r (random secret key), the user fingerprint information is P (Plaintext), and the fingerprint information encrypted with the secret key is C In the case of (Ciphertext), the encryption function of the encryption processing unit 6000 can be expressed by a formula such as "Er (P) = C".

According to the embodiment of the present invention, the algorithm for encrypting the fingerprint information through the secret processing unit 6000, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data Encryption Algorithm) It is preferable to include at least one of), and in addition to the encryption algorithm of various forms may be used, but the present invention is not limited by a specific encryption algorithm.

Thereafter, the encryption processing unit 6000 encrypts the secret key (random secret key) used to encrypt the user fingerprint information. To this end, the encryption processing unit 6000 extracts a predetermined server-side public key from the memory. In operation 6320, the private key is encrypted using the server-side public key (6320).

Here, the encryption function of the encryption processing unit 6000 is called E (Encryption), the server-side public key is k1 (key), the secret key is r (random Secret key), and the secret encrypted with the server-side public key. If the key is C (Ciphertext), the encryption function of the encryption processing unit 6000 can be expressed by an expression such as "Ek1 (r) = C".

According to the embodiment of the present invention, the encryption processing unit 6000 encrypts the secret key through the server-side public key, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 6000 may be expressed as" C = Ek1 (r) = re mod n ".

If the fingerprint information is encrypted with the secret key and the secret key is encrypted with the server-side public key, the encryption processing unit 6000 encrypts the fingerprint information encrypted with the secret key and the secret key encrypted with the server-side public key. Interworking

64 is a diagram illustrating a method for encrypting fingerprint information in a key exchange method in the fingerprint information processing unit 5960 according to an embodiment of the present invention.

More specifically, FIG. 64 is an embodiment of a method for encrypting and transmitting the fingerprint information by a key exchange method in a fingerprint information processing unit 5960 having an encryption function as shown in FIG. 60, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the fingerprint information by key exchange in the fingerprint information processing unit 5960 by referring to and / or modifying the drawing 64. It includes all implementation methods, and is not limited to the implementation method shown in FIG.

In the drawing 64 according to the embodiment of the present invention, the fingerprint input unit 5955 side private key and the server side public key may include the memory (or payment terminal 5900) memory unit 5950 provided in the fingerprint information processing unit 5960. It is preferable to read from).

Referring to FIG. 64, when user fingerprint information is input through the fingerprint input unit 5955, the fingerprint information is provided to the encryption processing unit 6000 (6400). When the fingerprint information is provided, the encryption processing unit 6000 may provide the fingerprint information. Generates a message digest including a predetermined one-way hash function (eg, a hash code of a predetermined length regardless of the length of the fingerprint information), and generates the hash code (or message digest). One-way hash function that cannot identify (or infer) the original message through the message input unit 5955 and the host decrypting the encrypted fingerprint information use the same hash function). The digital signature is generated (6405), and the message digest is digitally signed by encrypting the message digest through the private key of the fingerprint information processor 5960.

Herein, the encryption function of the encryption processing unit 6000 is referred to as E (Encryption), the fingerprint information processing unit 5960 side private key is t1 (yerminal side key), the message digest is m (message digest), and the fingerprint If the message digest encrypted with the private key of the input unit 5955 is C (Ciphertext), the digital signature function of the encryption processing unit 6000 may be expressed by an expression such as "Et1 (m) = C".

According to the embodiment of the present invention, the encryption processing unit 6000 encrypts the message digest using the private information side of the fingerprint information processing unit 5960, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA ( Digital Signature Algorithm (DH), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH is preferably included at least one or more, and various forms of encryption algorithms may be used, but specific encryption The present invention is not limited by the algorithm.

For example, in the case of encrypting the message digest through the RSA encryption algorithm, among the encryption algorithms, a public method (Modulus) used in the encryption process is n, and a decimal number that is not disclosed by the different prime factors of n is a. b, if the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a- 1) (b-1) ", wherein the digital signature function of the encryption processing unit 6000 may be expressed as" C = Et1 (m) = me mod n ".

In addition, the encryption processing unit 6000 generates a predetermined random secret key for encrypting the fingerprint information using a secret key (symmetric key) method (3915), and the fingerprint information and the fingerprint. The message digest encrypted with the private key of the input unit 5955 side and a copy of a certificate (for example, a certificate including the public key of the fingerprint information processor 5960 side) provided in the memory are linked to each other and encrypted using the generated secret key ( 6420).

Here, the encryption function of the encryption processing unit 6000 is called E (Encryption), the secret key is r (random secret key), the fingerprint information and the copy of the certificate P (Plaintext), and the fingerprint information encrypted with the secret key If a copy of the certificate is called C (Ciphertext), the encryption function of the encryption processing unit 6000 can be expressed by an expression such as "Er (P) = C".

According to an embodiment of the present invention, the encryption processing unit 6000 encrypts the fingerprint information and the certificate copy through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA ( It is preferable to include at least one or more of the International Data Encryption Algorithm, and various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

In addition, the encryption processing unit 6000 extracts (6425) a predetermined server-side public key from the memory to encrypt the secret key that encrypts the fingerprint information, and uses the server-side public key to extract the fingerprint information. The encrypted secret key is encrypted (6430).

Here, the encryption function of the encryption processing unit 6000 is called E (Encryption), the server-side public key is encrypted with s1 (server side key), the secret key is r (random secret key), and the server-side public key. When the secret key is referred to as C (Ciphertext), the encryption function of the encryption processing unit 6000 may be expressed by an expression such as "Es1 (r) = C".

According to the embodiment of the present invention, the encryption processing unit 6000 encrypts the secret key through the server-side public key, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 6000 may be expressed as" C = Es1 (r) = re mod n ".

A copy of a certificate including the message digest encrypted with the fingerprint information and the private key of the fingerprint information processor 5960 and the public key of the fingerprint information processor 5960 are linked to be encrypted through the generated secret key, and the secret is encrypted. When a key is encrypted through the server-side public key, the encryption processing unit 6000 encrypts the message digest and the fingerprint information processing unit encrypted with the fingerprint information encrypted with the secret key and the private key of the fingerprint information processing unit 5960. A predetermined copy of the fingerprint information is generated by associating a copy of the certificate including the (5960) side public key with the secret key encrypted with the server side public key.

65 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

More specifically, FIG. 65 is connected to the payment terminal 5900 shown in FIG. 59 through a predetermined network (eg, a VAN, etc.), and the full text of the payment approval request and the encrypted message from the payment terminal 5900. When the user biometric information is received, the payment approval history included in the full payment approval request is transmitted to a card company server corresponding to the user card, to receive a payment approval response from the card company server, and the sales including the payment approval history. By linking and storing a slip and the encrypted user biometric information, if the card company server is requested to confirm the unauthorized use of the card included in the sales slip, by confirming the encrypted user biometric information associated with the sales slip, The encrypted user biometric information is transmitted to a predetermined biometric information management server to correspond to the biometric information. A server on a network (eg, a VAN company) that requests user unique identification information and transmits the transmitted user unique identification information to the card company server when the user identification information corresponding to the biometric information is transmitted from the biometric information management server. Server, etc.), a person having ordinary knowledge in the technical field to which the present invention pertains, in accordance with the request to confirm the fraudulent use of the card included in the sales slip by referring to and / or modifying the drawing 65, By transmitting encrypted biometric information corresponding to the sales slip to a predetermined biometric information management server, user's unique identification information corresponding to the biometric information (eg, name, social security number, insurance number, driver's license number, financial transaction means information, etc.). While various server configurations may be inferred requesting confirmation of the invention, the present invention is directed to all inferred implementation methods. It is not limited to the implementation method shown in this figure 65.

In addition, although the server illustrated in FIG. 65 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 65, the server includes a receiving unit 6505, a reading unit 6510, a specialized processing unit 6515, an approval request unit 6520, a biometric information processing unit 6535, and a sales information processing unit 6525. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 6505 includes payment from the payment terminal 5900 shown in FIG. 59, including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.). Receive the encrypted fingerprint information of the user entered through the full approval request and the payment terminal 5900, transfers the received payment approval request full text to the reader 6510, and transmits the encrypted fingerprint information Transfer to biometric information processing unit 6535.

When the payment approval request message received through the receiving unit 6505 is delivered, the reading unit 6510 reads the payment approval request message and reads the user card information (eg, a credit card) included in the payment approval request message. Number, etc.), and the card company information corresponding to the checked card information, and then the confirmed card company information and the payment approval request details are transmitted to the approval request unit 6520.

The approval request unit 6520, when the payment approval request details and the card company information are transmitted through the reading unit 6510, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

The information processing unit, when the payment approval response for the payment approval request is received from the card company server through the approval request unit 6520, according to the response result, configures a sales slip including the payment approval history, The information is stored in a predetermined storage medium through the information storage unit 6530 by being associated with the encrypted user fingerprint information.

For example, when the payment approval response includes a payment approval notification due to the user card limit exceeded or the user authentication response is included in the user authentication response, the information processing unit configures the sales slip and It is desirable not to perform the storage process.

The biometric information processing unit 6535 transmits the encrypted fingerprint information associated with the sales slip to the biometric information management server in response to a request for confirming the unauthorized use of the card included in the sales slip from the card company server. Request identification of corresponding user identification information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.), and the user identification information corresponding to the fingerprint information is stored through the biometric information management server. When the identification is confirmed, the received unique user identification information is received, and the received user unique identification information is transmitted to the card company server.

The expert processing unit 6515 receives the payment approval response received through the approval request unit 6520, configures a payment approval response message to be transmitted to the payment terminal 5900, and writes the configured payment approval response message. Transfer to the payment terminal 5900.

The information storage unit 6630 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

66 is a diagram showing the functional configuration of a card company server 6600 according to an embodiment of the present invention.

More specifically, FIG. 66 is connected to a server shown in FIG. 65 by a predetermined network (e.g., a payment network, etc.), and when the payment approval request details are received from the server, the payment corresponding to the payment approval request details is provided. When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for unauthorized use confirmation of the card is made to the server, and the card user unique identification information is received from the server. As a method of implementing a card company server 6600 that performs identification of the card user by receiving and confirming that the user unique identification information corresponds to the card user information, the present invention is a general method in the art. If you have the knowledge, the user notice transmitted from the server by referring to and / or modifying this figure 66 A variety of card company servers 6600 configured to authenticate the card user by comparing the identification information with the user information stored in the card user information (customer information) DB (or storage medium), and responding to a request for confirming the unauthorized use of the card. Although it can be inferred that the present invention includes all the implementation methods inferred above, it is not limited to the implementation method shown in FIG.

In addition, although the card company server 6600 shown in FIG. 66 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and is provided in the server. At least one or more functional components may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 66, the card company server 6600 includes a receiving unit 6605, a reading unit 6610, a specialized processing unit 6615, a user authentication unit 6620, a limit checking unit 6630, and information storage. It may be configured to include a part 6625, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 6605 receives a payment approval request history of a predetermined card user from the server shown in FIG. 65 and transfers the received payment approval request details to the reading unit 6610.

The reading unit 6610 reads the payment approval request history received through the receiving unit 6605, confirms user card information, and checks the confirmed card information and payment approval request details (for example, a payment amount). Characterized in that the transfer to the limit check unit (6530).

The limit checking unit 6630 checks the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 6610, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is transmitted to the specialized processing unit 6615, and the determination result is transferred to the information storage unit 6625 and the card company DB (or storage). Media).

The specialized processing unit 6615, when the settlement determination result is delivered through the limit checking unit 6630, configures the payment approval response details including the transferred details, characterized in that for transmitting to the server.

When the user authentication unit 6620 is requested to confirm the illegal use of the user card, the user authentication unit 6620 requests the user identification information according to the request for the unauthorized use of the card to correspond to the user card information from the server. When the unique user identification information is delivered, the user identification information is compared with the transmitted card user information, characterized in that for performing the user authentication for the transaction.

67 is a diagram showing the configuration of the biological information management server 6700 according to an embodiment of the present invention.

More specifically, FIG. 67 is connected to the server shown in FIG. 65 through a predetermined network (e.g., a VAN), receives predetermined encrypted user biometric information from the server, and receives the received encrypted user. A method for implementing a biometric information management server 6700 for decoding biometric information, checking user unique identification information corresponding to the decoded user biometric information, and transmitting the identified user unique identification information to the server, Those skilled in the art to which the present invention pertains, various server configurations for verifying the user unique identification information corresponding to the user biometric information by decrypting the encrypted biometric information by referring to and / or modifying the present Figure 67 It may be inferred that, but the present invention includes all the implementation method inferred, the embodiment shown in Figure 67 It is not limited to the method.

In addition, although the server illustrated in FIG. 67 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 67, the biometric information management server 6700 may include an information receiver 6705, a decoder 6710, an information transmitter 6715, and an information confirmer 6720. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 6705 may receive predetermined encrypted biometric information from the server illustrated in FIG. 65 and transfer the received encrypted biometric information to the decryption unit 6710.

The decryption unit 6710 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 6705 is transferred. 6720).

An encrypted biometric information decryption process of the decryption unit 6710 will be described in more detail with reference to FIGS. 68 and 71 below.

When the encrypted biometric information is decrypted by the decryption unit 6710, the information checking unit 6720 verifies (or extracts) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 6715.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information verification unit 6720, the information transmission unit 6715 may transmit the encrypted user identification information to the encrypted biometrics. Send the information to the server that sent it.

FIG. 68 illustrates a method of decrypting predetermined encrypted biometric information received from the server by a symmetric key (or secret key) method in the biometric information management server 6700 according to an embodiment of the present invention.

More specifically, FIG. 68 is encrypted from a payment terminal 5900 having an encryption function as shown in FIG. 59, and the biometric information management server 6700 shown in FIG. 67 stores the encrypted biometric information transmitted through the server. The present invention relates to a method for decrypting by using a symmetric key (or secret key) method. If the present invention belongs to a general knowledge, the encrypted biometric information may be modified with reference to and / or modified with reference to FIG. Various implementation methods for decrypting using a symmetric key (or secret key) method may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 68 according to an embodiment of the present invention, fingerprint information is presented as an embodiment of the biometric information.

Referring to FIG. 68, the information receiving unit 6705 of the biometric information management server 6700 provides the encrypted fingerprint information received from the server to the decrypting unit 6710 (6800).

Subsequently, the decryption unit 6710 is configured to decrypt the encrypted fingerprint information from a storage medium provided in the biometric information management server 6700 or in a predetermined key management server (for example, an authentication server) on a network. A symmetric key (or secret key) is extracted or provided (6805), and the encrypted fingerprint information is decrypted through the extracted symmetric key (or secret key) (6810).

Here, the decryption function of the decryption unit 6710 is called D (Decryption), and the fingerprint information encrypted with the symmetric key (or secret key) with k (key) and the symmetric key (or secret key) with C (Ciphertext). And, if the decrypted fingerprint information P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 6710 is "Dk = P, or Dk (Ek (P)) = P" and The same formula can be used.

According to an embodiment of the present invention, an algorithm for decrypting the encrypted fingerprint information by the decryption unit 6710 via the symmetric key (or secret key) may include SEED, DES (Data Encryption Standard), Triple-DES, and Skipjack. And at least one of an International Data Encryption Algorithm (IDEA), and various types of decryption algorithms may be used. However, the decryption algorithm is matched with the encryption algorithm used in the payment terminal 5900. The present invention is not limited by the specific decoding algorithm.

When the fingerprint information encrypted through the symmetric key (or the secret key) is decrypted as described above, the decryption unit 6710 transfers the decrypted fingerprint information to the information verification unit 6720, and the information verification unit 6720. ) May identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium.

FIG. 69 illustrates a method for decrypting encrypted biometric information received from the biometric information management server 6700 in a public key infrastructure according to an embodiment of the present invention.

In more detail, FIG. 69 illustrates a structure of a public key infrastructure in the biometric information management server 6700 of the encrypted biometric information encrypted from a payment terminal 5900 having an encryption function as shown in FIG. 59 and transmitted through the server. The present invention relates to a method of decrypting by a method, and if it is known to those skilled in the art, the fingerprint encrypted with the server-side public key in the payment terminal 5900 by referring to and / or modifying the drawing 69. Various implementation methods for decrypting information in a public key based structure may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In this figure 69 according to an embodiment of the present invention, a server-side private key for decrypting fingerprint information encrypted with the server-side public key in a public key infrastructure scheme is provided in the biometric information management server 6700 or on a network. It is preferable to read from the storage medium provided in the key management server (eg, authentication server, etc.), and the present invention is not limited thereby.

Referring to FIG. 69, the encrypted fingerprint information received through the information receiving unit 6705 of the biometric information management server 6700 is provided to the decrypting unit 6710 (6900).

Thereafter, the decryption unit 6710 extracts a server-side private key for decrypting the encrypted fingerprint information from a storage medium included in the biometric information management server 6700 or a predetermined key management server (6905). The encrypted fingerprint information is decrypted using the extracted server-side private key (46910).

Here, the decryption function of the decryption unit 6710 is called D (Decryption), the server-side private key is k2 (key), the fingerprint information encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When the fingerprint information decrypted by the key is called P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 6710 is expressed by a formula such as "Dk2 = P, or Dk2 (Ek (P)) = P". I can express it.

According to an embodiment of the present invention, an algorithm for decrypting fingerprint information encrypted by a server-side public key in the payment terminal 5900 by the decryption unit 6710 via the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is matched with the encryption algorithm used in the payment terminal 5900, and the present invention is not limited by a specific decryption algorithm.

For example, when the fingerprint information is decoded through the RSA decryption algorithm among the public key based decryption algorithms, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the reading unit 6610 may be expressed as" P = Dk2 = Cd mod n ".

When the fingerprint information encrypted with the server-side public key is decrypted by the payment terminal 5900 through the server-side private key, the decryption unit 6710 transfers the decrypted fingerprint information to the information verification unit 6720. The information checking unit 6720 may identify (or extract) user unique identification information corresponding to the decrypted biometric information from a predetermined storage medium.

70 is a diagram illustrating a method of decrypting encrypted biometric information received from the server by an electronic envelope method in the biometric information management server 6700 according to an embodiment of the present invention.

In more detail, FIG. 70 is encrypted by a biometric information management server 6700 that receives the encrypted biometric information encrypted from a payment terminal 5900 having an encryption function as shown in FIG. 59 and transmitted through the server. The present invention relates to a method for decoding biometric information by an electronic envelope method. If the present invention belongs to a general knowledge, the electronic device may be referred to and / or modified with reference to FIG. It is possible to infer various implementation methods for decrypting the fingerprint information encrypted in the manner in the biometric information management server 6700 by the same electronic envelope method, but the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to the implementation method shown.

In this figure 70 according to an embodiment of the present invention, a server-side private key for decrypting the encrypted fingerprint information by an electronic envelope method is provided in the biometric information management server 6700 or a predetermined key management server (for example, on a network). It is preferable to read from the storage medium provided in the authentication server, etc., whereby the present invention is not limited.

Referring to FIG. 70, the encrypted fingerprint information received through the information receiving unit 6705 of the biometric information management server 6700 is provided to the decryption unit 6710 (7000), and then, the decryption unit 6710. (7005) extracts a server-side private key for decrypting an encrypted secret key included in the fingerprint information from a storage medium provided in the biometric information management server 6700 or a predetermined key management server, By decrypting the private key encrypted by the server-side public key in the payment terminal 5900 through the extracted server-side private key (7010), a predetermined secret key for decrypting the fingerprint information is extracted (7015), By decrypting the fingerprint information using the extracted secret key (4720), the payment terminal 5900 extracts the fingerprint information encrypted with the secret key (7025).

Here, the decryption function of the decryption unit 6710 is called D (Decryption), the server-side private key is k2 (key), and the secret key encrypted with the server-side public key is C (Ciphertext) and the server-side individual. When the secret key decrypted with the key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 6710 is "Dk2 = r, or Dk2 (Ek1 (r)) = r". It can be expressed as an expression.

According to the exemplary embodiment of the present invention, the decryption unit 6710 decrypts the secret key encrypted with the server-side public key in the payment terminal 5900 through the server-side private key, RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is matched with the encryption algorithm used in the payment terminal 5900, and the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 6710 may be expressed as" P = Dk2 = Cd mod n ".

Here, the decryption function of the decryption unit 6710 is called D (Decryption), the secret key is r (random secret key), the fingerprint information encrypted with the secret key (C (Ciphertext)), and the decrypted fingerprint When the information is referred to as P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 6710 may be expressed by a formula such as "Dr = P or Dr (Er (P)) = P".

According to an embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 6710 through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data (IDEA) It is preferable to include at least one or more of the Encryption Algorithm, and in addition to the decryption algorithm of various forms may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 5900, The present invention is not limited by the specific decoding algorithm.

When the fingerprint information is decrypted as described above, the decryption unit 6710 may provide the decrypted fingerprint information to the information verification unit 6720, and the information verification unit 6720 corresponds to the decrypted biometric information. User identification information can be identified (or extracted) from a predetermined storage medium.

71A and 71B illustrate a method of decrypting encrypted biometric information received from the biometric information management server 6700 by a key exchange method according to an embodiment of the present invention.

In more detail, FIGS. 71A and 71B illustrate the encrypted fingerprint information in the biometric information management server 6700 that receives the encrypted fingerprint information from the payment terminal 5900 having the encryption function as shown in FIG. 59 through the server. The present invention relates to a method of decrypting by a key exchange method, and if the present invention belongs to a general knowledge, referring to and / or modified with reference to Figure 71 in the payment terminal 5900 to the key exchange method. Various implementation methods for decrypting the encrypted payment means information in the biometric information management server 6700 by the same key exchange method may be inferred, but the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to the implemented method.

In this figure 71 according to an embodiment of the present invention, the server-side private key and the public terminal 5900 side for decrypting the encrypted fingerprint information in a key exchange method are provided in the biometric information management server 6700 or It is preferable to read from a storage medium provided in a predetermined key management server or the like, and the present invention is not limited thereto.

Referring to FIGS. 71A and 71B, when the encrypted fingerprint information is received and transmitted through the information receiving unit 6705 of the biometric information management server 6700 (7100), the encrypted fingerprint information is decrypted by the decryption unit 6710. The fingerprint information encrypted with the secret key includes a copy of a certificate including the message digest encrypted with the private key of the payment terminal 5900 and a public key of the payment terminal 5900, and the server. It is preferable to include the secret key encrypted with the side public key.

Thereafter, the decryption unit 6710 decodes the server-side private key from a storage medium provided in the biometric information management server 6700 or provided in a predetermined key management server to decrypt the secret key encrypted with the server-side public key. Extracting (7110) and decrypting the secret key through the server-side private key (7115) to reveal the message digest encrypted with the fingerprint information and the private key on the payment terminal 5900 side and the payment terminal 5900 side. The secret key for decrypting the copy of the certificate including the key is extracted (47120).

Here, the decryption function of the decryption unit 6710 is called D (Decryption), the server-side private key is s2 (server side key), the secret key encrypted with the server-side public key is C (Ciphertext), and the server If the secret key decrypted with the side private key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 6710 is "Ds2 = r, or Ds2 (Es1 (r)) = r". It can be expressed as

According to the exemplary embodiment of the present invention, the decryption unit 6710 decrypts the secret key encrypted with the server-side public key in the payment terminal 5900 through the server-side private key, RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is matched with the encryption algorithm used in the payment terminal 5900, and the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 6710 may be expressed as" P = Ds2 = Cd mod n ".

When the secret key is extracted as described above, the decryption unit 6710 uses the extracted secret key and the message digest and the payment terminal 5900 side encrypted with the fingerprint information and the private terminal side of the payment terminal 5900 side. By decrypting a copy of the certificate containing the public key (7125), the message digest encrypted with the secret key and the message digest encrypted with the private key of the payment terminal (5900) and the public key on the payment terminal (5900) side; Extract a copy of the certificate.

Here, the decryption function of the decryption unit 6710 is called D (Decryption), and the secret key is encrypted with r (random secret key), fingerprint information encrypted with the secret key, and the private key of the payment terminal 5900 side. The message digest encrypted with a copy of a certificate including a message digest and a public key of the payment terminal 5900 and the decrypted fingerprint information and the private key of the payment terminal 5900 side and the payment terminal 5900 When the copy of the certificate including the public key is called P (Plaintext), the decryption unit 6710 may encrypt the message digest and the payment terminal 5900 encrypted with the encrypted fingerprint information and the private key of the payment terminal 5900. The function of decrypting the copy of the certificate including the public key can be expressed by an expression such as "Dr = P, or Dr (Er (P)) = P".

According to an embodiment of the present invention, the decryption unit 6710 is encrypted with the encrypted fingerprint information and the private key of the payment terminal 5900 side through the secret key and the public key of the payment terminal 5900 side. Algorithm for decrypting the copy of the certificate, including, is preferably made of at least one or more of SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data Encryption Algorithm (IDEA), in addition to various forms of decryption An algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the payment terminal 5900, and the present invention is not limited to a specific decryption algorithm.

In addition, the decryption unit 6710 decrypts the message digest encrypted with the private key of the payment terminal 5900 through the public key of the payment terminal 5900 at 7130, thereby allowing the fingerprint at the payment terminal 5900 to decrypt the message digest. The message digest generated and transmitted from the information is extracted (7135).

Here, the decryption function of the decryption unit 6710 is called D (Decryption), and the message digest encrypted with the terminal side key (t2) of the payment terminal 5900 and the private key of the payment terminal 5900 is When the message digest decrypted with C (Ciphertext) and the payment terminal 5900 side public key is m (Message Digest), the function of decrypting the encrypted message digest by the decryption unit 6710 is "Dt2 = m," Or Dt2 (Es1 (r)) = m ".

According to an embodiment of the present invention, an algorithm for decrypting the message digest encrypted by the decryption unit 6710 with the private key of the payment terminal 5900 at the payment terminal 5900 through the public key of the payment terminal 5900 may include: , At least one of RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, and ECDH. In addition to the above, various types of decryption algorithms may be used. However, the decryption algorithm is matched with the encryption algorithm used in the payment terminal 5900, and the present invention is not limited to the specific decryption algorithm.

For example, when decrypting the message digest through the RSA decryption algorithm of the public key-based decryption algorithm, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b", and d is de de a-1) (b-1) ", wherein the decoding function of the decoder 6710 may be expressed as" P = Dt2 = Cd mod n ".

Thereafter, the decoder 6710 generates the predetermined message digest through the same one-way hash function with the received fingerprint information (7140), and then generates the generated message digest and the decrypted message. By comparing the digest (7145), the validity of the received fingerprint information can be confirmed.

If the generated message digest and the decrypted message digest coincide with each other (7150), the decryption unit 6710 may transfer the fingerprint information to the information confirmation unit 6720, and the information confirmation unit 6720 may User identification information corresponding to the decrypted biometric information may be identified (or extracted) from a predetermined storage medium.

72 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

In more detail, the process shown in FIG. 72 is performed on the user authentication information processing system shown in FIG. 58, and the payment terminal is provided with a predetermined biometric information input means (eg, fingerprint recognition means, etc.). In operation 5900, if the payment approval request message including the user card information and the payment information (for example, the payment amount) is transmitted to a server (for example, a VAN company server, etc.) on the network (for example, VAN), the payment approval request Providing the details to the card company server 6600 corresponding to the user card information, if the payment approval response for the payment approval request is received from the card company server 6600, by encrypting the biometric information input from the card user, Transmitting the encrypted biometric information to the server, constructing a sales slip including the payment approval details in the server, the sales slip and the sales slip After the user's biometric information is cooperatively processed and stored in a predetermined storage medium, the card company server 6600 requests the card user confirmation from user card misuse included in the sales slip. Confirming the requested sales slip, confirming encrypted user biometric information associated with the sales slip, and transmitting the checked encrypted user biometric information to a predetermined biometric information management server 6700, wherein the biometric information Request the identification of the user's unique identification information (for example, name, social security number, insurance number, driver's license number, financial transaction means information, etc.) corresponding to, and decrypts the encrypted biometric information in the biometric information management server 6700 Confirming user identification information corresponding to the biometric information, and transmitting the identified user identification information to the server; And transmitting the identified user unique identification information from the server to the card company server 6600 and performing the card user identity authentication through the transmitted user unique identification information at the card company server 6600. As a method, one of ordinary skill in the art will be able to infer various user authentication information processing procedures by referring to and / or modifying this drawing 72, but the present invention is directed to all implementation methods inferred from the above. It includes, and is not limited to the embodiment shown in this drawing.

According to the user authentication information processing shown in FIG. 72, when the payment terminal 5900 shown in FIG. 59 reads card information from the user card and checks the payment information input through a predetermined key input means (7200). ), The payment terminal 5900 generates a payment approval request full text including card information and payment information (7202), and transmits the generated payment approval request full text to a server on the network (7204),

Then, the server transfers the payment approval request details included in the received payment approval request message to the card company server 6600 to make an approval request (7206), and the payment corresponding to the approval request from the card company server 6600. When the approval response is received, the payment approval response message is transmitted to the payment terminal 5900 (7208).

Thereafter, the payment terminal 5900 checks the user fingerprint information input through a predetermined fingerprint input means, encrypts the input user fingerprint information as shown in FIGS. 61 to 64 (7210), The encrypted user fingerprint information is transmitted to the server (7212).

Then, the server stores and stores (7214) the sales slip including the payment authorization and the received encrypted user fingerprint information.

Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 6600 (7216), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. In operation 7218, the encrypted user fingerprint information is transmitted to the biometric information management server 6700, and the user unique identification information corresponding to the fingerprint information is requested in operation 7120.

In addition, the biometric information management server 6700 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 68 to 71 corresponding to the encryption method of the payment terminal 5900 (7222). ).

When the encrypted fingerprint information is decrypted, the biometric information management server 6700 may identify a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 6700). Check the code (7224).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (7226), the biometric information management server 6700 transmits the identified unique identification code to the server (7228), while the decryption If the user identification code corresponding to the fingerprint information is not confirmed, the biometric information management server 6700 may notify the server that there is no corresponding identification code (7230).

When the user identification information corresponding to the encrypted fingerprint information is received from the biometric information management server 6700, the server transmits the received user identification information to the card company server 6600 (7232).

When the user unique identification information is received, the card company server 6600 checks user information corresponding to the card information, and compares the identified user information with the user unique identification information to perform user authentication (7234). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

73 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, in Figure 73, a payment terminal equipped with a predetermined biometric information input means (e.g., fingerprint recognition means, etc.) completes a payment approval request message including user card information and payment information (e.g., payment amount). When transmitted to a server (eg, a VAN company server, etc.) on the server (eg, a VAN company), the payment approval request history is provided to a card company server corresponding to the user card information, and the payment for the payment approval request is made from the card company server. When the approval response is received, the biometric information input from the card user is encrypted, and the encrypted biometric information is transmitted to the server, and the sales slip including the payment approval details is configured by the server, and the sales slip and The encrypted user biometric information is cooperatively processed and stored in a predetermined storage medium, and then included in the sales slip from the card company server. When requesting the card user confirmation due to the illegal use of the user card, the server checks the sales slip requested by the server, and checks the encrypted user biometric information associated with the sales slip, thereby verifying the encrypted The user biometric information and the user card information is transmitted to a predetermined biometric information management server, the biometric information management server decrypts the encrypted biometric information, confirms the user unique identification information corresponding to the biometric information, and the confirmation. As a method for implementing a system configuration for transmitting the user identification information to the card company server corresponding to the user card information, the card company server to perform the user authentication by the user identification information, Those of ordinary skill in the art to which the invention belongs Refer to 73 and / or modified to would be able to infer a variety of user authentication information processing system configuration, the present invention includes all embodiments in which the inference method, not limited to the exemplary method shown in the figure 73.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 73, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and card information read from the user card (eg, when the card user requests payment of a predetermined user). Credit card number) and a predetermined payment approval request message including predetermined payment information, and transmits the configured payment approval request message to a server on the network, and the payment approval corresponding to the payment approval request message is received from the server. When the response message is received, the biometric information of the card user is obtained through the biometric information input means, and the stroke And encrypting the obtained user biometric information and transmitting the encrypted user biometric information to a server on the network.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal, the payment approval request from the card company server. Receiving a payment approval response corresponding to the, and the payment approval history and the encrypted user biometric information in association with the stored, and if the card company request to confirm the card user (for example, card misuse, etc.), The received encrypted biometric information and the user card information are transmitted to a predetermined biometric information management server.

The biometric information management server is connected to the server through a predetermined network, receives encrypted user biometric information and user card information from the server, decrypts the received encrypted user biometric information, and And identifying the user unique identification information corresponding to the decrypted user biometric information, and transmitting the identified user unique identification information to a card company server corresponding to the user card information.

In the present invention, the biometric information registration server and the biometric information management server are separately illustrated in order to more effectively explain the registration and management of biometric information. However, the biometric information registration server and the biometric information management server are the same server or the same institution. It can be provided that the.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server for user confirmation of the card for which the user's illegal use is requested, and receiving the user's unique identification information (e.g., Name, resident registration number, insurance number, driver's license number, financial transaction information, etc.), the card user information associated with the confirmed card information is queried, and the user's unique identification information corresponds to the inquired card user information. By confirming that the identity of the card user, characterized in that to perform.

74 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

More specifically, the drawing 74 is connected to the payment terminal shown in FIG. 59 through a predetermined network (for example, a VAN), and when the payment approval request message is received from the payment terminal, the payment approval request message is sent to the full text of the payment approval request. Sending the payment approval details included to the card company server corresponding to the user card, receives the payment approval response from the card company server, and transmits to the payment terminal, when the user encrypted fingerprint information is received from the payment terminal, The sales slip including the payment approval details and the encrypted user biometric information are processed in association with each other and stored, and when the card company server requests the unauthorized use of the card included in the sales slip, the encryption is associated with the sales slip. Confirm the encrypted user biometric information and verify the encrypted user biometric information and the user car. As a method for implementing a server (for example, a VAN company server, etc.) on a network for transmitting card information to a predetermined biometric information management server, those skilled in the art to which the present invention pertains will refer to FIG. 74. And / or modify and transmit encrypted biometric information and card information corresponding to the sales slip to a predetermined biometric information management server in response to a request for confirming the unauthorized use of the card included in the sales slip to correspond to the biometric information. Although various server configurations may be inferred for requesting confirmation of user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.), the present invention includes all the inferred implementation methods. The present invention is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 74 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 74, the server includes a receiving unit 7405, a reading unit 7410, a specialized processing unit 7415, an approval requesting unit 7420, a biometric information processing unit 7475, and a sales information processing unit 7425. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 7405 may receive a payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal illustrated in FIG. 59. Receive the received, and transmits the received payment approval request full text to the reading unit (7410), and if the encrypted fingerprint information of the user input through the payment terminal is received, the encrypted fingerprint information to the information processing unit To pass.

When the payment approval request message received through the receiving unit 7405 is transferred, the reading unit 7410 reads the payment approval request message and stores user card information (eg, a credit card) included in the payment approval request message. Number, etc.), the card company information corresponding to the confirmed card information is confirmed, and the confirmed card company information and the payment approval request details are transmitted to the approval request unit 7420.

The approval request unit 7420, when the payment approval request details and the card company information are transmitted through the reading unit 7410, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

The information processing unit, when the payment approval response for the payment approval request is received from the card company server through the approval request unit 7420, according to the response result, configures a sales slip including the payment approval history, When the encrypted user fingerprint information is transmitted through the receiving unit 7505, the encrypted user fingerprint information and the sales slip are linked to be stored in a predetermined storage medium through the information storage unit 7430.

The biometric information processing unit 7475 transmits the encrypted fingerprint information associated with the sales slip to the biometric information management server in response to a request for confirming the unauthorized use of the card included in the sales slip from the card company server. Request identification of corresponding user identification information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.), and the user identification information corresponding to the fingerprint information is stored through the biometric information management server. When the identification is confirmed, the received unique user identification information is received, and the received user unique identification information is transmitted to the card company server.

The expert processing unit 7415 receives the payment approval response received through the approval request unit 7420, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send.

The information storage unit 7230 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

75 is a diagram showing the functional configuration of a card company server 7500 according to an embodiment of the present invention.

More specifically, FIG. 75 is connected to a server shown in FIG. 74 by a predetermined network (eg, a payment network, etc.), and when the payment approval request details are received from the server, the server corresponding to the payment approval request details is provided. If a payment approval response is provided to the server, and a fraudulent confirmation request of the payment approved card is received from a user or the like, a request for a fraudulent use confirmation of the card is made to the server, and the card user unique identification information from the server As a method of implementing a card company server 7500 for performing identity verification for the card user by confirming that the user unique identification information corresponds to the card user information, the present invention generally includes If you have the knowledge of the user, the user transmitted from the server by referring to and / or modified in this figure 75 A variety of card company servers 7500 configured to authenticate the card user by comparing identification information with user information stored in the card user information (customer information) DB (or storage medium), and responding to a request for confirming the unauthorized use of the card. Although it can be inferred that the present invention includes all the implementation methods inferred above, it is not limited to the implementation method shown in FIG.

In addition, although the card company server 7500 illustrated in FIG. 75 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and is provided in the server. At least one or more functional components may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system shown in FIG. 73.

Referring to FIG. 75, the card company server 7500 includes a receiver 7505, a reader 7510, a professional processor 7515, a user authentication unit 7520, a limit check unit 7730, and information storage. It may be configured to include a unit 7525, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 7505 receives the payment approval request details of a predetermined card user from the server illustrated in FIG. 74, and transmits the received payment approval request details to the reading unit 7510.

The reading unit 7510 reads the payment approval request history received through the receiving unit 7505, confirms user card information, and checks the checked card information and payment approval request details (for example, payment amount). Characterized in that the transfer to the limit check unit (7530).

The limit checking unit 7730 checks the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 7510. It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is delivered to the specialized processor 7515, and the result of the determination is transferred to the information storage unit 7525 to store the card company DB (or storage). Media).

When the result of the settlement determination is delivered through the limit checking unit 7530, the specialized processor 7515 configures a payment approval response detail including the transferred details and transmits the details to the server.

When the user authentication unit 7520 is requested to confirm the illegal use of the user card, the user authentication unit 7520 requests the user identification information according to the request for the unauthorized use of the card to correspond to the user card information from the server. When the unique user identification information is delivered, the user identification information is compared with the transmitted card user information, characterized in that for performing the user authentication for the transaction.

76 is a diagram showing the configuration of the biological information management server 7600 according to an embodiment of the present invention.

More specifically, FIG. 76 is connected to the server shown in FIG. 74 through a predetermined network, and receives encrypted user biometric information and user card information from the server, thereby receiving the received encrypted user biometric information. A biometric information management server 7600 to decrypt the ID, and to confirm user unique identification information corresponding to the decrypted user biometric information, and to transmit the identified user unique identification information to a card company server 7500 corresponding to the user card information. As a method for implementing a configuration, a person having ordinary knowledge in the technical field to which the present invention pertains can refer to and / or modify this drawing 76 to decrypt the encrypted biometric information so as to correspond to the user biometric information. While various server configurations may be inferred for identifying identification information, the present invention is directed to all of the inferred Include city method, and is not limited to the exemplary method shown in the figure 76.

In addition, although the server illustrated in FIG. 76 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 76, the biometric information management server 7600 may include an information receiver 7705, a decoder 7610, an information transmitter 7715, and an information confirmer 7620. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 7705 receives predetermined encrypted biometric information and user card information from the server shown in FIG. 76, transfers the received encrypted biometric information to the decryption unit 7610, and receives the received biometric information. The user card information to the information transmission unit 7615.

The decryption unit 7610 decrypts the encrypted biometric information when the encrypted biometric information received through the information receiving unit 7705 is transferred. 7620).

The encryption biometric information decryption process of the decryption unit 7610 will be described with reference to FIGS. 68 and 71.

When the encrypted biometric information is decrypted by the decryption unit 7610, the information confirming unit 7720 verifies (or extracts) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmission unit 7615.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information verification unit 7620, the information transmission unit 7615 transfers the transferred user identification information to the user card information. To the card company server 7500 corresponding thereto.

77 is a view showing a user authentication information processing process according to an embodiment of the present invention.

More specifically, the process shown in FIG. 77 is performed on the user authentication information processing system shown in FIG. 73, and in a payment terminal equipped with a predetermined biometric information input means (eg, fingerprint recognition means, etc.). When a payment approval request message including user card information and payment information (eg, payment amount, etc.) is transmitted to a server (eg, a VAN company server, etc.) on a network (eg, a VAN company), the payment approval request details are transmitted to the user. The card company server 7500 corresponding to the card information is provided, and when the payment approval response for the payment approval request is received from the card company server 7500, the biometric information input from the card user is encrypted to encrypt the biometric information. Transmitting the information to the server, constructing a sales slip including the payment approval details in the server, the sales slip and the password; The user's biometric information is linked and stored in a predetermined storage medium, and the card company server 7500 requests the card user confirmation from the user card included in the sales slip. Confirming the requested sales slip, confirming the encrypted user biometric information associated with the sales slip, and transmitting the checked encrypted user biometric information and the user card information to a predetermined biometric information management server 7600; The card information server decrypts the encrypted biometric information at the biometric information management server 7600 to confirm user identification information corresponding to the biometric information, and the card company server corresponding to the user card identification information. The card company through the user-specific identification information transmitted from the card company server 7500 to the card company 7500. As an implementation method for the process of performing the self-authentication, a person having ordinary knowledge in the technical field to which the present invention belongs may be able to infer various user authentication information processing processes by referring to and / or modifying the drawing 77. The present invention includes all implementation methods inferred from the above, and is not limited to the implementation method shown in FIG.

According to the user authentication information processing shown in FIG. 77, when the payment terminal shown in FIG. 59 reads card information from a user card and checks payment information input through a predetermined key input means (7700), The payment terminal generates a payment approval request text including card information and payment information (7702), transmits the generated payment approval request text to a server on a network (7704),

Then, the server transfers the payment approval request details included in the received payment approval request message to the card company server 7500 to make an approval request (7706), and the payment corresponding to the approval request from the card company server 7500. When the acknowledgment response is received, the full text of the payment approval response is transmitted to the payment terminal (7708).

Thereafter, the payment terminal checks the user fingerprint information input through a predetermined fingerprint input means, encrypts the input user fingerprint information as shown in FIGS. 61 to 64 (7710), and encrypts the encrypted user input information. The user fingerprint information is transmitted to the server (7712).

In operation 7714, the server associates and stores the sales slip including the payment approval details with the received encrypted user fingerprint information.

Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 7500 (7716), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. In operation 7720, the encrypted user fingerprint information and the user card information are transmitted to the biometric information management server 7600, and the user unique identification information corresponding to the fingerprint information is requested in operation 7720.

The biometric information management server 7600 decrypts the received encrypted fingerprint information through a decryption process as shown in FIGS. 68 to 71 corresponding to the encryption method of the payment terminal (7722).

When the encrypted fingerprint information is decrypted, the biometric information management server 7600 may identify a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 7700). Check the code (7724).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (7726), the biometric information management server 7600 uses the identified unique identification code to the card company server 7500 corresponding to the user card information. If the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 7700 sends the corresponding unique identification to the server (or card company server 7500). The code may be notified (7730).

When the card company server 7500 receives the user identification information, the card company server 7500 checks user information corresponding to the card information, and compares the identified user information with the user identification information to perform user authentication (7732). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

78 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

In more detail, FIG. 78 shows a full text of a payment approval request including user card information and payment information (eg, payment amount) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.). When transmitting to a server (for example, a VAN company server, etc.) on the (eg, VAN server), the payment approval request details are provided to the card company server 7500 corresponding to the user card information, and the card company server 7500 from the When a payment approval response is received for a payment approval request, the biometric information input from the card user is encrypted, the encrypted biometric information is transmitted to the server, and the server generates a sales slip including the payment approval details. The link between the sales slip and the encrypted user biometric information is stored in a predetermined storage medium, and the card company server 7500 receives the purchase slip. When requesting the card user confirmation due to misuse of the user card included in the exhibition table, the server confirms the requested sales slip, and checks the encrypted user biometric information associated with the sales slip, When the encrypted user biometric information is transmitted to the card company server 7500 and the encrypted user biometric information is transmitted from the card company server 7500 to a predetermined biometric information management server 7600, the biometric information is transmitted. The management server 7600 decrypts the encrypted biometric information, verifies user unique identification information corresponding to the biometric information, and transmits the identified user unique identification information to the card company server 7500, and the card company server. The system configuration for performing the card user identification through the transmitted unique user identification information at (7500) As a method, one of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 78 to infer various user authentication information processing system configurations, but the present invention implements all the inferred embodiments. It includes a method, and is not limited to the embodiment shown in FIG.

Referring to FIG. 78, a user authentication information processing system according to an embodiment of the present invention includes a payment terminal, a server, a biometric information management server 7700, and a card company server 7500 (or a financial company server) through a predetermined network. The payment terminal includes a predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information. Compose a payment approval request text including read card information (eg, credit card number, etc.) and predetermined payment information, and transmit the configured payment approval request text to a server on the network, and the payment approval request from the server. When the payment approval response message corresponding to the full text is received, the biometric information of the card user is obtained through the biometric information input means. And encrypting the obtained user biometric information and transmitting the encrypted user biometric information to a server on the network.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the full payment approval request message and the encrypted user biometric information are received from the payment terminal, the card company server 7500 receives the payment information. Receiving a payment approval response corresponding to a payment approval request, and cooperatively stores the payment approval history and the encrypted user biometric information, and receives a request for confirmation of the card user from the card company server 7500 (for example, Card misuse, etc.), and transmits the stored encrypted biometric information to the card company server 7500.

The biometric information management server 7600 is connected to the card company server 7500 through a predetermined network, receives the encrypted user biometric information from the card company server 7500, and receives the received encrypted user. And decrypts the biometric information, checks the user unique identification information corresponding to the decrypted user biometric information, and transmits the identified user unique identification information to the card company server 7500.

In the present invention, the biometric information registration server and the biometric information management server 7600 are separately illustrated in order to more effectively explain the registration and management of biometric information. However, the biometric information registration server and the biometric information management server 7600 are identical to each other. It may be specified that the server may be provided at the same institution.

The card company server 7500 (or the financial company server) is connected to the server through a predetermined network (eg, a payment network, etc.), and when a full payment approval request message is received from the server, the card company server 7500 (or the financial company server) corresponding to the received payment approval request is received. Provide a payment approval response to the server, and if the user is requested to confirm the illegal use of the user card, request the user to confirm the card for which the user is required to confirm the illegal use, and encrypt the user from the server. When the fingerprint information is received, the received encrypted fingerprint information is transmitted to the biometric information management server 7600, and when the user unique identification information associated with the biometric information is received from the biometric information management server 7600, The card user information associated with the received user unique identification information is queried, and the user unique identification information is checked. By check that meets the user information, and wherein the performing identity authentication on the user card.

79 is a diagram showing the configuration of a server function according to an embodiment of the present invention.

In more detail, FIG. 79 is connected to a payment terminal shown in FIG. 59 through a predetermined network (eg, a VAN), and when the payment approval request message is received from the payment terminal, The payment approval details are transmitted to a card company server 7500 corresponding to the user card, and a payment approval response is received from the card company server 7500, transmitted to the payment terminal, and the user is encrypted from the payment terminal. When the fingerprint information is received, the sales slip including the payment approval details and the encrypted user biometric information are processed in association with each other and stored. When the card company server 7500 requests the unauthorized use of the card included in the sales slip, Confirming the encrypted user biometric information associated with the sales slip, and checking the encrypted user biometric information. As a method for implementing a server (for example, a VAN company server, etc.) on a network to be transmitted to the card company server 7500, those skilled in the art may refer to FIG. 79 and / or In response to a request for confirming fraudulent use of a card included in the sales slip, inferring various server configurations for transmitting encrypted user biometric information associated with the sales slip to the card company server 7500 to the card company server 7500. As will be appreciated, the present invention includes all implementation methods inferred above and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 79 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 79, the server includes a receiving unit 7905, a reading unit 7910, a specialized processing unit 7915, an approval requesting unit 7720, a biometric information processing unit 7927, and a sales information processing unit 7825. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 7905 is a full payment approval request message including user card information (e.g., credit card number, etc.) and payment information (e.g., payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. Receive the received, and transmits the received payment approval request full text to the reading unit (7910), and also receives the encrypted fingerprint information of the user input through the payment terminal, the encrypted fingerprint information to the information processing unit To pass.

When the payment approval request message received through the reception unit 7905 is delivered, the reading unit 7910 reads the payment approval request message and reads the user card information (eg, a credit card) included in the payment approval request message. Number, etc.), the card company information corresponding to the confirmed card information is confirmed, and the confirmed card company information and the payment approval request details are transmitted to the approval request unit 7920.

When the payment request request details and the card company information are transmitted through the reading unit 7910, the approval request unit 7920 transmits the payment approval request details to the card company server 7500 to approve the payment. Request, and receives a payment approval response to the payment approval request from the card company server 7500.

The information processing unit, when the payment approval response for the payment approval request is received from the card company server 7500 through the approval request unit 7920, according to the response result, a sales slip including the payment approval history; When the encrypted user fingerprint information is transmitted through the receiving unit 7905, the encrypted user fingerprint information and the sales slip are linked to be stored in a predetermined storage medium through the information storage unit 7930. do.

The biometric information processing unit 7735 transmits encrypted fingerprint information associated with the sales slip to the card company server 7500 according to a request for confirming the unauthorized use of a card included in the sales slip from the card company server 7500. .

The expert processing unit 7915 receives the payment approval response received through the approval request unit 7920, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send.

The information storage unit 7930 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

80 is a diagram showing the functional configuration of a card company server 8000 according to an embodiment of the present invention.

More specifically, FIG. 80 is connected to the server shown in FIG. 79 by a predetermined network (eg, a payment network). When the payment approval request details are received from the server, the payment corresponding to the payment approval request details is provided. If an authorization response is provided to the server, and a fraudulent confirmation request of the payment approved card is received from the user, the server sends a fraudulent confirmation request of the card to the server, and an encrypted biometric of the card user is received from the server. Receives the information, and transmits the received encrypted biometric information to a predetermined biometric information management server 7600, requests user identification information corresponding to the encrypted biometric information, and the biometric information management server 7600 When the user unique identification information is received from the received user unique identification information matches the card user information By confirming, as an implementation method for the configuration of the card company server 8000 performing identity verification for the card user, those skilled in the art to which the present invention pertains, refer to and / or modify this drawing 80 The user identification information transmitted from the biometric information management server 7600 is compared with user information stored in the card user information (customer information) DB (or storage medium), and in response to the request for confirming the unauthorized use of the card, Although various card company server 8000 configurations for authenticating card users may be inferred, the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In addition, although the card company server 8000 shown in FIG. 80 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively. At least one or more functional components may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 80, the card company server 8000 includes a receiver 8005, a reader 8010, a specialized processor 8015, a user authenticator 8020, a limit checker 8030, and information storage. It may be configured to include a unit 8025, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 8005 receives the payment approval request details of a predetermined card user from the server shown in FIG. 79 and transmits the received payment approval request details to the reading unit 8010.

The reading unit 8010 reads the payment approval request history received through the receiving unit 8005 to confirm user card information, and checks the confirmed card information and payment approval request details (for example, payment amount). Characterized in that the transfer to the limit check unit 8030.

The limit checking unit 8030 checks the payment limit information corresponding to the card information when the user card information and payment approval request details (for example, payment amount) are transmitted through the reading unit 8010. It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is delivered to the specialized processing unit 8015, and the determination result is transferred to the information storage unit 8025 to store the card company DB (or storage). Media).

The specialized processing unit 8015 may be configured to transmit the payment approval response details including the transferred details to the server when the settlement result of the settlement is delivered through the limit checking unit 8030.

When the user authentication unit 8020 is required to confirm the unauthorized use of the user card, the server requests the encrypted fingerprint information of the card user, and when the encrypted fingerprint information is received from the server, the reception is performed. When the encrypted fingerprint information is transmitted to the biometric information management server 7600, the user unique identification information corresponding to the fingerprint information is requested, and the user unique identification information is transmitted from the biometric information management server 7600, The user identification of the transaction is performed by comparing the transmitted user unique identification information with the card user information.

81 is a diagram showing the functional configuration of the biometric information management server 8100 according to an embodiment of the present invention.

In more detail, FIG. 81 is connected to the card company server 8000 shown in FIG. 80 through a predetermined network, receives predetermined user biometric information from the card company server 8000, and receives the received encryption. A biometric information management server 8100 configured to decrypt the user biometric information, verify user unique identification information corresponding to the decrypted user biometric information, and transmit the identified user unique identification information to the card company server 8000. As a method for implementing the present invention, those skilled in the art may decode the encrypted biometric information by referring to and / or modifying the present invention 81 to decode the user unique identification information corresponding to the user biometric information. It will be possible to infer various server configurations to confirm, but the present invention includes all implementation methods inferred and It is not limited to the implementation method shown in FIG.

In addition, although the biological information management server 8100 illustrated in FIG. 81 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention. At least one or more functional components provided in the specification may be implemented as a server (or apparatus) or a functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 81, the biometric information management server 8100 may include an information receiver 8105, a decoder 8110, an information transmitter 8215, and an information confirmer 8120. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiver 8105 receives predetermined encrypted biometric information from the card company server 8000 shown in FIG. 80, and transmits the received encrypted biometric information to the decryption unit 8110.

The decryption unit 8110 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 8105 is transmitted. 8120).

The decryption process of the decryption unit 8210 will be described with reference to FIGS. 68 and 71.

When the encrypted biometric information is decrypted by the decryption unit 8110, the information checking unit 8120 may identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extraction) of the unique user identification information is transmitted to the information transmitter 8315.

When the user identification information corresponding to the biometric information is identified (or extracted) and transmitted through the information verification unit 8120, the information transmission unit 8215 may transmit the received user identification information to the card company server ( 8000).

82 illustrates a process of processing user authentication information according to an embodiment of the present invention.

In more detail, the process shown in FIG. 82 is performed on the user authentication information processing system shown in FIG. 78, and in a payment terminal provided with a predetermined biometric information input means (eg, fingerprint recognition means, etc.). When a payment approval request message including user card information and payment information (eg, payment amount, etc.) is transmitted to a server (eg, a VAN company server, etc.) on a network (eg, a VAN company), the payment approval request details are transmitted to the user. The card company server 8000 corresponding to the card information is provided. When the payment approval response for the payment approval request is received from the card company server 8000, the biometric information input from the card user is encrypted to encrypt the biometric information. Transmits information to the server, constructs a sales slip including the payment authorization in the server, the sales slip and the password The user biometric information is linked and stored in a predetermined storage medium, and the card company server 8000 requests the card user confirmation from the user card included in the sales slip. Confirm the requested sales slip, and confirm the encrypted user biometric information associated with the sales slip, and transmits the confirmed encrypted user biometric information to the card company server 8000, the card company server 8000 When the transmitted encrypted user biometric information is transmitted to a predetermined biometric information management server 8100, the biometric information management server 8100 decrypts the encrypted biometric information, and user unique identification information corresponding to the biometric information. Check, and transmit the identified user unique identification information to the card company server 8000, the card company server 8000 As a method for performing the card user's own authentication through the transmitted user's unique identification information, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or modify this user's drawing and various user authentications. The information processing process may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

According to the user authentication information processing shown in FIG. 82, the payment terminal shown in FIG. 59 reads card information from a user card and checks payment information input through a predetermined key input means (8200). The payment terminal generates a payment approval request text including card information and payment information (8202), transmits the generated payment approval request text to a server on a network (8204),

Then, the server transfers the payment approval request details included in the received payment approval request message to the card company server 8000 for an authorization request (8206), and the payment corresponding to the approval request from the card company server 8000. When the approval response is received, the payment approval response message is transmitted to the payment terminal (8208).

Thereafter, the payment terminal checks the user fingerprint information input through a predetermined fingerprint input means, encrypts the input user fingerprint information as shown in FIGS. 61 to 64 (8210), and encrypts the encrypted user input information. The user fingerprint information is transmitted to the server (8212).

Then, the server associates and stores the sales slip including the payment approval details and the received encrypted user fingerprint information (8214).

Thereafter, when the server is requested to confirm fraudulent use of the card included in the sales slip from the card company server 8000 (8216), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the fraudulent use. In operation 8218, the encrypted user fingerprint information is transmitted to the card company server 8000 in operation 8220.

Then, the card company server 8000 transmits the transmitted encrypted user fingerprint information to a predetermined biometric information management server 8100 to request user unique identification information corresponding to the fingerprint information (8222).

The biometric information management server 8100 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 68 to 71 corresponding to the encryption method of the payment terminal (8224).

When the encrypted fingerprint information is decrypted, the biometric information management server 8100 identifies a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 8100). Check the code (8226).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (8228), the biometric information management server 8100 sends the identified unique identification code to the card company server 8000 corresponding to the user card information. If the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 8100 sends the corresponding unique identification code to the server (or card company server 8000). It is possible to notify the absence of 8232).

When the user company identification information is received, the card company server 8000 checks user information corresponding to the card information, and compares the identified user information with the user identification information to perform user authentication (8234). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

83 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 83 shows a full text of a payment approval request including user card information and payment information (eg, payment amount) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.). When transmitted to a server (eg, a VAN company server, etc.) on the server (eg, a VAN company), the payment approval request history is provided to a card company server corresponding to the user card information, and the payment for the payment approval request is made from the card company server. When the authorization response is received, the biometric information input from the card user is encrypted, and the encrypted biometric information is stored in the payment terminal memory (or storage medium), and periodically at least one encrypted data stored in the memory. When the biometric information is collectively transmitted to the server, the biometric information corresponding to the encrypted biometric information transmitted by the batch is respectively. When the sales slip and the corresponding encrypted biometric information are processed in association with the data and stored in a predetermined storage medium, the card company server requests the card user confirmation by using the user card included in the sales slip. The server confirms the requested sales slip, confirms encrypted user biometric information associated with the sales slip, transmits the confirmed encrypted user biometric information to a predetermined biometric information management server, and transmits the biometric information to the biometric information. Request confirmation of corresponding user unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.), and decrypt the encrypted biometric information at the biometric information management server to generate the biometric information. Confirm user identification information corresponding to the identification information, and transmit the identified user identification information to the server; As a method of implementing a system for transmitting the identified user unique identification information from the server to the card company server, the card company server to perform the user authentication of the card user through the transmitted unique user identification information. However, one of ordinary skill in the art to which the present invention pertains may refer to and / or modify this diagram 83 to infer various user authentication information processing system configurations, but the present invention is directed to all the inferred implementation methods. Incidentally, the present invention is not limited to the implementation method shown in FIG.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 83, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and card information read from the user card (eg, when the card user requests payment of a predetermined user). Credit card number) and a predetermined payment approval request message including predetermined payment information, and transmits the configured payment approval request message to a server on the network, and the payment approval corresponding to the payment approval request message is received from the server. When the response message is received, the biometric information of the card user is obtained through the biometric information input means, and the stroke Encrypting the user biometric information, storing the encrypted user biometric information in the payment terminal memory (or storage medium), and periodically transmitting at least one or more encrypted biometric information stored in the memory to the server. It is characterized by.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the encrypted user biometric information is periodically received from the payment terminal, the server corresponds to the encrypted biometric information transmitted in a batch. When the sales slip is linked to the encrypted biometric information corresponding thereto and stored in a predetermined storage medium, and the card company server requests the user to confirm the card by misuse of the user card included in the sales slip. Confirming the requested sales slip in the server, checking encrypted user biometric information associated with the sales slip, and transmitting the checked encrypted user biometric information to a predetermined biometric information management server. When the user identification information corresponding to the biometric information is transmitted from the information management server, the transmission It characterized by transmitting the user unique identifying information to the card company server.

The biometric information management server is connected to the server through a predetermined network, receives encrypted user biometric information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. Identifying the user unique identification information corresponding to the, characterized in that for transmitting the identified user unique identification information to the server.

Here, the biometric information management server may be linked with the biometric information registration server shown in FIG. 1 or may include a storage medium shown in FIG.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server for user confirmation of the card for which the user's illegal use is requested, and receiving the user's unique identification information (e.g., Name, resident registration number, insurance number, driver's license number, financial transaction information, etc.), the card user information associated with the confirmed card information is queried, and the user's unique identification information corresponds to the inquired card user information. By confirming that the identity of the card user, characterized in that to perform.

84 is a diagram showing the function of the payment terminal 8400 according to another embodiment of the present invention.

In more detail, FIG. 84 shows a payment terminal 8400 on the system shown in FIG. 83, wherein the payment terminal 8400 includes predetermined fingerprint recognition means for acquiring card payment customer fingerprint information. Upon requesting a card payment by a customer, the payment customer fingerprint information is obtained, stored in the payment terminal 8400, and at least one payment customer fingerprint information stored in the payment terminal 8400 according to a predetermined cycle is stored in the network. The present invention relates to an implementation method having a functional configuration for transmitting to a server (eg, a VAN company server, etc.), and a person skilled in the art to which the present invention pertains may refer to and / or modify this drawing 84. After storing the fingerprint information of the payment customer, infer the configuration of the payment terminal (8400) function to transmit to the VAN company server on the network according to a predetermined cycle. Would be, instead of the technical features of the present invention is not limited by the figure 84, bayida put out that that includes all the embodiments in which the inference method.

Referring to FIG. 84, the payment terminal 8400 basically includes a control unit 8405, a memory unit 8450, a card reader unit 8810, a key input unit 8820, a screen output unit 8515, and a fingerprint input unit ( 8455, a communication processing unit 8430, a print output unit 8840, and a power supply unit 8825 for supplying power to the payment terminal 8400, and at least one terminal function according to the intention of a person skilled in the art. Part (eg, security application module 8835, etc.) may be further included.

The control unit 8405 controls the overall operation of the payment terminal 8400 shown in the functional configuration, manages the flow of information or data between each component, and card information (eg, credit card) read from the payment customer card. Number, etc.) and the payment approval request text including the predetermined payment information is transmitted to the VAN company server, and receives the approval response message corresponding to the payment approval request, and the payment customer input from the fingerprint input unit 8455. After the fingerprint information is stored in the memory unit 8450, at least one or more payment customer fingerprint information stored in the memory unit 8450 is transmitted to the VAN company server in accordance with a predetermined period. Characterized in that interlocking and controlling at least one or more components provided, the payment terminal 8400 is a hardware (Central Processing Unit) / CPU It may include at least one processor including an MPU (Micro Processing Unit), an execution memory (eg, a register and / or random access memory (RAM)), and a bus for inputting and outputting predetermined data.

 In addition, the payment terminal 8400 is loaded into the execution memory from a predetermined recording medium to perform a function specific to the payment terminal 8400 by a predetermined program routine (operation processing by the processor ( Transmit the full payment approval request message including the routine information and / or the program data (thus, the card information read from the payment customer card (eg, credit card number, etc.) and predetermined payment information to the VAN company server). Receives the approval response message corresponding to the payment approval request, and stores the payment customer fingerprint information input from the fingerprint input unit (8455) in the memory (8450), the memory unit 8850 according to a predetermined period At least one payment customer fingerprint information stored in the) is recorded on the recording medium provided in the payment terminal 8400 to transmit to the VAN company server. It can be achieved by also shown as being provided with a predetermined program, and / or the payment terminal (8400) functions are configurable by software processing in the components included in the controller in the (8405)).

According to the exemplary embodiment of the present invention, the control unit 8405 is provided with the components provided in the payment terminal 8400 (for example, the memory unit 8850, the card reader unit 8410, the key input unit 8820, and the fingerprint input unit). 8155, screen output unit 8515, communication processing unit 8230, security application module 8535, print output unit 8840, and / or terminal function unit (not shown) according to the intention of those skilled in the art Control and manage the provision of the electronic payment service defined in the payment terminal 8400, as well as the card information (eg, credit card number, etc.) and predetermined payment information read from the payment customer card according to the present invention. The payment authorization request message is transmitted to the VAN company server, and receives an approval response message corresponding to the payment approval request, and the payment unit fingerprint information input from the fingerprint input unit 8455 to the memory unit 8450. After saving to In accordance with the definition period to control at least one or more payment customer fingerprint information stored in the memory unit 8850 to the VAN company server by interworking with the components provided in the payment terminal 8400, or It is preferable to execute a program recorded in the recording medium provided in the payment terminal 8400.

The memory unit 8850 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the payment terminal 8400 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, and the predetermined program routine and program data (for example, data input or output for the program routine to perform a predetermined function) is required for the control unit 8405 to perform a predetermined control function. ) Is stored.

According to an embodiment of the present invention, the memory unit 8850 is a VAN company server that provides a payment approval request text including card information (eg, a credit card number, etc.) read from the payment customer card and predetermined payment information. And the payment response fingerprint corresponding to the payment approval request, and store payment customer fingerprint information input from the fingerprint input unit 8455 in the memory unit 8850, and then, according to a predetermined period, the memory It is preferable to store information (or data) generated or required in the process of transmitting at least one or more payment customer fingerprint information stored in the unit 8850 to the VAN company server.

For example, the memory unit 8850 may be configured to store payment customer fingerprint information input through the fingerprint input unit 8455 in association with payment approval history information (for example, an approval number).

The payment customer card that reads payment customer card information (eg, credit card number, etc.) included in the full payment approval request message through the payment terminal 8400 is a contact type IC card based on ISO / IEC 7816 standard. Or a wireless IC chip), and / or a card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, wherein the card reader 8410 is the customer. An interface for reading at least one or more information or data included in the card may be provided.

According to the exemplary embodiment of the present invention, the card reader 8410 may be a contact IC reader that provides an interface between the contact IC card and the payment terminal 8400, or the contactless IC card and the payment terminal 8400. A contactless IC reader may be provided to provide an interface between the terminals.

In the present invention, although the card reader 8410 is provided in the payment terminal 8400, any one or more card readers 8810 of the card reader (8410) is the payment terminal 8400. It is noted that it can be detached from or connected via a predetermined cable.

For example, when the contact IC reader unit is a card reader unit 8810 based on ISO / IEC 7816, at least one or more electrical contacts in contact with a chip on board (COB) provided in the contact IC card are provided. It comprises a contact point, and supplies power to the IC chip of the customer card through the contact point, and predetermined information from the IC chip through the half-duplex transaction using an Application Protocol Data Unit (APDU) (Eg, a credit card number, etc.) or data may be interfaced to the payment terminal 8400.

According to another exemplary embodiment of the present invention, when the fingerprint information of the customer is mounted in the payment customer IC card, the contact IC reader unit interfaces the payment customer fingerprint information to the payment terminal 8400 from the IC card. can do.

In addition, when the contactless IC reader unit is a card reader unit 8810 based on ISO / IEC 14443, the contactless electrical contact with the contactless IC card using capacitive coupling and / or inductive coupling, etc. It comprises at least one antenna to form a power supply, the power supply to the IC chip of the customer card through the antenna, and predetermined information from the IC chip through the half-duplex transaction using the APDU ( For example, a credit card number, etc.) or data may be interfaced to the payment terminal 8400.

According to another exemplary embodiment of the present invention, when the fingerprint information of the customer is mounted in the payment customer IC card, the contactless IC reader unit may interface the payment customer fingerprint information to the payment terminal 8400 from the IC card. Can be.

The payment terminal 8400 may further include an MS reader, and the MS reader is a card reader 8410 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil. Head), and the MS card in which predetermined information (e.g., magnetized binary data) is recorded is moved in a predetermined direction in close contact with the magnetic head (or the magnetic head records predetermined information). When the mobile terminal is in close contact with the MS card, a predetermined information or data is transferred from at least one track provided in the MS of the MS card by using a predetermined electrical signal loaded on the magnetic head. Can be interfaced with

The key input unit 8820 includes a predetermined at least one key button including at least one numeric key and / or a character key and / or a function key. Detects information (or a signal) inputted from a key input device of a predetermined key and is provided to the key input device in a specific input mode and / or operation mode of the payment terminal 8400 controlled by the controller 8405. When predetermined information (or signal) is input from a key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 8405. The controller 8405 may acquire predetermined key data corresponding to the key event in the current input mode and / or operation mode of the payment terminal 8400, and / or match the key event to define the key event. Characterized in that for obtaining a command to execute a predetermined function.

Here, the key input unit 8220 and the key input device having at least one key button interwork with each other to perform a function of a key input unit provided in the payment terminal 8400.

The key input device interoperating with the key input unit 8220 may include a keypad device having at least one numeric key and a function key, and / or at least one numeric key and a character key (eg, English character key, and / or Korean character). Key) and / or a keyboard device having a function key, and / or having at least one numeric key and a function key in conjunction with the screen output means, and / or having at least one numeric key, a character key and a function key. It is preferable to include at least one touch screen device.

For example, the key input unit 8420 may receive a key data (eg, a payment amount) corresponding to the electronic payment service from at least one or more key input devices for the electronic payment service defined in the payment terminal 8400. It is preferable to perform a function of an input means, and furthermore, according to the present invention, a VAN completes a payment approval request message including card information (eg, credit card number, etc.) read from the payment customer card and predetermined payment information. The server transmits to the server, receives a response message corresponding to the payment approval request, stores the payment customer fingerprint information input from the fingerprint input unit 8455 in the memory unit 8850, and according to a predetermined cycle. At least one key required in the process of transmitting at least one payment customer fingerprint information stored in the memory unit 8850 to the VAN company server It is preferred to carry out the functions of the key input means for inputting the data.

The screen output unit 8515 may be provided to the controller 8405 in a process in which the payment terminal 8400 performs a predetermined function (for example, payment customer fingerprint information storage, processing and batch transmission function, and electronic payment processing function). Output at least one or more information or data that is predefined or defined in real time to be output to a predetermined display device including a liquid crystal display (LCD) and / or a cathode ray tube (CRT) by means of a predefined interface screen. The screen output unit 8515 and the screen output device interoperate with each other to perform a function of a screen output unit provided in the payment terminal 8400.

Predefined information or data to be output from the payment terminal 8400 to the screen output device includes key data input through the key input unit 8220 and / or components included in the payment terminal 8400. Information (or data) stored or generated by the information, information (or data) transmitted / received through the communication processor 8230, and / or information corresponding to a predetermined operation result performed by the payment terminal 8400 (or Data) and at least one.

According to a preferred embodiment of the present invention, the screen output unit 8515 screen output means for outputting a predetermined processing screen according to the fingerprint information processing, storage, batch transfer and electronic payment step defined in the payment terminal 8400 Performs the function of.

When a customer inputs a fingerprint through a predetermined fingerprint recognition (or input) device, the fingerprint input unit 8455 scans the customer fingerprint and transfers the scanned customer fingerprint data to the controller 8405.

The communication processor 8230 may perform a payment network (eg, a value added network (VAN)) while the payment terminal 8400 performs a predetermined function (for example, a fingerprint information processing function or an electronic payment processing function). Communicating with a VAN company server or a terminal (or device) connected to the payment terminal 8400 via a predetermined cable or a terminal (or device) connected to the payment terminal 8400 through a predetermined short-range wireless communication. Provides a predetermined communication means for connecting a session, and a communication session with a predetermined terminal (or device) through a network communication unit for connecting a predetermined communication channel with a VAN company server on a wired or wireless network, or a predetermined cable communication port. A predetermined communication session with a predetermined local area communication terminal (or device) device through a cable communication unit or at least one local area wireless communication unit for connecting Comprised, including the short-range wireless communication unit for connection, it comprises a communication protocol and / or the driver for connecting the communication channel (or communication session) by software.

The network communication unit may include a predetermined wired network and / or a mobile communication network including a Value Added Network (VAN) or a financial common network or high-speed Internet (eg, ADSL / VDSL / Cable Network /.../ satellite communication). And a communication channel with a server (for example, a VAN company server) on a wired / wireless network through a predetermined wireless network including a wireless data communication network. The payment terminal 8400 is hardwarely connected to a predetermined wired / wireless network. It may include a modem or a network interface card (NIC) for access, and may include a communication protocol and / or driver for software to connect the payment terminal 8400 to the wired and wireless network. have.

The cable communication unit connects a cable communication session with a predetermined terminal (or device) through a predetermined cable communication (eg, RS-232c or Universal Serial Bus (USB)), and the cable is connected in hardware. It comprises a predetermined cable communication port, and may comprise a communication protocol and / or driver for the cable communication in software.

Here, the terminal (or device) to which the cable communication session is connected through the cable communication unit preferably includes a predetermined point of sales (POS) terminal.

The short range wireless communication unit includes at least one of infrared ray communication, RF (Radio Frequency) communication, Bluetooth (BlueTooth), Wireless LAN (Wi-Fi), Wi-Fi (Wi-Fi), and Universal Serial Bus (USB). Characterized in that to connect a predetermined terminal (or device) and a short-range wireless communication session through at least one or more short-range wireless communication means, the hardware includes the infrared communication, RF communication, Bluetooth, WLAN, WiFi, UWB And a predetermined short range wireless communication module for short range wireless communication, and includes a communication protocol and / or a driver for the short range wireless communication in software.

Here, the terminal (or device) to which the short-range communication session is connected through the short-range communication unit preferably includes a customer wireless terminal that mounts or detaches a predetermined wireless IC chip.

The secure application module (8435) (SAM) is a confidentiality and / or authentication (required in the process of performing the electronic payment and / or electronic payment by the payment terminal 8400 using the customer card ( Security requirements, including authentication and / or integrity and / or nonrepudiation, can be secured and trusted within the payment terminal 8400 without using an authentication server (or server) on the payment network. As a safety device for performing the structure, the payment terminal 8400 has a predetermined message processed in the process of performing a predetermined security request function (for example, fingerprint information processing, storage and batch transmission function, electronic payment processing function, etc.). Encrypt or decrypt (information or data), add an authenticator to prevent forgery (or tampering) of the message, or perform the security request function In doing so, it can perform the function of storing important key information.

In general, the security application module (8435) may be composed of a predetermined security application module (8435) inserter and a security application module (8435) chip, the chip of the security application module (8435) chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It may be made, including.

In addition, the security application module (8435) is at least one or more security application data (e.g., at least one identifier, version, expiration date, issue date, code value, etc.) required to perform a predetermined security request function to the payment terminal 8400 ) And / or keys (e.g. one master key and at least one application key) and / or protocols (e.g. trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money companies / card companies) Registration protocol, privilege acquisition protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / delete / discard / initialization / Reprocess / cancel command).

The print output unit 8440 may be configured to perform a predetermined function (eg, an electronic payment processing function) by the payment terminal 8400 and / or predetermined information or data (eg, payment approval details) generated as a result. Data, etc.) to a predetermined printing device (8445) (for example, a receipt printer), and to print the print information or data through the predetermined printing device (8445) in accordance with a predefined printing form. It can be made by including a printing protocol and a driver.

Referring to FIG. 84, the control unit 8405 of the payment terminal 8400 generates the scanned payment customer fingerprint data provided from the fingerprint input unit 8455 as fingerprint information including predetermined feature points, and generates the generated fingerprint information. Fingerprint information processing unit 8260 that encrypts fingerprint information, card information (eg, credit card number, etc.) read from the customer card through the card reader unit 8410 and a transaction input through the key input unit 8420. A specialized component 8465 constituting a payment approval request text including information (eg, payment amount information), and a specialized transmission unit for transmitting the configured payment approval request text to the VAN company server (or payment server) ( 8470), a specialized receiving unit 8475 for receiving a payment approval response message corresponding to the payment approval request message from the VAN company server, and storing the encrypted payment customer fingerprint information in the memory unit 8450. A fingerprint information storage unit 8280 and a fingerprint information transmission unit 8485 for collectively transmitting at least one or more payment customer fingerprint information stored in the memory unit 8850 to the VAN company server according to a predetermined cycle. Can be.

Here, when the payment customer fingerprint data scanned from the fingerprint input unit 8545 is provided, the fingerprint information processing unit 8560 applies a predetermined pattern recognition algorithm to the provided fingerprint data, and prints fingerprint information of another payment customer. Except for the common points that may have the same, only the feature points (eg, ridges and valleys, shortcomings, and the like) of the payment customer are generated to generate fingerprint information in the form of a template.

In this case, the size of the template increases as the number of feature points increases, but the recognition error rate decreases. In general, about 15 to 60 feature points are included in the template, and the payment terminal 8400 It is noted that the recognition error rate and size of the fingerprint information may be changed according to the specification.

According to another exemplary embodiment of the present invention, when the customer fingerprint information is mounted on the customer IC card, the fingerprint information processor 8260 may receive the customer fingerprint information read from the IC card from the card reader unit. Can be.

The fingerprint information processing unit 8260 may encrypt the generated fingerprint information so that the fingerprint information cannot be used even if the fingerprint information of the payment customer is illegally stolen or leaked. The customer of the fingerprint information processing unit 8560 The fingerprint information encryption process will be described with reference to FIGS. 85 to 89 below, which will not be described separately in this figure.

The specialized component 8465 may include card information (eg, a credit card number, etc.) read from the customer card through the card reader 8410 and transaction information (eg, through the key input unit 8420). A payment approval request message including a payment amount information) and affiliated store information (or payment terminal 8400 information, etc.) previously stored in the memory unit 8850, and the configured payment approval request message Transfer to the professional transmission unit (8470).

The specialized transmission unit 8270 may transmit the payment approval request message to the VAN company server (or payment server) when the payment approval request message configured through the expert component 8465 is delivered.

The fingerprint information storage unit 8280 may store, in the memory unit 8850, payment customer fingerprint information that is input from a corresponding payment customer and encrypted through the fingerprint processing unit when the payment is made using the payment terminal 8400. It is done.

At this time, the fingerprint information storage unit 8850 confirms that the approval response for the payment processing request of the payment customer is received from the VAN company server, and encrypts the payment customer fingerprint information and the payment approval history. It is characterized by storing in association with.

The fingerprint information transmitting unit 8485 extracts at least one or more payment customer fingerprint information stored in the memory unit 8450 from the memory unit 8850 through the fingerprint information storage unit 8280 to the server. Characterized in that the batch transmission.

85 is a diagram showing the configuration of a fingerprint information processing unit 8260 equipped with a function of encrypting fingerprint information through a predetermined encryption key according to one embodiment of the present invention.

In more detail, FIG. 85 is a fingerprint information processing unit 8260 of the payment terminal 8400 shown in FIG. 84, wherein fingerprint information input from a predetermined fingerprint input unit is inputted by the fingerprint information processing unit of the payment terminal 8400 ( A function configuration provided by encrypting through a predetermined encryption key in 8460, and a person skilled in the art to which the present invention pertains, the fingerprint input unit (8455) by referring to and / or modified this figure 85 It is possible to infer various implementation methods for the fingerprint information processing unit 8260 by encrypting fingerprint information inputted from a predetermined encryption key, but the present invention includes all the inferred implementation methods, and is shown in FIG. It is not limited to the implemented method.

Referring to FIG. 85, the fingerprint information processing unit 8260 may store a memory that associates and stores a predetermined encryption key for encrypting fingerprint information input from the fingerprint input unit 8455 and the encryption key index, and the encryption key. Characterized in that it comprises a password processing unit 8500 for encrypting the input fingerprint information through.

The memory may store a predetermined encryption key for encrypting the input fingerprint information, and the encryption key may be processed in association with a predetermined encryption key index to store the memory (or the payment terminal 8400 memory unit 8450). It is characterized in that stored in).

Here, the encryption key is an encryption key for encrypting the fingerprint information in a symmetric key (or secret key) encryption method, and / or an encryption key for encrypting the fingerprint information in a public key encryption method, and / or the fingerprint information. It may include at least one or more of an encryption key for encrypting the electronic envelope encryption method, and / or an encryption key for encrypting the fingerprint information in a key exchange encryption method.

In addition, the encryption key index stored in the memory in association with the encryption key is index information (for example, merchant code) for identifying a predetermined decryption key associated with the encryption key in a host that decrypts the encrypted fingerprint information. Or a payment terminal (8400) code, etc.), whereby a host (eg, a biometric information management server, etc.) that decrypts the encrypted fingerprint information is assigned to the encryption key based on the encryption key index. At least one corresponding decryption key may be identified and the encrypted fingerprint information may be decrypted using the identified decryption key.

Here, the decryption key identified through the encryption key index is a decryption key for decrypting the encrypted fingerprint information by a symmetric key (or secret key) decryption method, or decrypting the encrypted fingerprint information by a public key decryption method. At least one or more of a decryption key for decryption, a decryption key for decrypting the encrypted fingerprint information by an electronic envelope decryption method, or a decryption key for decrypting the encrypted fingerprint information by a key exchange decryption method.

According to another exemplary embodiment of the present invention, when the payment terminal 8400 information (or merchant code information) included in the payment approval request message generated by the payment terminal 8400 performs the encryption key index function, the memory The encryption key index may be omitted, and the present invention is not limited thereto.

The encryption processing unit 8500 may use a symmetric key (or secret key) encryption method, and / or a public key encryption method, and / or the user fingerprint information input through the fingerprint input unit 8455 through an encryption key stored in the memory. And encrypting through at least one or more of an electronic envelope encryption scheme and / or a key exchange encryption scheme.

It is preferable that the fingerprint information encrypted by the fingerprint information processing unit 8260 is kept secure until a predetermined decryption key is decrypted by a predetermined host (eg, a biometric information management server).

86 is a diagram showing a method for encrypting fingerprint information in a symmetric key (or secret key) method by the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 86 is a method for encrypting the fingerprint information by a symmetric key (or secret key) method in a fingerprint information processing unit 8260 equipped with an encryption function as shown in FIG. 85. Those skilled in the art may refer to and / or modify this drawing 86 to infer various implementation methods for encrypting the fingerprint information in a symmetric key (or secret key) manner by the fingerprint information processing unit 8260. It will be appreciated that the present invention encompasses all of the inferred practice methods and is not limited to the practice method shown in FIG.

In FIG. 86 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the memory (or the payment terminal 8400 memory unit 8450) included in the fingerprint information processing unit 8260. Do.

Referring to FIG. 86, when user fingerprint information is input through the fingerprint input unit 8455, the fingerprint information unit 8500 is provided to the encryption processing unit 8500. When the user fingerprint information is provided, the encryption processing unit 8500 is provided. Reads a predetermined symmetric key (or secret key) for encrypting fingerprint information from the memory (or payment terminal 8400 memory unit 8850) included in the fingerprint information processing unit 8260 (8605). The fingerprint information is encrypted (8610) using a symmetric key (or secret key).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the symmetric key (or secret key) is k (key), the fingerprint information is P (Plaintext), and the symmetric key (or secret key). If the fingerprint information encrypted with) is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Ek (P) = C".

According to an embodiment of the present invention, the algorithm for encrypting the fingerprint information through the symmetric key (or secret key) by the encryption processing unit 8500, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA It is preferable to include at least one or more of the International Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

87 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 87 is a method for encrypting the user fingerprint information in a public key infrastructure structure by a fingerprint information processing unit 8260 having an encryption function as shown in FIG. 85, and in the technical field to which the present invention pertains. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in the public key method by referring to and / or modifying the drawing 87. It includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In the drawing 87 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 8400 memory unit 8450) provided in the fingerprint information processing unit 8260.

Referring to FIG. 87, when user fingerprint information is input through the fingerprint input unit 8155, the fingerprint information is provided to the encryption processing unit 8500, and when the fingerprint information is provided, the encryption processing unit 8500 is provided. A predetermined server side public key for encrypting the fingerprint information is extracted from a memory (8705), and the fingerprint information is encrypted through the extracted server side public key (8710).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the server-side public key is k1 (key), the fingerprint information is P (Plaintext), and the fingerprint information encrypted with the server-side public key. Speaking of C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Ek1 (P) = C".

According to an embodiment of the present invention, an algorithm for encrypting the fingerprint information through the server-side public key by the encryption processing unit 8500 may include RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the fingerprint information through the RSA encryption algorithm among the encryption algorithms, the published method (Modulus) used in the encryption process is n, and the undisclosed prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 8500 can be expressed as" C = Ek1 (P) = Pe mod n ".

88 is a diagram illustrating a method for encrypting fingerprint information in an electronic envelope method in the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 88 is an embodiment of an embodiment of encrypting the user's fingerprint information by an electronic envelope method in a fingerprint information processing unit 8260 equipped with an encryption function as shown in FIG. 85, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in an electronic envelope method by referring to and / or modifying the drawing 88. However, the present invention provides the analogy. It includes all the implementation methods, and is not limited to the implementation method shown in FIG.

In the drawing 88 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 8400, the memory unit 8450) provided in the fingerprint information processing unit 8260.

Referring to FIG. 88, when user fingerprint information is input from the fingerprint input unit 8455, the fingerprint input unit 8500 provides the fingerprint information to the encryption processing unit 8500. When the fingerprint information is provided, the encryption processing unit 8500 receives the fingerprint information. Generates a random random secret key for encrypting the information in a secret key (symmetric key) method (8805), and encrypts the fingerprint information using the generated secret key (8810) .

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the secret key is r (random secret key), the user fingerprint information is P (Plaintext), and the fingerprint information encrypted with the secret key is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Er (P) = C".

According to the exemplary embodiment of the present invention, the algorithm for encrypting the fingerprint information through the secret key 8500 may include SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, and IDEA (International Data Encryption Algorithm). It is preferable to include at least one of), and in addition to the encryption algorithm of various forms may be used, but the present invention is not limited by a specific encryption algorithm.

Thereafter, the encryption processing unit 8500 encrypts the secret key (random secret key) used to encrypt the user fingerprint information. For this purpose, the encryption processing unit 8500 extracts a predetermined server-side public key from the memory. In operation 8815, the secret key is encrypted using the server-side public key.

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the server-side public key is k1 (key), the secret key is r (random Secret key), and the secret encrypted with the server-side public key. If the key is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Ek1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key by the encryption processing unit 8500 may include: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 8500 can be expressed as" C = Ek1 (r) = re mod n ".

If the fingerprint information is encrypted with the secret key and the secret key is encrypted with the server-side public key, the encryption processing unit 8500 may encrypt the fingerprint information encrypted with the secret key and the secret key encrypted with the server-side public key. Interworking

89 is a diagram showing a method for encrypting fingerprint information in a key exchange method in the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 89 is an embodiment of the present invention for encrypting and transmitting the fingerprint information by a key exchange method in a fingerprint information processing unit 8260 having an encryption function as shown in FIG. 85, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the fingerprint information in the key exchange method by referring to and / or modifying the drawing 89, but the present invention is inferred from It includes all implementation methods and is not limited to the implementation method shown in FIG.

In the drawing 89 according to the embodiment of the present invention, the fingerprint input unit 8455 side private key and the server side public key are provided in the memory (or payment terminal 8400) memory unit 8850 provided in the fingerprint information processing unit 8260. It is preferable to read from).

Referring to FIG. 89, when user fingerprint information is input through the fingerprint input unit 8155, the fingerprint information unit 8500 is provided to the encryption processing unit 8500. When the fingerprint information is provided, the encryption processing unit 8500 receives the fingerprint information. Generates a message digest including a predetermined one-way hash function (eg, a hash code of a predetermined length regardless of the length of the fingerprint information), and generates the hash code (or message digest). One-way hash function that cannot identify (or infer) the original message through the message input unit 8455 and the host that decrypts the encrypted fingerprint information using the same hash function). The digital signature is generated (8905) and the message digest is digitally signed (8910) by encrypting the message digest using the private key of the fingerprint information processor 8260.

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the fingerprint information processing unit 8260 side private key is t1 (yerminal side key), the message digest is m (message digest), and the fingerprint If the message digest encrypted with the private key of the input unit 8155 is called C (Ciphertext), the digital signature function of the encryption processing unit 8500 may be expressed by an expression such as "Et1 (m) = C".

According to an embodiment of the present invention, the encryption processing unit 8500 encrypts the message digest using the private key of the fingerprint information processing unit 8260, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA ( Digital Signature Algorithm (DH), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH is preferably included at least one or more. The present invention is not limited by the algorithm.

For example, in the case of encrypting the message digest through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the digital signature function of the encryption processing unit 8500 can be expressed as" C = Et1 (m) = me mod n ".

In addition, the encryption processing unit 8500 generates a predetermined random secret key for encrypting the fingerprint information using a secret key (symmetric key) method (8915), and the fingerprint information and the fingerprint. Encrypts the message digest encrypted with the private key of the input unit 8455 and a copy of a certificate (for example, a certificate including the public key of the fingerprint information processing unit 8860) on the memory and encrypts the copy using the generated secret key. (8920).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the secret key is r (random secret key), the fingerprint information and the copy of the certificate P (Plaintext), and the fingerprint information encrypted with the secret key And a copy of the certificate is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, the encryption processing unit 8500 encrypts the fingerprint information and the certificate copy through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International). It is preferable to include at least one or more of Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

In addition, the encryption processing unit 8500 extracts a predetermined server-side public key from the memory (8925) and encrypts the fingerprint information using the server-side public key to encrypt the secret key that encrypts the fingerprint information. The encrypted secret key is encrypted (8930).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the server-side public key is encrypted with s1 (server side key), the secret key is r (random secret key), and the server-side public key. When the secret key is referred to as C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by an expression such as "Es1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key by the encryption processing unit 8500 may include: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 8500 can be expressed as" C = Es1 (r) = re mod n ".

A copy of the certificate including the message digest encrypted with the fingerprint information and the private key of the fingerprint information processing unit 8260 and the public key of the fingerprint information processing unit 8846 is linked and encrypted through the generated secret key, When a secret key is encrypted through the server-side public key, the encryption processing unit 8500 encrypts the message digest and the fingerprint information encrypted with the fingerprint information encrypted with the secret key and the private key of the fingerprint information processing unit 8260. A predetermined copy of the fingerprint information is generated by associating a copy of the certificate including the public key of the processor 8260 with the secret key encrypted with the server-side public key.

90 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

In more detail, the drawing 90 is connected to the payment terminal 8400 shown in FIG. 84 through a predetermined network (eg, a VAN) and at least stored in the payment terminal 8400 from the payment terminal 8400. When one or more encrypted user biometric information is received in a batch, the sales slip corresponding to each of the collectively received encrypted user biometric information and the encrypted user biometric information are processed in association with each other and stored in a predetermined storage medium. When a request for fraudulent use of the card included in the sales slip is requested, the encrypted user biometric information associated with the sales slip is checked, and the encrypted user biometric information is transmitted to a predetermined biometric information management server. Request user identification information corresponding to the biometric information, and transmit the biometric information to the biometric information from the biometric information management server. As a method for configuring a server (eg, a VAN company server) on a network that transmits the transmitted user unique identification information to the card company server, when corresponding user unique identification information is transmitted, it is common in the art to which the present invention pertains. In the case of a person with knowledge of the present invention, in accordance with the request of FIG. By transmitting, it is possible to infer a variety of server configuration for requesting confirmation of the user's unique identification information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information, Includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 90 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 90, the server includes a receiving unit 9005, a reading unit 9010, a specialized processing unit 9015, an approval requesting unit 9020, a biometric information processing unit 9035, and a sales information processing unit 9025. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 9005 includes payment information including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal 8400 shown in FIG. Receiving the full text of the approval request, transfers the received payment approval request full text to the reading unit 9010, and also periodically receives at least one or more user encrypted fingerprint information from the payment terminal 8400, the biometric information processing unit (9035).

The reading unit 9010 reads the payment approval request text when the payment approval request message received through the receiving unit 9005 is transferred, and reads the user card information (eg, a credit card) included in the payment approval request text. Number, etc.), the card company information corresponding to the confirmed card information is confirmed, and the confirmed card company information and the payment approval request details are transmitted to the approval request unit 9020.

The approval request unit 9020, when the payment approval request details and the card company information are transmitted through the reading unit 9010, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

When the information processing unit receives a payment approval response for the payment approval request from the card company server through the approval request unit 9020, the information processing unit forms a sales slip including the payment approval details according to the response result. When at least one piece of encrypted user fingerprint information is periodically received through the receiving unit 9005, the received encrypted fingerprint information and the sales slip corresponding thereto are linked to a predetermined storage through the information storage unit 9030. Save to media.

The biometric information processing unit 9035 transmits the encrypted fingerprint information associated with the sales slip to the biometric information management server in response to a request for confirming the unauthorized use of the card included in the sales slip from the card company server. Request identification of corresponding user identification information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.), and the user identification information corresponding to the fingerprint information is stored through the biometric information management server. When the identification is confirmed, the received unique user identification information is received, and the received user unique identification information is transmitted to the card company server.

The expert processing unit 9015 receives the payment approval response received through the approval request unit 9020, configures a payment approval response message to be transmitted to the payment terminal 8400, and stores the configured payment approval response message in full. Transfer to the payment terminal 8400.

The information storage unit 9030 stores information (or data) collected or generated while the at least one or more function components provided in the server perform a corresponding function.

91 is a diagram showing the functional configuration of a card company server 9100 according to an embodiment of the present invention.

More specifically, the drawing 91 is connected to the server shown in the drawing 90 to a predetermined network (e.g., payment network, etc.), and when the payment approval request details are received from the server, the payment corresponding to the payment approval request details is shown. When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for unauthorized use confirmation of the card is made to the server, and the card user unique identification information is received from the server. As a method of implementing a card company server 9100 configured to perform identity verification for the card user by receiving and confirming whether the user unique identification information corresponds to the card user information, the present invention is a general method in the art. If you have the knowledge, the user notice transmitted from the server by referring to and / or modifying the drawing 91 is A variety of card company servers 9100 configured to authenticate the card user by comparing identification information with user information stored in the card user information (customer information) DB (or storage medium), and responding to a request for confirming the unauthorized use of the card. Although it can be inferred that the present invention includes all the implementation methods inferred above, it is not limited to the implementation method shown in FIG.

In addition, although the card company server 9100 illustrated in FIG. 91 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and is provided in the server. The at least one functional component may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG. 83.

Referring to FIG. 91, the card company server 9100 includes a receiver 9305, a reader 9110, a professional processor 9115, a user authentication unit 9120, a limit confirmation unit 9130, and information storage. It may be configured to include a part 9125, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 9905 receives a payment approval request history of a predetermined card user from the server illustrated in FIG. 90, and transmits the received payment approval request details to the reading unit 9110.

The reading unit 9110 reads the payment approval request history received through the receiving unit 9905, confirms user card information, and checks the confirmed card information and payment approval request details (for example, a payment amount). Characterized in that the transfer to the limit check unit (9130).

The limit checking unit 9130 may check the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 9110, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is transferred to the specialized processing unit 9115, and the result of the determination is transferred to the information storage unit 9125 to store the card company DB (or storage). Media).

When the result of the determination that the payment is possible through the limit checking unit 9130 is transmitted, the specialized processing unit 9115 constructs a payment approval response detail including the received details and transmits the result to the server.

When the user authentication unit 9320 is requested to confirm the illegal use of the user card, the user authentication unit 9120 requests the user identification information according to the request for the unauthorized use of the card to correspond to the user card information from the server. When the unique user identification information is delivered, the user identification information is compared with the transmitted card user information, characterized in that for performing the user authentication for the transaction.

92 is a diagram showing the functional configuration of the biometric information management server 9200 according to an embodiment of the present invention.

More specifically, FIG. 92 is connected to the server shown in FIG. 90 through a predetermined network (eg, a VAN) and receives encrypted user biometric information from the server, thereby receiving the encrypted user. A method of implementing a biometric information management server 9200 to decrypt biometric information, identify user unique identification information corresponding to the decrypted user biometric information, and transmit the identified user unique identification information to the server. Those skilled in the art to which the present invention pertains, various server configurations for verifying the user unique identification information corresponding to the user biometric information by decrypting the encrypted biometric information by referring to and / or modified in Figure 92 It can be inferred that, but the present invention includes all the implementation method inferred, the embodiment shown in Figure 92 It is not limited to the method.

In addition, although the server illustrated in FIG. 92 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 92, the biometric information management server 9200 may include an information receiver 9305, a decoder 9210, an information transmitter 9215, and an information confirmer 9220. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 9305 may receive predetermined encrypted biometric information from the server illustrated in FIG. 90, and transmit the received encrypted biometric information to the decryption unit 9210.

The decryption unit 9210 decodes the encrypted biometric information when the encrypted biometric information received through the information receiver 9305 is transferred, and the decrypted biometric information is determined by the information confirmation unit ( 9220).

The encrypted biometric information decryption process of the decryption unit 9210 will be described in more detail with reference to FIGS. 93 and 96 below.

When the encrypted biometric information is decrypted by the decryption unit 9210, the information confirming unit 9220 confirms (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmission unit 9215.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information confirmation unit 9220, the information transmission unit 9215 sends the encrypted user identification information to the encrypted biometrics. Send the information to the server that sent it.

93 is a diagram illustrating a method for decrypting predetermined encrypted biometric information received from the server by the symmetric key (or secret key) method in the biometric information management server 9200 according to an embodiment of the present invention.

In more detail, FIG. 93 is encrypted from a payment terminal 8400 having an encryption function as shown in FIG. 84, and the biometric information management server 9200 shown in FIG. 92 stores the encrypted biometric information transmitted through the server. The present invention relates to a method of decrypting by a symmetric key (or secret key) method. Various implementation methods of decrypting by a symmetric key (or secret key) method may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 93 according to the embodiment of the present invention, fingerprint information will be presented as an embodiment of the biometric information.

Referring to FIG. 93, an information receiving unit 9305 of the biometric information management server 9200 provides the encrypted fingerprint information received from the server to the decrypting unit 9210 (9300).

Thereafter, the decryption unit 9210 is configured to decrypt the encrypted fingerprint information from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server (for example, an authentication server) on a network. The extracted symmetric key (or secret key) is extracted or provided (9305), and the encrypted fingerprint information is decrypted through the extracted symmetric key (or secret key) (9310).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), and the fingerprint information encrypted with the symmetric key (or secret key) k (key) and the symmetric key (or secret key) is C (Ciphertext). And, if the decrypted fingerprint information P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 9210 is "Dk = P, or Dk (Ek (P)) = P" and The same formula can be used.

According to an embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 9210 through the symmetric key (or secret key) may be SEED, DES (Data Encryption Standard), Triple-DES, Skipjack. It is preferable to include at least one or more of an International Data Encryption Algorithm (IDEA), and various types of decryption algorithms may be used, but the decryption algorithm matches the encryption algorithm used in the payment terminal 8400. The present invention is not limited to the specific decoding algorithm.

When the fingerprint information encrypted through the symmetric key (or the secret key) is decrypted as described above, the decryption unit 9210 transmits the decrypted fingerprint information to the information confirmation unit 9220, and the information confirmation unit 9220 ) May identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium.

94 illustrates a method for decrypting encrypted biometric information received from the biometric information management server 9200 in a public key infrastructure according to an embodiment of the present invention.

In more detail, FIG. 94 illustrates a structure of a public key infrastructure in the biometric information management server 9200 for transmitting the encrypted biometric information encrypted from a payment terminal 8400 having an encryption function as shown in FIG. 84 and transmitted through the server. Method for decrypting by the method, and if it is a common knowledge in the technical field to which the present invention belongs, fingerprints encrypted with the server-side public key in the payment terminal 8400 by referring to and / or modified in Figure 94 Various implementation methods for decrypting information in a public key based structure may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 94 according to an embodiment of the present invention, a server-side private key for decrypting fingerprint information encrypted with the server-side public key in a public key infrastructure is provided in the biometric information management server 9200 or on a network. It is preferable to read from the storage medium provided in the key management server (for example, authentication server, etc.), and the present invention is not limited thereby.

Referring to FIG. 94, the encrypted fingerprint information received through the information receiving unit 9205 of the biometric information management server 9200 is provided to the decrypting unit 9210 (9400).

Thereafter, the decryption unit 9210 extracts a server-side private key for decrypting the encrypted fingerprint information from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server (9405). The encrypted fingerprint information is decrypted using the extracted server-side private key (9410).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the server-side private key is k2 (key), the fingerprint information encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When the fingerprint information decrypted by the key is called P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 9210 is a formula such as "Dk2 = P, or Dk2 (Ek (P)) = P". I can express it.

According to an embodiment of the present invention, an algorithm for decrypting fingerprint information encrypted by a server-side public key in the payment terminal 8400 by the decryption unit 9210 via the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 8400, the present invention is not limited by a specific decryption algorithm.

For example, when the fingerprint information is decoded through the RSA decryption algorithm among the public key based decryption algorithms, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the reading unit 9110 can be expressed as" P = Dk2 = Cd mod n ".

When the fingerprint information encrypted with the server-side public key is decrypted by the payment terminal 8400 through the server-side private key as described above, the decryption unit 9210 transfers the decrypted fingerprint information to the information verification unit 9220. The information checking unit 9220 may identify (or extract) user unique identification information corresponding to the decrypted biometric information from a predetermined storage medium.

95 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server 9200 from the server in an electronic envelope according to an embodiment of the present invention.

In more detail, FIG. 95 shows the encrypted information in the biometric information management server 9200 that receives the encrypted biometric information encrypted from the payment terminal 8400 having the encryption function as shown in FIG. 84 and transmitted through the server. The present invention relates to a method for decoding biometric information by an electronic envelope method. If the present invention belongs to a general knowledge, the electronic device may be used in the payment terminal 8400 by referring to and / or modifying the drawing 95. It is possible to infer various implementation methods for decrypting the fingerprint information encrypted in the manner in the biometric information management server 9200 by the same electronic envelope method, but the present invention includes all the inferred implementation methods, It is not limited to the implementation method shown.

In this figure 95 according to an embodiment of the present invention, a server-side private key for decrypting the encrypted fingerprint information by an electronic envelope method is provided in the biometric information management server 9200 or a predetermined key management server (for example, on a network). It is preferable to read from the storage medium provided in the authentication server, etc., whereby the present invention is not limited.

Referring to FIG. 95, the encrypted fingerprint information received through the information receiver 9305 of the biometric information management server 9200 is provided to the decryption unit 9210 (9500), and then, the decryption unit 9210 ) Extracts a server-side private key for decrypting the encrypted secret key included in the fingerprint information from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server (9505). By decrypting a secret key encrypted with the server-side public key in the payment terminal 8400 through the extracted server-side private key (9510), a predetermined secret key for decrypting the fingerprint information is extracted (9515), By decrypting the fingerprint information using the extracted secret key (9520), the payment terminal 8400 extracts the fingerprint information encrypted with the secret key (9525).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the server-side private key is k2 (key), and the secret key encrypted with the server-side public key is C (Ciphertext) and the server-side individual. When a secret key decrypted with a key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 9210 is "Dk2 = r, or Dk2 (Ek1 (r)) = r". It can be expressed as an expression.

According to an embodiment of the present invention, an algorithm for decrypting the secret key encrypted by the payment terminal 8400 with the server-side public key through the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 8400, the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoding unit 9210 may be expressed as" P = Dk2 = Cd mod n ".

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the secret key is r (random secret key), the fingerprint information encrypted with the secret key is C (Ciphertext), and the decrypted fingerprint. If the information is referred to as P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 9210 may be expressed by an expression such as "Dr = P or Dr (Er (P)) = P".

According to the exemplary embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 9210 may include SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, and International Data (IDEA). It is preferable to include at least one or more of the Encryption Algorithm, and various forms of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 8400, The present invention is not limited by the specific decoding algorithm.

When the fingerprint information is decrypted as described above, the decryption unit 9210 may provide the decrypted fingerprint information to the information confirmation unit 9220, and the information confirmation unit 9220 corresponds to the decrypted biometric information. User identification information can be identified (or extracted) from a predetermined storage medium.

96A and 96B illustrate a method of decrypting encrypted biometric information received from the biometric information management server 9200 by the key exchange method according to an embodiment of the present invention.

In more detail, FIGS. 96A and 96B illustrate the encrypted fingerprint information in the biometric information management server 9200, which receives the encrypted fingerprint information from the payment terminal 8400 having the encryption function as shown in FIG. 84 through the server. The present invention relates to a method of decrypting by a key exchange method, and if the present invention belongs to one of ordinary skill in the art, referring to FIG. 96 and / or modified to the key exchange method in the payment terminal 8400 Various implementation methods for decrypting the encrypted payment means information in the biometric information management server 9200 by the same key exchange method may be inferred, but the present invention includes all the inferred implementation methods, and is shown in FIG. It is not limited to the implemented method.

In FIG. 96 according to the embodiment of the present invention, the server-side private key and the payment terminal 8400 side public key for decrypting the encrypted fingerprint information in a key exchange method are provided in the biometric information management server 9200 or It is preferable to read from a storage medium provided in a predetermined key management server or the like, and the present invention is not limited thereto.

Referring to FIGS. 96A and 96B, when the encrypted fingerprint information is received and transmitted through the information receiving unit 9305 of the biological information management server 9200, the encrypted fingerprint information is decrypted by the decryption unit 9210. (79605), the fingerprint information encrypted with the secret key includes a copy of a certificate including the message digest encrypted with the private key of the payment terminal 8400 and the public key of the payment terminal 8400; Preferably, the secret key is encrypted with the server-side public key.

Thereafter, the decryption unit 9210 decodes the server-side private key from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server to decrypt the secret key encrypted with the server-side public key. Extracting (9610) and decrypting the secret key through the server-side private key (9615) to reveal the message digest encrypted with the fingerprint information and the private key on the payment terminal 8400 side and the payment terminal 8400 side. The secret key for decrypting a copy of the certificate containing the key is extracted (9620).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the server side private key is s2 (server side key), the secret key encrypted with the server side public key is C (Ciphertext), and the server. When the secret key decrypted with the side private key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 9210 is "Ds2 = r, or Ds2 (Es1 (r)) = r". It can be expressed as

According to an embodiment of the present invention, an algorithm for decrypting the secret key encrypted by the payment terminal 8400 with the server-side public key through the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 8400, the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 9210 may be expressed as" P = Ds2 = Cd mod n ".

When the secret key is extracted as described above, the decryption unit 9210 uses the extracted secret key and the message digest and the payment terminal 8400 side encrypted with the fingerprint information and the private terminal 8400 side. By decrypting a copy of the certificate containing the public key (9625), the message digest encrypted with the secret key and the message digest encrypted with the private key on the payment terminal 8400 side and the public key on the payment terminal 8400 side. Extract a copy of the certificate.

Here, the decryption function of the decryption unit 9210 is called D (Decryption), and the secret key is encrypted with r (random secret key), fingerprint information encrypted with the secret key, and a private key of the payment terminal 8400 side. A copy of the certificate including the message digest and the public key of the payment terminal 8400 is C (Ciphertext), and the message digest and the payment terminal encrypted with the decrypted fingerprint information and the private key of the payment terminal 8400. 8400) If the copy of the certificate including the public key is called P (Plaintext), the decryption unit 9210 is encrypted with the encrypted fingerprint information and the payment terminal 8400 side private key and the payment terminal ( The function of decrypting the copy of the certificate including the public key on the side of 8400 may be expressed by an expression such as "Dr = P, or Dr (Er (P)) = P".

According to an embodiment of the present invention, the decryption unit 9210 is encrypted with the encrypted fingerprint information and the private key of the payment terminal 8400 side through the secret key and the public key of the payment terminal 8400 side. Algorithm for decrypting the copy of the certificate, including, is preferably made of at least one or more of SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data Encryption Algorithm (IDEA), in addition to various forms of decryption An algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the payment terminal 8400, and the present invention is not limited to a specific decryption algorithm.

In addition, the decryption unit 9210 decrypts the message digest encrypted with the private key of the payment terminal 8400 through the public key of the payment terminal 8400, and then prints the fingerprint at the payment terminal 8400. The message digest generated and transmitted from the information is extracted (9635).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), and the message digest encrypted with the terminal side key (t2) of the payment terminal 8400 and the private key of the payment terminal 8400 is If the message digest decrypted with C (Ciphertext) and the payment terminal 8400 side public key is m (Message Digest), the function of decrypting the encrypted message digest by the decryption unit 9210 is "Dt2 = m," Or Dt2 (Es1 (r)) = m ".

According to an embodiment of the present invention, an algorithm for decrypting the message digest encrypted by the decryption unit 9210 with the private key of the payment terminal 8400 on the payment terminal 8400 through the public terminal of the payment terminal 8400 is provided. , At least one of RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. In addition to the above, various types of decryption algorithms may be used. However, the decryption algorithm is matched with the encryption algorithm used in the payment terminal 8400, and the present invention is not limited to the specific decryption algorithm.

For example, when decrypting the message digest through the RSA decryption algorithm of the public key-based decryption algorithm, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 9210 may be expressed as" P = Dt2 = Cd mod n ".

Thereafter, the decryption unit 9210 generates a predetermined message digest through the same one-way hash function with the received fingerprint information in the payment terminal 8400 (9640), and then generates the generated message digest and the decrypted message. By comparing the digest (9645), the validity of the received fingerprint information can be confirmed.

If the generated message digest and the decrypted message digest coincide (9650), the decryption unit 9210 may transfer the fingerprint information to the information confirmation unit 9220, and the information confirmation unit 9220 may User identification information corresponding to the decrypted biometric information may be identified (or extracted) from a predetermined storage medium. According to an embodiment of the present invention, a function of encrypting fingerprint information through a predetermined encryption key is provided. It is a figure which shows the structure of the fingerprint information processing part 8260.

In more detail, FIG. 86 shows fingerprint information input from a predetermined fingerprint input means in the fingerprint information processing unit 8260 of the payment terminal 8400 shown in FIG. A function configuration provided by encrypting through a predetermined encryption key at 8460, and a person skilled in the art to which the present invention pertains, refer to and / or modify the drawing 85 and the fingerprint input unit 8455 It is possible to infer various implementation methods for the fingerprint information processing unit 8260 by encrypting fingerprint information inputted from a predetermined encryption key, but the present invention includes all the inferred implementation methods, and is shown in FIG. It is not limited to the implemented method.

Referring to FIG. 85, the fingerprint information processing unit 8260 may store a memory that associates and stores a predetermined encryption key for encrypting fingerprint information input from the fingerprint input unit 8455 and the encryption key index, and the encryption key. Characterized in that it comprises a password processing unit 8500 for encrypting the input fingerprint information through.

The memory may store a predetermined encryption key for encrypting the input fingerprint information, and the encryption key may be processed in association with a predetermined encryption key index to store the memory (or the payment terminal 8400 memory unit 8450). It is characterized in that stored in).

Here, the encryption key is an encryption key for encrypting the fingerprint information in a symmetric key (or secret key) encryption method, and / or an encryption key for encrypting the fingerprint information in a public key encryption method, and / or the fingerprint information. It may include at least one or more of an encryption key for encrypting the electronic envelope encryption method, and / or an encryption key for encrypting the fingerprint information in a key exchange encryption method.

In addition, the encryption key index stored in the memory in association with the encryption key is index information (for example, merchant code) for identifying a predetermined decryption key associated with the encryption key in a host that decrypts the encrypted fingerprint information. Or a payment terminal (8400) code, etc.), whereby the host (for example, the biometric information management server 9200, etc.) that decrypts the encrypted fingerprint information is based on the encryption key index. At least one decryption key corresponding to an encryption key may be identified and the encrypted fingerprint information may be decrypted through the identified decryption key.

Here, the decryption key identified through the encryption key index is a decryption key for decrypting the encrypted fingerprint information by a symmetric key (or secret key) decryption method, or decrypting the encrypted fingerprint information by a public key decryption method. A decryption key for decryption, a decryption key for decrypting the encrypted fingerprint information by an electronic envelope decryption method, or a decryption key for decrypting the encrypted fingerprint information by a key exchange decryption method. .

According to another exemplary embodiment of the present invention, when the payment terminal 8400 information (or merchant code information) included in the payment approval request message generated by the payment terminal 8400 performs the encryption key index function, the memory The encryption key index may be omitted, and the present invention is not limited thereto.

The encryption processing unit 8500 may use a symmetric key (or secret key) encryption method, and / or a public key encryption method, and / or the user fingerprint information input through the fingerprint input unit 8455 through an encryption key stored in the memory. And encrypting through at least one or more of an electronic envelope encryption scheme and / or a key exchange encryption scheme.

The fingerprint information encrypted by the fingerprint information processing unit 8260 is preferably kept secure until a predetermined decryption key is decrypted by a predetermined host (eg, the biometric information management server 9200 or the like).

86 is a diagram showing a method for encrypting fingerprint information in a symmetric key (or secret key) method by the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 86 is a method for encrypting the fingerprint information by a symmetric key (or secret key) method in a fingerprint information processing unit 8260 equipped with an encryption function as shown in FIG. 85. Those skilled in the art may refer to and / or modify this drawing 86 to infer various implementation methods for encrypting the fingerprint information in a symmetric key (or secret key) manner by the fingerprint information processing unit 8260. It will be appreciated that the present invention encompasses all of the inferred practice methods and is not limited to the practice method shown in FIG.

In FIG. 86 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the memory (or the payment terminal 8400 memory unit 8450) included in the fingerprint information processing unit 8260. Do.

Referring to FIG. 86, when user fingerprint information is input through the fingerprint input unit 8455, the fingerprint information unit 8500 is provided to the encryption processing unit 8500. When the user fingerprint information is provided, the encryption processing unit 8500 is provided. Reads a predetermined symmetric key (or secret key) for encrypting fingerprint information from the memory (or payment terminal 8400 memory unit 8850) included in the fingerprint information processing unit 8260 (8605). The fingerprint information is encrypted (8610) using a symmetric key (or secret key).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the symmetric key (or secret key) is k (key), the fingerprint information is P (Plaintext), and the symmetric key (or secret key). If the fingerprint information encrypted with) is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Ek (P) = C".

According to an embodiment of the present invention, the algorithm for encrypting the fingerprint information through the symmetric key (or secret key) by the encryption processing unit 8500, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA It is preferable to include at least one or more of the International Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

87 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 87 is a method for encrypting the user fingerprint information in a public key infrastructure structure by a fingerprint information processing unit 8260 having an encryption function as shown in FIG. 85, and in the technical field to which the present invention pertains. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in the public key method by referring to and / or modifying the drawing 87. It includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In the drawing 87 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 8400, the memory unit 8450) provided in the fingerprint information processing unit 8260.

Referring to FIG. 87, when user fingerprint information is input through the fingerprint input unit 8155, the fingerprint information is provided to the encryption processing unit 8500, and when the fingerprint information is provided, the encryption processing unit 8500 is provided. A predetermined server side public key for encrypting the fingerprint information is extracted from a memory (8705), and the fingerprint information is encrypted through the extracted server side public key (8710).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the server-side public key is k1 (key), the fingerprint information is P (Plaintext), and the fingerprint information encrypted with the server-side public key. Speaking of C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Ek1 (P) = C".

According to the embodiment of the present invention, the encryption processing unit 8500 encrypts the fingerprint information through the server-side public key, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the fingerprint information through the RSA encryption algorithm among the encryption algorithms, the published method (Modulus) used in the encryption process is n, and the undisclosed prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 8500 can be expressed as" C = Ek1 (P) = Pe mod n ".

88 is a diagram illustrating a method for encrypting fingerprint information in an electronic envelope method in the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 88 is an embodiment of an embodiment of encrypting the user's fingerprint information by an electronic envelope method in a fingerprint information processing unit 8260 equipped with an encryption function as shown in FIG. 85, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in an electronic envelope method by referring to and / or modifying the drawing 88. However, the present invention provides the analogy. It includes all the implementation methods, and is not limited to the implementation method shown in FIG.

In FIG. 88 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 8400 memory unit 8450) provided in the fingerprint information processing unit 8260.

Referring to FIG. 88, when user fingerprint information is input from the fingerprint input unit 8455, the fingerprint input unit 8500 provides the fingerprint information to the encryption processing unit 8500. When the fingerprint information is provided, the encryption processing unit 8500 receives the fingerprint information. Generates a random random secret key for encrypting the information in a secret key (symmetric key) method (8805), and encrypts the fingerprint information using the generated secret key (8810) .

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the secret key is r (random secret key), the user fingerprint information is P (Plaintext), and the fingerprint information encrypted with the secret key is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, an algorithm for encrypting the fingerprint information through the secret key 8500 may include SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, and International Data Encryption. It is preferable to include at least one of the algorithm (Algorithm), and various forms of encryption algorithm may be used, but the present invention is not limited by a specific encryption algorithm.

Thereafter, the encryption processing unit 8500 encrypts the secret key (random secret key) used to encrypt the user fingerprint information. For this purpose, the encryption processing unit 8500 extracts a predetermined server-side public key from the memory. In operation 8815, the secret key is encrypted using the server-side public key.

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the server-side public key is k1 (key), the secret key is r (random Secret key), and the secret encrypted with the server-side public key. If the key is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Ek1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key by the encryption processing unit 8500 may include: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH, and various other encryption algorithms may be used. The invention is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 8500 can be expressed as" C = Ek1 (r) = re mod n ".

If the fingerprint information is encrypted with the secret key and the secret key is encrypted with the server-side public key, the encryption processing unit 8500 may encrypt the fingerprint information encrypted with the secret key and the secret key encrypted with the server-side public key. Interworking

89 is a diagram showing a method for encrypting fingerprint information in a key exchange method in the fingerprint information processing unit 8260 according to an embodiment of the present invention.

More specifically, FIG. 89 is an embodiment of the present invention for encrypting and transmitting the fingerprint information by a key exchange method in a fingerprint information processing unit 8260 having an encryption function as shown in FIG. 85, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the fingerprint information by key exchange in the fingerprint information processing unit 8260 by referring to and / or modifying this drawing 89. It includes all implementation methods and is not limited to the implementation method shown in FIG.

In the drawing 89 according to the embodiment of the present invention, the fingerprint input unit 8455 side private key and the server side public key are provided in the memory (or payment terminal 8400) memory unit 8850 provided in the fingerprint information processing unit 8260. It is preferable to read from).

Referring to FIG. 89, when user fingerprint information is input through the fingerprint input unit 8155, the fingerprint information unit 8500 is provided to the encryption processing unit 8500. When the fingerprint information is provided, the encryption processing unit 8500 receives the fingerprint information. Generates a message digest including a predetermined one-way hash function (eg, a hash code of a predetermined length regardless of the length of the fingerprint information), and generates the hash code (or message digest). One-way hash function that cannot identify (or infer) the original message through the message input unit 8455 and the host that decrypts the encrypted fingerprint information using the same hash function). The digital signature is generated (8905) and the message digest is digitally signed (8910) by encrypting the message digest using the private key of the fingerprint information processor 8260.

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the fingerprint information processing unit 8260 side private key is t1 (yerminal side key), the message digest is m (message digest), and the fingerprint If the message digest encrypted with the private key of the input unit 8155 is called C (Ciphertext), the digital signature function of the encryption processing unit 8500 may be expressed by an expression such as "Et1 (m) = C".

According to an embodiment of the present invention, the encryption processing unit 8500 encrypts the message digest using the private key of the fingerprint information processing unit 8260, RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA ( Digital Signature Algorithm (DH), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH is preferably included at least one or more. The present invention is not limited by the algorithm.

For example, in the case of encrypting the message digest through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the digital signature function of the encryption processing unit 8500 can be expressed as" C = Et1 (m) = me mod n ".

In addition, the encryption processing unit 8500 generates a predetermined random secret key for encrypting the fingerprint information using a secret key (symmetric key) method (8915), and the fingerprint information and the fingerprint. The message digest encrypted with the private key of the input unit 8455 side and a copy of a certificate (for example, a certificate including the public key of the fingerprint information processor 8260 side) provided in the memory are linked to each other and encrypted using the generated private key ( 8920).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the secret key is r (random secret key), the fingerprint information and the copy of the certificate P (Plaintext), and the fingerprint information encrypted with the secret key And a copy of the certificate is C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, the encryption processing unit 8500 encrypts the fingerprint information and the certificate copy through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International). It is preferable to include at least one or more of Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

In addition, the encryption processing unit 8500 extracts a predetermined server-side public key from the memory (8925) and encrypts the fingerprint information using the server-side public key to encrypt the secret key that encrypts the fingerprint information. The encrypted secret key is encrypted (8930).

Here, the encryption function of the encryption processing unit 8500 is called E (Encryption), the server-side public key is encrypted with s1 (server side key), the secret key is r (random secret key), and the server-side public key. When the secret key is referred to as C (Ciphertext), the encryption function of the encryption processing unit 8500 can be expressed by an expression such as "Es1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key by the encryption processing unit 8500 may include: RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 8500 can be expressed as" C = Es1 (r) = re mod n ".

A copy of the certificate including the message digest encrypted with the fingerprint information and the private key of the fingerprint information processing unit 8260 and the public key of the fingerprint information processing unit 8846 is linked and encrypted through the generated secret key, and the secret is encrypted. When a key is encrypted through the server-side public key, the encryption processing unit 8500 encrypts the message digest and the fingerprint information processing unit encrypted with the fingerprint information encrypted with the secret key and the private key of the fingerprint information processing unit 8260. A predetermined copy of the fingerprint information is generated by associating a copy of the certificate including the public key on the side of the server (8460) with the secret key encrypted with the server-side public key.

90 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

In more detail, the drawing 90 is connected to the payment terminal 8400 shown in FIG. 84 through a predetermined network (eg, a VAN) and at least stored in the payment terminal 8400 from the payment terminal 8400. When one or more encrypted user biometric information is received in a batch, the sales slip corresponding to each of the collectively received encrypted user biometric information and the encrypted user biometric information are processed in association with each other and stored in a predetermined storage medium, and the card company server ( 9100, if it is requested to confirm the unauthorized use of the card included in the sales slip, by confirming the encrypted user biometric information associated with the sales slip, the identified encrypted user biometric information to a predetermined biometric information management server ( 9200, requesting user unique identification information corresponding to the biometric information, and transmitting the biometric information management server 9200 from the biometric information management server 9200. When the user identification information corresponding to the biometric information is transmitted, an implementation method for a server (eg, VAN company server) configuration on the network for transmitting the transmitted user identification information to the card company server 9100, the present invention Those skilled in the art, according to the present invention by referring to and / or modifying the Figure 90 in accordance with the request to confirm the fraudulent use of the card included in the sales slip, the sales to the predetermined biometric information management server 9200 Various server configurations for requesting confirmation of user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information by transmitting encrypted biometric information. It may be inferred, but the present invention includes all the implementation methods inferred, and is not limited to the implementation method shown in FIG. The.

In addition, although the server illustrated in FIG. 90 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the functional unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 90, the server includes a receiver 9305, a reader 9110, a specialized processor 9115, an approval request unit, a biometric information processor 9035, and a sales information processor 9025. It may be configured, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 9305 includes payment from the payment terminal 8400 shown in FIG. 84, including user card information (e.g., credit card number, etc.) and payment information (e.g., payment amount, merchant information, terminal information, etc.). Receiving the full text of the approval request, transfers the received payment approval request full text to the reading unit (9110), and also periodically receives at least one or more user encrypted fingerprint information from the payment terminal 8400, the biometric information processing unit (9035).

The reading unit 9110 may read the payment approval request text and receive user card information included in the payment approval request text (for example, a credit card) when the payment approval request text received through the receiving part 9305 is delivered. Number, etc.), and the card company information corresponding to the confirmed card information, and then the confirmed card company information and the payment approval request details are transmitted to the approval request unit.

The approval request unit, when the payment approval request details and the card company information are transmitted through the reading unit 9110, transmits the payment approval request details to the card company server 9100 to request the approval of the payment. The card company server 9100 receives a payment approval response to the payment approval request.

When the information processing unit receives a payment approval response for the payment approval request from the card company server 9100 through the approval request unit, the information processing unit configures a sales slip including the payment approval details according to the response result. When at least one piece of encrypted user fingerprint information is periodically received through the receiving unit 9305, the received encrypted fingerprint information and a sales slip corresponding thereto are linked to a predetermined storage medium through the information storage unit 9225. Save it to

The biometric information processing unit 9035 transmits encrypted fingerprint information associated with the sales slip to the biometric information management server 9200 according to the card company server 9100 requesting the unauthorized use of the card included in the sales slip. Request confirmation of user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the fingerprint information, and the fingerprint information through the biometric information management server 9200. When the user unique identification information corresponding to the information is confirmed, the confirmed user unique identification information is received and the received user unique identification information is transmitted to the card company server 9100.

The specialized processor 9151 receives the payment approval response received through the approval request unit, configures a payment approval response message to be transmitted to the payment terminal 8400, and sets the configured payment approval response message to the payment terminal 8400. To send).

The information storage unit 9125 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

91 is a diagram showing the functional configuration of a card company server 9100 according to an embodiment of the present invention.

More specifically, the drawing 91 is connected to the server shown in the drawing 90 to a predetermined network (e.g., payment network, etc.), and when the payment approval request details are received from the server, the payment corresponding to the payment approval request details is shown. When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for unauthorized use confirmation of the card is made to the server, and the card user unique identification information is received from the server. As a method of implementing a card company server 9100 configured to perform identity verification for the card user by receiving and confirming whether the user unique identification information corresponds to the card user information, the present invention generally includes the following descriptions. If you have the knowledge of the user, the user transmitted from the server by referring to and / or modified in Figure 91 A variety of card company servers 9100 configured to authenticate the card user by comparing identification information with user information stored in the card user information (customer information) DB (or storage medium), and responding to a request for confirming the unauthorized use of the card. Although it can be inferred that the present invention includes all the implementation methods inferred above, it is not limited to the implementation method shown in FIG.

In addition, although the card company server 9100 illustrated in FIG. 91 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and is provided in the server. The at least one functional component may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG. 83.

Referring to FIG. 91, the card company server 9100 includes a receiver 9305, a reader 9110, a professional processor 9115, a user authentication unit 9120, a limit confirmation unit 9130, and information storage. It may be configured to include a part 9125, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 9905 receives a payment approval request history of a predetermined card user from the server illustrated in FIG. 90, and transfers the received payment approval request details to the reading unit 9110.

The reading unit 9110 reads the payment approval request history received through the receiving unit 9905, confirms user card information, and checks the confirmed card information and payment approval request details (for example, a payment amount). Characterized in that the transfer to the limit check unit (9130).

The limit checking unit 9130 may check the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 9110, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is transferred to the specialized processing unit 9115, and the result of the determination is transferred to the information storage unit 9125 to store the card company DB (or storage). Media).

When the result of the determination that the payment is possible through the limit checking unit 9130 is transmitted, the specialized processing unit 9115 constructs a payment approval response detail including the received details and transmits the result to the server.

When the user authentication unit 9320 is requested to confirm the illegal use of the user card, the user authentication unit 9120 requests the user identification information according to the request for the unauthorized use of the card to correspond to the user card information from the server. When the unique user identification information is delivered, the user identification information is compared with the transmitted card user information, characterized in that for performing the user authentication for the transaction.

92 is a diagram showing the configuration of a biological information management server 9200 according to an embodiment of the present invention.

More specifically, FIG. 92 is connected to the server shown in FIG. 90 through a predetermined network (eg, a VAN) and receives encrypted user biometric information from the server, thereby receiving the encrypted user. A method of implementing a biometric information management server 9200 to decrypt biometric information, identify user unique identification information corresponding to the decrypted user biometric information, and transmit the identified user unique identification information to the server. Those skilled in the art to which the present invention pertains, various server configurations for verifying the user unique identification information corresponding to the user biometric information by decrypting the encrypted biometric information by referring to and / or modified in Figure 92 It can be inferred that, but the present invention includes all the implementation method inferred, the embodiment shown in Figure 92 It is not limited to the method.

In addition, although the server illustrated in FIG. 92 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 92, the biometric information management server 9200 may include an information receiver 9305, a decoder 9210, an information transmitter 9215, and an information confirmer 9220. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 9305 may receive predetermined encrypted biometric information from the server illustrated in FIG. 90, and transmit the received encrypted biometric information to the decryption unit 9210.

The decryption unit 9210 decodes the encrypted biometric information when the encrypted biometric information received through the information receiver 9305 is transferred, and the decrypted biometric information is determined by the information confirmation unit ( 9220).

The encrypted biometric information decryption process of the decryption unit 9210 will be described in more detail with reference to FIGS. 93 and 96 below.

When the encrypted biometric information is decrypted by the decryption unit 9210, the information confirming unit 9220 confirms (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmission unit 9215.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information confirmation unit 9220, the information transmission unit 9215 sends the encrypted user identification information to the encrypted biometrics. Send the information to the server that sent it.

93 is a diagram illustrating a method for decrypting predetermined encrypted biometric information received from the server by the symmetric key (or secret key) method in the biometric information management server 9200 according to an embodiment of the present invention.

In more detail, FIG. 93 is encrypted from a payment terminal 8400 having an encryption function as shown in FIG. 84, and the biometric information management server 9200 shown in FIG. 92 stores the encrypted biometric information transmitted through the server. The present invention relates to a method of decrypting by a symmetric key (or secret key) method. Various implementation methods of decrypting by a symmetric key (or secret key) method may be inferred, but the present invention includes all the inferred implementation methods and is not limited to the implementation method shown in FIG.

In FIG. 93 according to the embodiment of the present invention, fingerprint information will be presented as an embodiment of the biometric information.

Referring to FIG. 93, an information receiving unit 9305 of the biometric information management server 9200 provides the encrypted fingerprint information received from the server to the decrypting unit 9210 (9300).

Thereafter, the decryption unit 9210 is configured to decrypt the encrypted fingerprint information from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server (for example, an authentication server) on a network. The extracted symmetric key (or secret key) is extracted or provided (9305), and the encrypted fingerprint information is decrypted through the extracted symmetric key (or secret key) (9310).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), and the fingerprint information encrypted with the symmetric key (or secret key) k (key) and the symmetric key (or secret key) is C (Ciphertext). And, if the decrypted fingerprint information P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 9210 is "Dk = P, or Dk (Ek (P)) = P" and The same formula can be used.

According to an embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 9210 through the symmetric key (or secret key) may be SEED, DES (Data Encryption Standard), Triple-DES, Skipjack. It is preferable to include at least one or more of the International Data Encryption Algorithm (IDEA), and various types of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 8400. The present invention is not limited by the specific decoding algorithm.

When the fingerprint information encrypted through the symmetric key (or the secret key) is decrypted as described above, the decryption unit 9210 transmits the decrypted fingerprint information to the information confirmation unit 9220, and the information confirmation unit 9220 ) May identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium.

94 illustrates a method for decrypting encrypted biometric information received from the biometric information management server 9200 in a public key infrastructure according to an embodiment of the present invention.

In more detail, FIG. 94 illustrates a structure of a public key infrastructure in the biometric information management server 9200 for encrypting the encrypted biometric information transmitted from the payment terminal 8400 having the encryption function as shown in FIG. Method for decrypting by the method, and if it is a common knowledge in the technical field to which the present invention belongs, fingerprints encrypted with the server-side public key in the payment terminal 8400 by referring to and / or modified in Figure 94 Although various implementation methods for decrypting information in a public key infrastructure scheme may be inferred, the present invention includes all the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

In FIG. 94 according to an embodiment of the present invention, a server-side private key for decrypting fingerprint information encrypted with the server-side public key in a public key infrastructure is provided in the biometric information management server 9200 or on a network. It is preferable to read from the storage medium provided in the key management server (for example, authentication server, etc.), and the present invention is not limited thereby.

Referring to FIG. 94, the encrypted fingerprint information received through the information receiving unit 9205 of the biometric information management server 9200 is provided to the decrypting unit 9210 (9400).

Thereafter, the decryption unit 9210 extracts a server-side private key for decrypting the encrypted fingerprint information from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server (9405). The encrypted fingerprint information is decrypted using the extracted server-side private key (9410).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the server-side private key is k2 (key), the fingerprint information encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When the fingerprint information decrypted by the key is called P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 9210 is a formula such as "Dk2 = P, or Dk2 (Ek (P)) = P". I can express it.

According to an embodiment of the present invention, an algorithm for decrypting fingerprint information encrypted by a server-side public key in the payment terminal 8400 by the decryption unit 9210 via the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 8400, the present invention is not limited by a specific decryption algorithm.

For example, when the fingerprint information is decoded through the RSA decryption algorithm among the public key based decryption algorithms, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published exponent (e.g. 3 or 216+) is e and the undisclosed exponent is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the reading unit 9110 can be expressed as" P = Dk2 = Cd mod n ".

When the fingerprint information encrypted with the server-side public key is decrypted by the payment terminal 8400 through the server-side private key as described above, the decryption unit 9210 transfers the decrypted fingerprint information to the information verification unit 9220. The information checking unit 9220 may identify (or extract) user unique identification information corresponding to the decrypted biometric information from a predetermined storage medium.

95 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server 9200 from the server in an electronic envelope according to an embodiment of the present invention.

In more detail, FIG. 95 shows the encrypted information in the biometric information management server 9200 that receives the encrypted biometric information encrypted from the payment terminal 8400 having the encryption function as shown in FIG. 84 and transmitted through the server. The present invention relates to a method for decoding biometric information by an electronic envelope method. If the present invention belongs to a general knowledge, the electronic device may be used in the payment terminal 8400 by referring to and / or modifying the drawing 95. It is possible to infer various implementation methods for decrypting the fingerprint information encrypted by the method in the biometric information management server 9200 by the same electronic envelope method, but the present invention includes all the inferred implementation methods, this figure 95 It is not limited to the implementation method shown by.

In FIG. 95 according to the embodiment of the present invention, a server-side private key for decrypting the encrypted fingerprint information in an electronic envelope method is provided in the biometric information management server 9200 or a predetermined key management server (for example, a network). It is preferable to read from the storage medium provided in the authentication server, etc., whereby the present invention is not limited.

Referring to FIG. 95, the encrypted fingerprint information received through the information receiver 9305 of the biometric information management server 9200 is provided to the decryption unit 9210 (9500), and then, the decryption unit 9210 ) Extracts a server-side private key for decrypting the encrypted secret key included in the fingerprint information from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server (9505). By decrypting a secret key encrypted with the server-side public key in the payment terminal 8400 through the extracted server-side private key (9510), a predetermined secret key for decrypting the fingerprint information is extracted (9515), By decrypting the fingerprint information using the extracted secret key (9520), the payment terminal 8400 extracts the fingerprint information encrypted with the secret key (9525).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the server-side private key is k2 (key), and the secret key encrypted with the server-side public key is C (Ciphertext) and the server-side individual. When a secret key decrypted with a key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 9210 is "Dk2 = r, or Dk2 (Ek1 (r)) = r". It can be expressed as an expression.

According to an embodiment of the present invention, an algorithm for decrypting the secret key encrypted by the payment terminal 8400 with the server-side public key through the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 8400, the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoding unit 9210 may be expressed as" P = Dk2 = Cd mod n ".

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the secret key is r (random secret key), the fingerprint information encrypted with the secret key is C (Ciphertext), and the decrypted fingerprint. If the information is referred to as P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 9210 may be expressed by a formula such as "Dr = P or Dr (Er (P)) = P".

According to the exemplary embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 9210 may include SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, and International Data (IDEA). It is preferable to include at least one or more of the Encryption Algorithm, and various forms of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 8400, The present invention is not limited by the specific decoding algorithm.

When the fingerprint information is decrypted as described above, the decryption unit 9210 may provide the decrypted fingerprint information to the information confirmation unit 9220, and the information confirmation unit 9220 corresponds to the decrypted biometric information. User identification information can be identified (or extracted) from a predetermined storage medium.

96A and 96B illustrate a method of decrypting encrypted biometric information received from the biometric information management server 9200 by the key exchange method according to an embodiment of the present invention.

In more detail, FIGS. 96A and 96B illustrate the encrypted fingerprint information in the biometric information management server 9200, which receives the encrypted fingerprint information from the payment terminal 8400 having the encryption function as shown in FIG. 84 through the server. The present invention relates to a method of decrypting by a key exchange method, and if the present invention belongs to one of ordinary skill in the art, referring to FIG. 96 and / or modified to the key exchange method in the payment terminal 8400 Various implementation methods for decrypting the encrypted payment means information in the biometric information management server 9200 by the same key exchange method may be inferred, but the present invention includes all the inferred implementation methods, and is shown in FIG. It is not limited to the implemented method.

In FIG. 96 according to the embodiment of the present invention, the server-side private key and the payment terminal 8400 side public key for decrypting the encrypted fingerprint information in a key exchange method are provided in the biometric information management server 9200 or It is preferable to read from a storage medium provided in a predetermined key management server or the like, by which the present invention is not limited.

Referring to FIGS. 96A and 96B, when the encrypted fingerprint information is received and transmitted through the information receiving unit 9305 of the biological information management server 9200, the encrypted fingerprint information is decrypted by the decryption unit 9210. (79605), the fingerprint information encrypted with the secret key includes a copy of a certificate including the message digest encrypted with the private key of the payment terminal 8400 and the public key of the payment terminal 8400, and the server. It is preferable to include the secret key encrypted with the side public key.

Thereafter, the decryption unit 9210 decodes the server-side private key from a storage medium provided in the biometric information management server 9200 or provided in a predetermined key management server to decrypt the secret key encrypted with the server-side public key. Extracting (9610) and decrypting the secret key through the server-side private key (9615) to reveal the message digest encrypted with the fingerprint information and the private key on the payment terminal 8400 side and the payment terminal 8400 side. The secret key for decrypting a copy of the certificate containing the key is extracted (9620).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), the server side private key is s2 (server side key), the secret key encrypted with the server side public key is C (Ciphertext), and the server. When the secret key decrypted with the side private key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 9210 is "Ds2 = r, or Ds2 (Es1 (r)) = r". It can be expressed as

According to an embodiment of the present invention, an algorithm for decrypting the secret key encrypted by the payment terminal 8400 with the server-side public key through the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 8400, the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 9210 may be expressed as" P = Ds2 = Cd mod n ".

When the secret key is extracted as described above, the decryption unit 9210 uses the extracted secret key to encrypt the message digest and the payment terminal 8400 with the fingerprint information and the private key of the payment terminal 8400. By decrypting a copy of the certificate including the side public key (9625), the fingerprint digest encrypted with the secret key and the message digest encrypted with the private key of the payment terminal 8400 and the public key of the payment terminal 8400. Extract a copy of the certificate.

Here, the decryption function of the decryption unit 9210 is called D (Decryption), and the secret key is encrypted with r (random secret key), fingerprint information encrypted with the secret key, and the private key of the payment terminal 8400 side. The message digest and the payment terminal 8400 encrypted with a copy of a certificate including a message digest and a public key on the payment terminal 8400 side with C (Ciphertext) and the decrypted fingerprint information and the private key on the payment terminal 8400 side. When the copy of the certificate including the public key is called P (Plaintext), the decryption unit 9210 is encrypted with the encrypted fingerprint information and the payment terminal 8400 side private key and the payment terminal 8400. The function of decrypting the copy of the certificate including the public key can be expressed by an expression such as "Dr = P, or Dr (Er (P)) = P".

According to an embodiment of the present invention, the decryption unit 9210 is encrypted with the encrypted fingerprint information and the private key of the payment terminal 8400 side through the secret key and the public key of the payment terminal 8400 side. Algorithm for decrypting the copy of the certificate, including, is preferably made of at least one or more of SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data Encryption Algorithm (IDEA), in addition to various forms of decryption An algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the payment terminal 8400, and the present invention is not limited to a specific decryption algorithm.

In addition, the decryption unit 9210 decrypts the message digest encrypted with the private key of the payment terminal 8400 through the public key of the payment terminal 8400, and then prints the fingerprint at the payment terminal 8400. The message digest generated and transmitted from the information is extracted (9635).

Here, the decryption function of the decryption unit 9210 is called D (Decryption), and the message digest encrypted with the terminal side key (t2) of the payment terminal 8400 and the private key of the payment terminal 8400 is If the message digest decrypted with C (Ciphertext) and the payment terminal 8400 side public key is m (Message Digest), the function of decrypting the encrypted message digest by the decryption unit 9210 is "Dt2 = m," Or Dt2 (Es1 (r)) = m ".

According to an embodiment of the present invention, an algorithm for decrypting the message digest encrypted by the decryption unit 9210 with the private key of the payment terminal 8400 on the payment terminal 8400 through the public key of the payment terminal 8400 is performed. The silver is preferably made of at least one of RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH. In addition, various types of decryption algorithms may be used, but the decryption algorithm is matched with an encryption algorithm used in the payment terminal 8400, and the present invention is not limited to a specific decryption algorithm.

For example, when decrypting the message digest through the RSA decryption algorithm of the public key-based decryption algorithm, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoder 9210 may be expressed as" P = Dt2 = Cd mod n ".

Thereafter, the decryption unit 9210 generates a predetermined message digest through the same one-way hash function with the received fingerprint information in the payment terminal 8400 (9640), and then generates the generated message digest and the decrypted message. By comparing the digest (9645), the validity of the received fingerprint information can be confirmed.

If the generated message digest and the decrypted message digest coincide (9650), the decryption unit 9210 may transfer the fingerprint information to the information confirmation unit 9220, and the information confirmation unit 9220 may User identification information corresponding to the decrypted biometric information may be identified (or extracted) from a predetermined storage medium.

97 is a view showing a user authentication information processing procedure according to an embodiment of the present invention.

In more detail, the process shown in FIG. 97 is performed on the user authentication information processing system shown in FIG. 83, and the payment terminal having a predetermined biometric information input means (for example, fingerprint recognition means, etc.) In operation 8400, when the full payment approval request including user card information and payment information (eg, payment amount, etc.) is transmitted to a server (eg, VAN company server, etc.) on the network (eg, VAN), the payment approval request details To a card company server 9100 corresponding to the user card information, and when a payment approval response for the payment approval request is received from the card company server 9100, the biometric information input from the card user is encrypted, Encrypted biometric information is stored in the payment terminal 8400 memory (or storage medium), and at least one stored in the memory periodically. When the encrypted biometric information is collectively transmitted to the server, the server stores and stores the sales slip corresponding to the encrypted biometric information transmitted in the batch and the encrypted biometric information corresponding thereto in a predetermined storage medium. When the card company request is confirmed from the card company server 9100 due to misuse of the user card included in the sales slip, the server checks the requested sales slip and encrypts the sales slip. Check the user biometric information, and transmit the encrypted user biometric information to a predetermined biometric information management server 9200 to identify the user's unique identification information (eg, name, social security number, insurance number, Driver's license number, financial transaction information, etc.), and the encrypted information in the biometric information management server 9200 When the body information is decoded, the user unique identification information corresponding to the biometric information is confirmed, and the identified user unique identification information is transmitted to the server, the server identifies the user unique identification information at the card company server 9100. By transmitting to), the card company server (9100) in the process of performing the card user's own authentication through the transmitted unique user identification information, if the person having ordinary knowledge in the technical field to which the present invention belongs Although various user authentication information processing processes may be inferred by referring to and / or modifying the drawing 97, the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

According to the user authentication information processing shown in FIG. 97, when the payment terminal 8400 shown in FIG. 84 reads card information from the user card and checks the payment information input through a predetermined key input means (9700) ), The payment terminal 8400 generates a payment approval request text including card information and payment information (9702), and transmits the generated payment approval request text to a server on a network (9704),

Then, the server transmits a payment approval request history included in the received payment approval request message to a card company server 9100 to make an approval request (9706), and the payment corresponding to the approval request from the card company server 9100. When the acknowledgment response is received, the payment approval response message is transmitted to the payment terminal 8400 (9708).

Thereafter, the payment terminal 8400 checks the user fingerprint information input through a predetermined fingerprint input means, encrypts the input user fingerprint information as shown in FIGS. 86 to 89, and then the payment terminal. (8400) Store in memory (9710). Thereafter, the payment terminal 8400 periodically transmits the encrypted user fingerprint information stored in the memory to the server (9712).

Then, the server stores the encrypted encrypted user fingerprint information in association with the corresponding sales slip in a predetermined storage medium (9714).

Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 9100 (9716), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. In operation 9718, the encrypted user fingerprint information is transmitted to the biometric information management server 9200, and the user unique identification information corresponding to the fingerprint information is requested in operation 9720.

In addition, the biometric information management server 9200 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 93 to 96 corresponding to an encryption method of the payment terminal 8400 (9722). ).

When the encrypted fingerprint information is decrypted, the biometric information management server 9200 may identify a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 9200). Check the code (9724).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (9726), the biometric information management server 9200 transmits the verified unique identification code to the server (9728), while the decryption If the user identification code corresponding to the fingerprint information is not confirmed, the biological information management server 9200 may notify the server that there is no corresponding identification code (9730).

When the user identification information corresponding to the encrypted fingerprint information is received from the biometric information management server 9200, the server transmits the received user identification information to the card company server 9100 (9732).

When the user unique identification information is received, the card company server 9100 checks user information corresponding to the card information, and compares the identified user information with the user unique identification information to perform user authentication (9734). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

98 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 98 illustrates a network of payment approval request messages including user card information and payment information (eg, payment amount) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.). When transmitted to a server (eg, a VAN company server, etc.) on the server (eg, a VAN company), the payment approval request history is provided to a card company server corresponding to the user card information, and the payment for the payment approval request is made from the card company server. When the authorization response is received, the biometric information input from the card user is encrypted, and the encrypted biometric information is stored in the payment terminal memory (or storage medium), and periodically at least one encrypted data stored in the memory. When the biometric information is collectively transmitted to the server, the biometric information corresponding to the encrypted biometric information transmitted by the batch is respectively. When the card is stored in a predetermined storage medium by linking the exhibition table and the encrypted biometric information corresponding thereto, and requesting the card user confirmation from the card company server for the illegal use of the user card included in the sales slip, When the server checks the requested sales slip, confirms encrypted user biometric information associated with the sales slip, and transmits the checked encrypted user biometric information and user card information to a predetermined biometric information management server. Decrypting the encrypted biometric information at the biometric information management server to confirm user unique identification information corresponding to the biometric information, and transmitting the identified user unique identification information to a card company server corresponding to the user card information; Use of the card through the user identification information transmitted from the card company server As an implementation method for a system configuration for performing an identity authentication, those skilled in the art may infer various user authentication information processing system configurations by referring to and / or modifying this drawing 98. As will be appreciated, the present invention includes all implementation methods inferred above and is not limited to the implementation method shown in FIG.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 98, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and card information read from the user card (eg, when the card user requests payment of a predetermined user). And a payment approval request message including credit card number) and predetermined payment information, and transmits the configured payment approval request message to a server on the network, and a payment approval corresponding to the payment approval request message from the server. When the response message is received, the biometric information of the card user is obtained through the biometric information input means, and the stroke Encrypting the obtained user biometric information and storing the encrypted user biometric information in the payment terminal memory (or storage medium), and periodically transmitting at least one encrypted biometric information stored in the memory to the server. It is characterized by.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the encrypted user biometric information is periodically received from the payment terminal, the server corresponds to the encrypted biometric information transmitted in a batch. When the sales slip and the corresponding encrypted biometric information are processed in association with the storage slip and stored in a predetermined storage medium, the card company server requests the card user confirmation by using the user card included in the sales slip. The server confirms the requested sales slip, confirms encrypted user biometric information associated with the sales slip, and transmits the identified encrypted user biometric information and the user card information to a predetermined biometric information management server. do.

The biometric information management server is connected to the server via a predetermined network, receives encrypted user biometric information and user card information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. And identifying the user unique identification information corresponding to the user biometric information, and transmitting the identified user unique identification information to a card company server corresponding to the user card information.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server to confirm the user's card for which the user's card is used for confirmation. , Name, resident registration number, insurance number, driver's license number, financial transaction information, etc.), the card user information associated with the confirmed card information is inquired, and the user's unique identification information is stored in the card user information. By confirming that the identity of the card user, characterized in that the authentication of the card user.

99 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

More specifically, FIG. 99 is connected to a payment terminal shown in FIG. 84 through a predetermined network (eg, a VAN), and at least one encrypted user biometric information stored in the payment terminal is collected from the payment terminal. When received, the sales slip corresponding to the collectively received encrypted user biometric information and the encrypted user biometric information are processed in association with each other and stored in a predetermined storage medium, and the card included in the sales slip from the card company server is negated. When a usage confirmation request is made, a server on a network (for example, a server) configured to check the encrypted user biometric information associated with the sales slip and transmit the identified encrypted user biometric information and the user card information to a predetermined biometric information management server. , VAN server, etc.) as an implementation method, the present invention belongs to Those skilled in the art may refer to and / or modify this drawing 99 and, according to the request for confirming the unauthorized use of the card included in the sales slip, encrypt the biometric information corresponding to the sales slip to a predetermined biometric information management server. And various server configurations for transmitting user card information may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 99 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 99, the server includes a receiving unit 9905, a reading unit 9910, a specialized processing unit 9915, an approval requesting unit 9920, a biometric information processing unit 9955, and a sales information processing unit 9825. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 9905 is a full payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. Receives, and transmits the received payment approval request full text to the reading unit (9910), and also periodically receive at least one or more user encrypted fingerprint information from the payment terminal, the biometric information processing unit (9935) To pass.

The reading unit 9910 may read the payment approval request text and receive user card information included in the payment approval request text (for example, a credit card) when the payment approval request text received through the receiving part 9905 is delivered. Number, etc.), and the card company information corresponding to the confirmed card information, and then the confirmed card company information and the payment approval request details are transmitted to the approval request unit 9920.

The approval request unit 9920, when the payment approval request details and the card company information is transmitted through the reading unit 9910, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

When the information processing unit receives a payment approval response for the payment approval request from the card company server through the approval request unit 9920, the information processing unit configures a sales slip including the payment approval details according to the response result. When at least one piece of encrypted user fingerprint information is periodically received through the receiving unit 9905, the received encrypted fingerprint information and a sales slip corresponding thereto are linked to a predetermined storage through the information storage unit 9930. Save to media.

The biometric information processing unit 9937 transmits the encrypted fingerprint information associated with the sales slip and the user card information to the biometric information management server according to a request for confirming the unauthorized use of a card included in the sales slip from the card company server. .

The specialized processing unit 9915 receives the payment approval response received through the approval request unit 9920, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send.

The information storage unit 9930 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

100 is a diagram showing the functional configuration of a card company server 10000 according to an embodiment of the present invention.

In more detail, the drawing 100 is connected to a server shown in FIG. 99 by a predetermined network (eg, a payment network, etc.), and when a payment approval request is received from the server, the payment corresponding to the payment approval request is received. If an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for unauthorized use confirmation of the card is made to the server, and the card user unique from the biometric information management server. An embodiment of the present invention relates to a card company server 10000 configured to perform identity verification for the card user by receiving identification information and confirming whether the user unique identification information corresponds to the card user information. If one of ordinary skill in the art, reference to and / or modifying the Figure 100 to the biological information tube Various card companies that authenticate the card user in response to a request for confirming the unauthorized use of the card by comparing user identification information transmitted from a server with user information stored in the card user information (customer information) DB (or storage medium). Although the configuration of the server 10000 may be inferred, the present invention includes all the inferred implementation methods, and is not limited to the implementation method illustrated in FIG.

In addition, although the card company server 10000 illustrated in FIG. 100 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and is provided in the server. The at least one functional component may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 100, the card company server 10000 includes a receiving unit 10005, a reading unit 10010, a professional processing unit 10015, a user authentication unit 10020, a limit checking unit 10030, and information storage. It may be configured to include a portion 10025, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 10005 receives the payment approval request details of a predetermined card user from the server shown in FIG. 99 and transmits the received payment approval request details to the reading unit 10010.

The reading unit 10010 reads the payment approval request history received through the receiving unit 10005, confirms user card information, and checks the confirmed card information and payment approval request details (for example, payment amount). Characterized in that the transfer to the limit check unit 10030.

The limit checking unit 10030 checks the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 10010, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is transmitted to the specialized processing unit 10015, and the determination result is transferred to the information storage unit 10025 to store the card company DB (or storage). Media).

The specialized processing unit 10015 may be configured to transmit the payment approval response details including the transferred details to the server when the settlement result of the settlement is delivered through the limit checking unit 10030.

When the user authentication unit 10020 is requested to confirm the illegal use of the user card, the user authentication unit 10020 requests the user identification information according to the request for the unauthorized use of the card, the user card from the biometric information management server When the user specific identification information corresponding to the information is transmitted, the user identification information for the transaction is compared by comparing the transmitted user unique identification information with the card user information.

101 is a diagram showing the configuration of the biological information management server 10100 according to an embodiment of the present invention.

More specifically, FIG. 101 is connected to the server shown in FIG. 99 via a predetermined network, receives predetermined encrypted user biometric information and user card information from the server, and receives the received encrypted user biometric information. And decrypts the user identification information corresponding to the decrypted user biometric information, and transmits the identified user identification information to the card company server corresponding to the user card information. As a method for implementing the present invention, those of ordinary skill in the art may decode the encrypted biometric information by referring to and / or modify the drawing 101 to obtain user unique identification information corresponding to the user biometric information. While it will be possible to infer various server configurations to identify, It comprises a method, and is not limited to the exemplary method shown in the figure 101.

In addition, although the server illustrated in FIG. 101 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 101, the biometric information management server 10100 may include an information receiver 10105, a decoder 10110, an information transmitter 10115, and an information checker 10120. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 10105 receives predetermined encrypted biometric information and user card information from the server shown in FIG. 99, transfers the received encrypted biometric information to the decryption unit 10110, and transmits the user card. The information is transmitted to the information transmission unit 10115.

The decryption unit 10110 decrypts the encrypted biometric information when the encrypted biometric information received through the information receiving unit 10105 is transmitted. 10120).

An encrypted biometric information decryption process of the decryption unit 10110 will be described in more detail with reference to FIGS. 93 and 96.

When the encrypted biometric information is decrypted by the decryption unit 10110, the information checking unit 10120 checks (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 10115.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information confirmation unit 10120, the information transmission unit 10115 transfers the received user identification information to the user card information. Send to the card company server corresponding to.

102 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

More specifically, the process shown in FIG. 102 is performed on the user authentication information processing system shown in FIG. 83, and in a payment terminal provided with a predetermined biometric information input means (for example, fingerprint recognition means, etc.). When a payment approval request message including user card information and payment information (eg, payment amount, etc.) is transmitted to a server (eg, a VAN company server, etc.) on a network (eg, a VAN company), the payment approval request details are transmitted to the user. Provided to the card company server corresponding to the card information, and when the payment approval response for the payment approval request is received from the card company server, by encrypting the biometric information input from the card user, and the encrypted biometric information to the payment terminal memory At least one encrypted raw material stored in the memory (or storage medium) and periodically stored in the memory. When the information is collectively transmitted to the server, the server sells the sales slip corresponding to the encrypted biometric information transmitted in the batch and the encrypted biometric information corresponding thereto and stores them in a predetermined storage medium. When requesting the card user confirmation due to the illegal use of the user card included in the sales slip from the server, the server checks the requested sales slip and confirms the encrypted user biometric information associated with the sales slip. When the encrypted user biometric information and the user card information are transmitted to a predetermined biometric information management server 10100, the biometric information management server 10100 decrypts the encrypted biometric information and corresponds to the biometric information. Confirming the user unique identification information, and confirming the identified user unique identification information to the user card information. As a method for performing a process of performing the card user identification through the transmitted to the corresponding card company server, the user identification information transmitted from the card company server, if the person having ordinary knowledge in the technical field to which the present invention belongs Although various user authentication information processing processes may be inferred by referring to and / or modifying the drawing 102, the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in the drawing 102.

According to the user authentication information processing shown in FIG. 102, the payment terminal shown in FIG. 84 reads card information from a user card and checks payment information input through a predetermined key input means (10200). The payment terminal generates a payment approval request text including card information and payment information (10202), transmits the generated payment approval request text to a server on a network (10204),

Then, the server transmits a payment approval request history included in the received payment approval request message to a card company server for an approval request (10206), and when a payment approval response corresponding to the approval request is received from the card company server, The payment approval response message is transmitted to the payment terminal 1010.

Thereafter, the payment terminal checks the user fingerprint information input through a predetermined fingerprint input means, encrypts the input user fingerprint information as shown in FIGS. 86 to 89, and stores it in the payment terminal memory. (10210) Thereafter, the payment terminal periodically transmits the encrypted user fingerprint information stored in the memory to the server periodically (10212).

Then, the server stores the encrypted user fingerprint information in association with a corresponding sales slip and stores them in a predetermined storage medium (10214).

Thereafter, if the server is requested to confirm the illegal use of the card included in the sales slip from the card company server (10216), the server checks the encrypted user fingerprint information corresponding to the sales slip requested to confirm the fraudulent use (1016); 10218) and transmits the identified encrypted user fingerprint information and the user card information to the biometric information management server 10100 to request user unique identification information corresponding to the fingerprint information (10220).

The biometric information management server 10100 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 93 to 96 corresponding to the encryption method of the payment terminal (10222).

When the encrypted fingerprint information is decrypted, the biometric information management server 10100 identifies a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 10100). Check the code (10224).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (10226), the biometric information management server 10100 transmits the identified unique identification code to the card company server (10228), whereas the If the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 10100 may notify the server (or card company server) that there is no corresponding identification code (10230).

When the user's unique identification information is received, the card company server checks user information corresponding to the card information, compares the identified user information with the user's unique identification information, and performs user authentication (10232). User authentication corresponding to the sales slip requested for confirmation of use is enabled.

103 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 103 illustrates a network of payment approval request messages including user card information and payment information (eg, payment amount, etc.) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.). When transmitted to a server (eg, a VAN company server, etc.) on the server (eg, a VAN company), the payment approval request history is provided to a card company server corresponding to the user card information, and the payment for the payment approval request is made from the card company server. When the authorization response is received, the biometric information input from the card user is encrypted, and the encrypted biometric information is stored in the payment terminal memory (or storage medium), and periodically at least one encrypted data stored in the memory. When the biometric information is collectively transmitted to the server, the biometric information corresponding to the encrypted biometric information transmitted by the batch is respectively. When the sales slip and the corresponding encrypted biometric information are processed in association with the data and stored in a predetermined storage medium, the card company server requests the card user confirmation by using the user card included in the sales slip. The server confirms the requested sales slip and confirms the encrypted user biometric information associated with the sales slip, transmits the encrypted user biometric information to the card company server, and transmits the transferred data from the card company server. When the encrypted user biometric information is transmitted to a predetermined biometric information management server 10100, the biometric information management server 10100 decrypts the encrypted biometric information to identify user unique identification information corresponding to the biometric information. Transmitting the verified user's unique identification information to the card company server, and at the card company server. As a method of implementing a system for performing the card user's own authentication through the user's unique identification information, the person having ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 103. Although various user authentication information processing system configurations can be inferred, the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 103, the payment terminal, server, biometric information management server 10100 and card company server (or financial company server) is connected to each other via a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and a card read from the user card upon request of a predetermined user's card payment. Compose a payment approval request text including information (for example, credit card number) and predetermined payment information, and transmit the configured payment approval request text to a server on the network, and respond to the payment approval request text from the server. When the payment approval response message is received, the biometric information of the card user is obtained through the biometric information input means. The user biometric information is encrypted, and the encrypted user biometric information is stored in the payment terminal memory (or storage medium), and at least one or more encrypted biometric information stored in the memory are collectively stored in the server. Characterized in that the transmission.

The server is connected to the payment terminal through a predetermined network (eg, a VAN), and when the encrypted user biometric information is periodically received from the payment terminal, the server corresponds to the encrypted biometric information transmitted in a batch. When the sales slip and the corresponding encrypted biometric information are processed in association with the storage slip and stored in a predetermined storage medium, the card company server requests the card user confirmation by using the user card included in the sales slip. The server confirms the requested sales slip in the server, checks encrypted user biometric information associated with the sales slip, and transmits the checked encrypted user biometric information to the card company server.

The biometric information management server 10100 is connected to the card company server through a predetermined network, receives the encrypted user biometric information from the card company server, decrypts the received encrypted user biometric information, and Identifying the user unique identification information corresponding to the decrypted user biometric information, characterized in that for transmitting the identified user unique identification information to the card company server.

In addition, in the present invention, the biometric information registration server and the biometric information management server 10100 are separately illustrated in order to more effectively explain the registration and management of biometric information. However, the biometric information registration server and the biometric information management server 10100 are illustrated. It is specified that the same server, or may be provided in the same institution.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server to the server, and if the user card is requested for unauthorized use, requesting the user to confirm the card for which the user is required to confirm the illegal use, and receives user encrypted fingerprint information from the server. Transmitting the received encrypted fingerprint information to the biometric information management server 10100, receiving user unique identification information corresponding to the encrypted fingerprint information from the biometric information management server 10100, and receiving the received user. The card with unique identification information (e.g., name, social security number, insurance number, driver's license number, financial transaction information, etc.) Compared with the user information, by confirming whether the user unique identification information matches the card user information, it is characterized in that the identity of the card user is performed.

104 is a diagram showing the configuration of a server function according to an embodiment of the present invention.

More specifically, FIG. 104 is connected to the payment terminal shown in FIG. 84 through a predetermined network (eg, a VAN), and at least one encrypted user biometric information stored in the payment terminal is collected from the payment terminal. When received, the sales slip corresponding to the collectively received encrypted user biometric information and the encrypted user biometric information are processed in association with each other and stored in a predetermined storage medium, and the card included in the sales slip from the card company server is negated. When a usage confirmation request is made, a server on a network (for example, a server) configured to check the encrypted user biometric information associated with the sales slip and transmit the identified encrypted user biometric information and the user card information to a predetermined biometric information management server. , VAN server, etc.) as an implementation method, the present invention belongs to If a person of ordinary skill in the art can refer to and / or modify this drawing 104 and transmit the encrypted biometric information corresponding to the sales slip to the card company server in response to a request for confirming the unauthorized use of the card included in the sales slip, Various server configurations may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method illustrated in FIG.

In addition, although the server illustrated in FIG. 104 is shown to include at least one or more functional components, this is merely one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 104, the server includes a receiving unit 10405, a reading unit 10410, a specialized processing unit 10515, an approval requesting unit 10420, a biometric information processing unit 10435, and a sales information processing unit 10425. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 10405 is a full payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. 84. Receives, and transmits the received payment approval request full text to the reading unit (10410), and also periodically receive at least one or more user-encrypted fingerprint information from the payment terminal, to the biometric information processing unit 10435 To pass.

The reading unit 10410 reads the payment approval request message when the payment approval request message received through the receiving unit 10405 is transmitted, and reads the user card information (eg, a credit card) included in the payment approval request message. Number, etc.), and the card company information corresponding to the confirmed card information, and then the confirmed card company information and the payment approval request details are transmitted to the approval request unit 10420.

The approval request unit 10420, when the payment approval request details and the card company information are transmitted through the reading unit 10410, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

When the information processing unit receives a payment approval response for the payment approval request from the card company server through the approval request unit 10420, the information processing unit forms a sales slip including the payment approval details according to the response result. When at least one piece of encrypted user fingerprint information is periodically received through the receiving unit 10405, the received encrypted fingerprint information and the sales slip corresponding thereto are linked to a predetermined storage through the information storage unit 10430. Save to media.

The biometric information processing unit 10435 transmits encrypted fingerprint information associated with the sales slip to the card company server in response to a request for confirming the unauthorized use of a card included in the sales slip from the card company server.

The expert processing unit 10415 receives the payment approval response received through the approval request unit 10420, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send.

The information storage unit 10430 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

105 is a diagram showing the functional configuration of a card company server 10500 according to an embodiment of the present invention.

In more detail, the drawing 105 is connected to the server shown in the drawing 104 by a predetermined network (e.g., a payment network). When the payment approval request details are received from the server, the payment corresponding to the payment approval request details is received. When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for confirming the unauthorized use of the card is sent to the server to encrypt the sales slip from the server. Receiving the received user fingerprint information, transmitting the received encrypted user fingerprint information to the biometric information management server, receiving the card user unique identification information corresponding to the user fingerprint information from the biometric information management server, By confirming that the user identification information corresponds to the card user information, the card company As a method for implementing a card company server (10500) to perform a user authentication for the user, if the person of ordinary skill in the art belongs to, the bioinformation management server by referring to and / or modified in this figure 105 Various card companies that authenticate the card user in response to a request for confirming the unauthorized use of the card by comparing the user identification information transmitted from the user information stored in the card user information (customer information) DB (or storage medium) Although the configuration of the server 10500 may be inferred, the present invention includes all the inferred implementation methods, and is not limited to the implementation method illustrated in FIG.

In addition, although the card company server 10500 illustrated in FIG. 105 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and is provided in the server. At least one or more functional components may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 105, the card company server 10500 includes a receiving unit 10505, a reading unit 10510, a specialized processing unit 10515, a user authentication unit 10520, a limit confirming unit 10530, and information storage. It may be configured to include a portion 10525, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 10505 receives the payment approval request details of a predetermined card user from the server illustrated in FIG. 104, and transmits the received payment approval request details to the reading unit 10510.

The reading unit 10510 reads the payment approval request history received through the receiving unit 10505, confirms user card information, and checks the confirmed card information and payment approval request details (for example, a payment amount). Characterized in that the transfer to the limit check unit (10530).

The limit checking unit 10530 checks the payment limit information corresponding to the card information when the user card information and the payment approval request details (for example, the payment amount) are transmitted through the reading unit 10510, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is transmitted to the specialized processing unit 10515, and the determination result is transferred to the information storage unit 10525 to store the card company DB (or storage). Media).

The specialized processing unit 10515, when the settlement determination result is delivered through the limit checking unit 10530, constructs a payment approval response detail including the transferred details and transmits the result to the server.

When the user authentication unit 10520 is requested to confirm the illegal use of the user card, the user authentication unit 10520 requests the user identification information according to the request for the unauthorized use of the card from the server, and the encrypted user fingerprint information from the server. Received, and transmits the received encrypted user fingerprint information to the biometric information management server, if the user unique identification information corresponding to the user fingerprint information is transmitted from the biometric information management server, the transmitted user unique identification information Compare the card user information with the card user information, characterized in that the user authentication for the transaction.

106 is a diagram showing the configuration of a biological information management server 10600 according to an embodiment of the present invention.

More specifically, the figure 106 is connected to the card company server (10500) shown in Figure 105 through a predetermined network, and receives a predetermined encrypted user biometric information from the card company server (10500), the received encryption The biometric information management server 10600 is configured to decrypt the user biometric information, verify user unique identification information corresponding to the decrypted user biometric information, and transmit the identified user unique identification information to the card company server 10500. As a method for implementing the present invention, those skilled in the art to which the present invention pertains can refer to and / or modify this figure 106 to decrypt the encrypted biometric information and identify the user unique identification information corresponding to the user biometric information. It will be possible to infer various server configurations to confirm, but the present invention includes all implementation methods inferred above However, the present invention is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 106 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 106, the biometric information management server 10600 may include an information receiver 10605, a decoder 10610, an information transmitter 10615, and an information confirmer 10620. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 10605 receives predetermined encrypted biometric information and user card information from the card company server 10500 illustrated in FIG. 105, and transmits the received encrypted biometric information to the decryption unit 10610. And the user card information is characterized in that for transmitting to the information transmitting unit (10615).

The decryption unit 10610 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 10605 is transmitted. 10620).

The decryption process of the decryption unit 10610 will be described in more detail with reference to FIGS. 93 and 96.

When the encrypted biometric information is decrypted by the decryption unit 10610, the information checking unit 10620 confirms (or extracts) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 10615.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information confirmation unit 10620, the information transmission unit 10615 sends the transmitted user unique identification information to the card company server ( 10500).

107 is a flowchart illustrating a process of processing user authentication information according to an embodiment of the present invention.

In more detail, the process shown in FIG. 107 is performed on the user authentication information processing system shown in FIG. 103, and in a payment terminal equipped with a predetermined biometric information input means (for example, fingerprint recognition means, etc.). When a payment approval request message including user card information and payment information (eg, payment amount, etc.) is transmitted to a server (eg, a VAN company server, etc.) on a network (eg, a VAN company), the payment approval request details are transmitted to the user. Provided to the card company server (10500) corresponding to the card information, if the payment approval response for the payment approval request is received from the card company server (10500), by encrypting the biometric information input from the card user, the encrypted biometrics At least one or more information stored in the payment terminal memory (or storage medium) and periodically stored in the memory. When the encrypted biometric information is collectively transmitted to the server, the server stores the sales slip corresponding to the encrypted biometric information transmitted in the batch and the encrypted biometric information corresponding thereto and stores them in a predetermined storage medium. When the card company server 10500 requests the card user confirmation from the user card included in the sales slip from the card company, the server checks the requested sales slip and encrypts the sales slip. Checking the user biometric information, and transmits the confirmed encrypted user biometric information to the card company server (10500), and transmits the encrypted user biometric information transmitted from the card company server (10500) predetermined biometric information management server (10600) ), The biometric information management server 10600 decrypts the encrypted biometric information and corresponds to the biometric information. Confirms the user unique identification information, transmits the identified user unique identification information to the card company server 10500, and performs the card user identification through the transmitted user unique identification information from the card company server 10500. As an implementation method for the process, one of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 107 to infer various user authentication information processing processes. It includes all the implementation methods inferred and is not limited to the implementation method shown in FIG.

According to the user authentication information processing shown in FIG. 107, the payment terminal shown in FIG. 84 reads card information from the user card and checks the payment information input through a predetermined key input means (10700). The payment terminal generates a payment approval request text including card information and payment information (10702), transmits the generated payment approval request text to a server on a network (10704),

Then, the server transfers the payment approval request details included in the received payment approval request message to the card company server 10500 to make an approval request (10706), and the payment corresponding to the approval request from the card company server 10500. When the approval response is received, the payment approval response message is transmitted to the payment terminal (10708).

Thereafter, the payment terminal checks the user fingerprint information input through a predetermined fingerprint input means, encrypts the input user fingerprint information as shown in FIGS. 86 to 89, and stores it in the payment terminal memory. (10710). Thereafter, the payment terminal periodically transmits the encrypted user fingerprint information stored in the memory to the server periodically (10712).

Then, the server stores the transmitted encrypted user fingerprint information in a predetermined storage medium in association with each corresponding sales slip (10714).

Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 10500 (10716), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. Check (10718), and transmit the confirmed encrypted user fingerprint information to the card company server 10500 (10720), and the card company server 10500 transmits the transmitted encrypted user fingerprint information to a predetermined biometric information management server. The method transmits the identification information 1010 to user identification information corresponding to the fingerprint information in operation 10702.

The biometric information management server 10600 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 93 to 96 corresponding to the encryption method of the payment terminal (10724).

When the encrypted fingerprint information is decrypted, the biometric information management server 10600 identifies a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 10600). Check the code (10726).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (10728), the biometric information management server 10600 transmits the identified unique identification code to the card company server (10500) (10730). On the other hand, if the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 10600 may notify the server (or card company server 10500) that the corresponding unique identification code is missing. There is (10732).

When the card company server 10500 receives the user unique identification information, the card company server 10500 checks user information corresponding to the card information, and compares the identified user information with the user unique identification information to perform user authentication (10734). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

108 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 108 shows the full text of the payment approval request including user card information and payment information (eg, payment amount, etc.) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.). When the encrypted biometric information of the last user previously stored in the terminal memory is transmitted to a server (for example, a VAN company server) on a network (for example, a VAN company), the encrypted fingerprint information of the last user and a sales slip of the immediately previous user After storing in a predetermined storage medium in association with the card company server, if the card user confirmation is requested from the card company server for illegal use of the user card included in the sales slip, the server checks the requested sales slip and Confirming the encrypted user biometric information associated with the sales slip and converting the identified encrypted user biometric information into predetermined biometric information. Request to confirm user's unique identification information (e.g., name, social security number, insurance number, driver's license number, financial transaction means information, etc.) corresponding to the biometric information, and transmit the encrypted information to the biometric information management server. Decrypting the biometric information, confirming the user unique identification information corresponding to the biometric information, and transmits the identified user unique identification information to the server, the server to the card company server to verify the identified user unique identification information As a method of implementing a system for performing the card user's own authentication through the user identification information transmitted from the card company server by transmitting, if the person having ordinary knowledge in the technical field to which the present invention belongs By referring to and / or modifying 108, various user authentication processing system configurations can be inferred. However, the present invention includes all implementation methods inferred from the above, and is not limited to the implementation method shown in FIG.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 108, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (eg, fingerprint recognition means, etc.) for acquiring user biometric information, and the card information read from the user card upon request of a predetermined user's card payment. (E.g., a credit card number) and a predetermined payment approval request message including predetermined payment information, and the encrypted biometric information of the immediately preceding user previously stored in the configured payment approval request message and the payment terminal memory is stored in the network. Characterized in that the transmission to the server.

The server is connected to the payment terminal through a predetermined network (eg, a VAN). When the encrypted user biometric information of the immediately preceding user is received from the payment terminal, the server corresponds to the received immediately user encrypted biometric information. When the sales slip is processed in association with the encrypted biometric information of the immediately preceding user and stored in a predetermined storage medium, the card company server requests the card user confirmation by using the user card included in the sales slip. Confirming the requested sales slip in the server, checking encrypted user biometric information associated with the sales slip, and transmitting the checked encrypted user biometric information to a predetermined biometric information management server. When the user identification information corresponding to the biometric information is transmitted from the information management server, the Songdoen characterized in that for transmitting the user unique identifying information to the card company server.

The biometric information management server is connected to the server through a predetermined network, receives encrypted user biometric information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. Identifying the user unique identification information corresponding to the, characterized in that for transmitting the identified user unique identification information to the server.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server for user confirmation of the card for which the user's illegal use is requested, and receiving the user's unique identification information (e.g., Name, resident registration number, insurance number, driver's license number, financial transaction information, etc.), the card user information associated with the confirmed card information is queried, and the user's unique identification information corresponds to the inquired card user information. By confirming that the identity of the card user, characterized in that to perform.

109 is a diagram illustrating a function of a payment terminal 10900 according to another embodiment of the present invention.

In more detail, Figure 109 is a payment terminal 10900 shown in Figure 108, the payment terminal 10900 is provided with a predetermined fingerprint recognition means for acquiring the card payment customer fingerprint information, When a card payment request is made, a payment approval request message including a card information (for example, a credit card number, etc.) read out from the payment customer card and predetermined payment information is configured, and fingerprint information of a previous payment customer is stored in the payment terminal (10900). E) or extracts (or confirms) a predetermined memory from the predetermined memory interworking with the payment terminal 10900, and prints the fingerprint information of the pre-configured payment approval request and the extracted payment customer immediately before the server on the network. As an implementation method having a functional configuration for transmitting to a server (for example, a VAN company server, etc.), a general knowledge in the technical field to which the present invention belongs. If it is a pendulum, it is possible to infer the configuration of the payment terminal 10900 function of transmitting the full text of the payment approval request together with the previous payment customer fingerprint information to the server on the network by referring to and / or modifying the drawing 109. It is to be understood that the technical features of the present invention are not limited to this drawing 109 but include all the inferred implementation methods.

Referring to FIG. 109, the payment terminal 10900 basically includes a control unit 10905, a memory unit 10950, a card reader unit 10910, a key input unit 10920, a screen output unit 10515, and a fingerprint input unit ( 10955, a communication processing unit 10930, a print output unit 10940, and a power supply unit 10925 for supplying power to the payment terminal 10900, and may include at least one terminal according to the intention of those skilled in the art. It may further comprise a functional unit (for example, security application module 10935, etc.).

The control unit 10905 controls the overall operation of the payment terminal 10900 shown in the functional configuration, manages the flow of information or data between each component, and requests the payment processing from a predetermined payment customer, the memory unit ( 10950 extracts (or confirms) fingerprint information of the last payment customer, and extracts the immediately previous payment customer fingerprint information from the payment customer card information (eg, a credit card number) and predetermined payment information. Characterized in that it includes interlocking and controlling at least one or more components provided in the payment terminal 10900 to transmit to the VAN company server with the payment approval request is configured to include, the payment terminal 10900 At least one processor and execution memory (e.g., registers) that include a Central Processing Unit (CPU) / Micro Processing Unit (MPU) in hardware. And / or a random access memory (RAM) and a bus for inputting and outputting predetermined data.

 In addition, the payment terminal 10900 is loaded into the execution memory from a predetermined recording medium to perform a function specific to the payment terminal 10900 by a predetermined program routine (operation processing by the processor ( Routine) and / or program data (hence, when a payment processing request is made from a predetermined payment customer, fingerprint information of the last payment customer stored in the memory unit 10950 is extracted (or confirmed), and the extracted immediately before payment. The payment terminal 10900 for transmitting the customer fingerprint information to the VAN company server with the payment approval request text including card information (eg, credit card number, etc.) read out from the payment customer card and predetermined payment information. A predetermined program recorded on a recording medium provided at the terminal) and / or a functional configuration provided at the payment terminal 10900. A possible component processed can be performed by also shown to be provided in the control unit (10905)).

According to the exemplary embodiment of the present invention, the control unit 10905 includes components (eg, the memory unit 10950, the card reader unit 10110, the key input unit 10920, and the fingerprint input unit included in the payment terminal 10900). 10955, screen output unit 10515, communication processor 10930, security application module 10935, print output unit 10940, and / or terminal function unit (not shown) according to the intention of those skilled in the art) By controlling and managing providing the electronic payment service defined in the payment terminal 10900, as well as requesting payment processing from a predetermined payment customer according to the present invention, the fingerprint of the last payment customer stored in the memory unit 10950 Extracts (or confirms) the information, and the payment approval request text including the card information (eg, a credit card number, etc.) read out from the payment customer card and predetermined payment information; together In order to transmit to the VAN company server, it is preferable to mutually control the components provided in the payment terminal 10900 or to execute a program recorded in a recording medium provided in the payment terminal 10900 for this purpose. Do.

The memory unit 10950 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the payment terminal 10900 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, and the predetermined program routine and the program data (for example, data input or output for the program routine to perform a predetermined function) that the control unit 10905 is required to perform a predetermined control function. ) Is stored.

According to an embodiment of the present invention, the memory unit 10950, when the payment terminal 10900 requests payment processing from a predetermined payment customer according to the present invention, fingerprint information of the previous payment customer stored in the memory unit 10950. Extracts (or confirms) and the extracted payment customer fingerprint information together with the payment approval request text including card information (eg, a credit card number) read out from the payment customer card and predetermined payment information. It is preferable to store the information (or data) generated in the process of transmitting to the VAN company server.

The payment customer card that reads payment customer card information (eg, credit card number, etc.) included in the full payment approval request message through the payment terminal 10900 is a contact type IC card based on ISO / IEC 7816 standard. Or a wireless IC chip), and / or a card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, wherein the card reader unit 10110 is the customer. An interface for reading at least one or more information or data included in the card may be provided.

According to an embodiment of the present invention, the card reader unit 10110 may be a contact IC reader unit providing an interface between the contact IC card and the payment terminal 10900, or the contactless IC card and the payment terminal 10900. A contactless IC reader may be provided to provide an interface between the terminals.

In the present invention, the card reader unit 10910 is shown as being provided in the payment terminal 10900, any one or more card reader unit 10110 of the card reader unit 10110 is the payment terminal (10900) It is noted that it can be detached from or connected via a predetermined cable.

For example, when the contact IC reader unit is a card reader unit 10910 based on ISO / IEC 7816, at least one or more electrical contact forms with a chip on board (COB) provided in the contact IC card. It comprises a contact point, and supplies power to the IC chip of the customer card through the contact point, and predetermined information from the IC chip through the half-duplex transaction using an Application Protocol Data Unit (APDU) (Eg, a credit card number, etc.) or data may be interfaced to the payment terminal 10900.

According to another exemplary embodiment of the present invention, when the fingerprint information of the customer is mounted in the payment customer IC card, the contact IC reader unit interfaces the payment customer fingerprint information to the payment terminal 10900 from the IC card. can do.

In addition, when the contactless IC reader unit is a card reader unit 10910 based on ISO / IEC 14443, the contactless electrical contact with the contactless IC card using capacitive coupling and / or inductive coupling, etc. It comprises at least one antenna to form a power supply, the power supply to the IC chip of the customer card through the antenna, and predetermined information from the IC chip through the half-duplex transaction using the APDU ( For example, a credit card number, etc.) or data may be interfaced to the payment terminal 10900.

According to another exemplary embodiment of the present invention, when the fingerprint information of the customer is mounted in the payment customer IC card, the contactless IC reader unit may interface the payment customer fingerprint information to the payment terminal 10900 from the IC card. Can be.

In addition, the payment terminal 10900 may further include an MS reader, wherein the MS reader is a card reader 10109 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil. Head), and the MS card in which predetermined information (e.g., magnetized binary data) is recorded is moved in a predetermined direction in close contact with the magnetic head (or the magnetic head records predetermined information). The mobile terminal is brought into close contact with the MS card), and the terminal 10900 transmits predetermined information or data from at least one or more tracks provided in the MS of the MS card by using a predetermined electrical signal loaded on the magnetic head. Can be interfaced with

The key input unit 10920 may include at least one key button including at least one number key and / or a character key and / or a function key. Detects information (or a signal) input from a key input device of a predetermined key and is provided to the key input device in a specific input mode and / or operation mode of the payment terminal 10900 controlled by the controller 10905. When predetermined information (or signal) is input from a key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 10905. The control unit 10905 acquires predetermined key data corresponding to the key event in the current input mode and / or operation mode of the payment terminal 10900, and / or is matched with the key event. A to obtain a command to execute a predetermined function of the features.

Here, the key input unit 10920 and the key input device having at least one key button interoperate with each other to perform a function of key input means provided in the payment terminal 10900.

The key input device interlocked with the key input unit 10920 may include a keypad device having at least one numeric key and a function key, and / or at least one numeric key and a character key (eg, English character key, and / or Korean character). Key) and / or a keyboard device having a function key, and / or having at least one numeric key and a function key in conjunction with the screen output means, and / or having at least one numeric key, a character key and a function key. It is preferable to include at least one touch screen device.

For example, the key input unit 10920 may receive a key data (eg, a payment amount) corresponding to the electronic payment service from at least one or more key input devices for the electronic payment service defined in the payment terminal 10900. It is preferable to perform the function of the input means, and when the payment processing request from a predetermined payment customer according to the present invention, the fingerprint information of the previous payment customer stored in the memory unit 10950 (or extracted), and the extraction In the process of transmitting the previous payment customer fingerprint information to the VAN company server along with the payment approval request text including the card information (eg, credit card number, etc.) read from the payment customer card and predetermined payment information. It is preferable to perform the function of the key input means for receiving at least one or more key data.

The screen output unit 10915 may be configured to include the control unit (10) in the process of the payment terminal 10900 performing a predetermined function (for example, payment customer fingerprint information processing function, direct payment customer fingerprint information checking function, electronic payment processing function, etc.). 10905) a predefined interface screen for defining at least one information or data which is predefined or is defined in real time to be output to a predetermined display device including a liquid crystal display (LCD) and / or a cathode ray tube (CRT) The screen output unit 10315 and the screen output device interoperate with each other to perform a function of the screen output means provided in the payment terminal 10900.

Predefined information or data to be output from the payment terminal 10900 to the screen output device includes key data input through the key input unit 10920 and / or components provided in the payment terminal 10900. Information (or data) stored or generated by the information, information (or data) transmitted / received through the communication processing unit 10930, and / or information corresponding to a predetermined operation result performed by the payment terminal 10900 (or Data) and at least one.

According to a preferred embodiment of the present invention, the screen output unit (10915) is a screen for outputting a predetermined processing screen according to the check payment fingerprint information, fingerprint information processing and electronic payment step defined in the payment terminal (10900) Perform the function of the output means.

The fingerprint input unit 10955 scans the payment customer fingerprint and transfers the scanned customer fingerprint data to the controller 10905 when the payment customer inputs a fingerprint through a predetermined fingerprint recognition (or input) device. .

The communication processor 10930 performs a payment network (eg, a VAN) while the payment terminal 10900 performs a predetermined function (for example, a direct payment customer fingerprint information verification function, a fingerprint information processing function, an electronic payment processing function, and the like). (Value Added Network) is connected to the VAN company server or the terminal (or device) or the payment terminal (10900) connected via a predetermined cable connected to the communication terminal via a predetermined short-range wireless communication It provides a predetermined communication means for connecting a communication session with a terminal (or device) is a network communication unit for connecting a predetermined communication channel with a VAN company server on a wired or wireless network, or a predetermined terminal via a predetermined cable communication port (Or device) a predetermined short range communication terminal via a cable communication unit for connecting a communication session, or at least one short range wireless communication means. Made by (turning apparatus) including a short range wireless communication unit for connecting the apparatus with a predetermined communication session comprises a communication protocol and / or the driver for connecting the communication channel (or communication session) by software.

The network communication unit may include a predetermined wired network and / or a mobile communication network including a Value Added Network (VAN) or a financial common network or high-speed Internet (eg, ADSL / VDSL / Cable Network /.../ satellite communication). A communication channel is connected to a server (for example, a VAN company server) on a wired / wireless network through a predetermined wireless network including a wireless data communication network, and the payment terminal 10900 is hardware-connected to a predetermined wired / wireless network. It may include a modem or a network interface card (NIC) for access, and may include a communication protocol and / or driver for software to connect the payment terminal 10900 to the wired or wireless network. have.

The cable communication unit connects a cable communication session with a predetermined terminal (or device) through a predetermined cable communication (eg, RS-232c or Universal Serial Bus (USB)), and the cable is connected in hardware. It comprises a predetermined cable communication port, and may comprise a communication protocol and / or driver for the cable communication in software.

Here, the terminal (or device) to which the cable communication session is connected through the cable communication unit preferably includes a predetermined point of sales (POS) terminal.

The short range wireless communication unit includes at least one of infrared ray communication, RF (Radio Frequency) communication, Bluetooth (BlueTooth), Wireless LAN (Wi-Fi), Wi-Fi (Wi-Fi), and Universal Serial Bus (USB). Characterized in that to connect a predetermined terminal (or device) and a short-range wireless communication session through at least one or more short-range wireless communication means, the hardware includes the infrared communication, RF communication, Bluetooth, WLAN, WiFi, UWB And a predetermined short range wireless communication module for short range wireless communication, and includes a communication protocol and / or a driver for the short range wireless communication in software.

Here, the terminal (or device) to which the short-range communication session is connected through the short-range communication unit preferably includes a customer wireless terminal that mounts or detaches a predetermined wireless IC chip.

The secure application module 10935 (SAM) is a confidentiality and / or authentication required by the payment terminal 10900 in the process of performing the electronic payment and / or electronic payment using the customer card ( Security requirements, including Authentication and / or Integrity and / or Nonrepudiation, are secure and trusted within the payment terminal 10900 without using an authentication server (or server) on the payment network. As a safety device for performing in a possible structure, the payment terminal 10900 is processed in the process of performing a predetermined security request function (for example, the direct payment customer fingerprint information verification function, fingerprint information processing function, electronic payment processing function, etc.) Encrypt or decrypt a given message (information or data), add an authenticator to prevent forgery (or tampering) of the message, or It can not in the course of performing the required function serves to save important key information.

In general, the security application module 10935 may be composed of a predetermined security application module 10935 inserter and a security application module 10935 chip, the security application module 10935 chip is a chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It may be made, including.

In addition, the security application module 10935 is at least one or more security application data (for example, at least one identifier, version, expiration date, issue date, code value, etc.) required to perform a predetermined security request function to the payment terminal (10900) ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocess / cancel command).

The print output unit 10940 may be configured to perform a predetermined function (eg, an electronic payment processing function) by the payment terminal 10900 and / or predetermined information or data (eg, payment approval details) generated as a result. Data, etc.) to a predetermined printing apparatus 10945 (for example, a receipt printer), and to print the print information or data through the predetermined printing apparatus 10945 according to a predefined printing form. It can be made by including a printing protocol and a driver.

Referring to FIG. 109, the control unit 10905 of the payment terminal 10900 generates the scanned payment customer fingerprint data provided from the fingerprint input unit 10955 as fingerprint information including a predetermined feature point, and generates the generated fingerprint information. A fingerprint information processing unit 10960 for encrypting fingerprint information, a card information (for example, a credit card number, etc.) read from the customer card through the card reader unit 10910 and a transaction input through the key input unit 10920. A professional component unit 10965 constituting a full payment approval request message including information (for example, payment amount information, etc.), and a fingerprint information verification unit which checks and extracts fingerprint information of a previous payment customer stored in the memory unit 10950. 10109, an information transmission unit 10970 for transmitting the full payment approval request and the confirmed immediately before payment customer fingerprint information to the VAN company server (or payment server), and the VAN company server. It may comprise a specialized receiver (10 975) for receiving a payment authorization response message corresponding to the authorization request professional.

The fingerprint information storage unit 10980 may further include a fingerprint information storage unit 10980 which stores the payment customer fingerprint information generated by the fingerprint information processing unit 10960 in the memory unit 10950.

When the payment customer fingerprint data scanned from the fingerprint input unit 10955 is provided, the fingerprint information processing unit 10960 applies a predetermined pattern recognition algorithm to the provided fingerprint data, in the same manner as fingerprint information of other payment customers. Except for the common points that may have, only the feature points (for example, ridges, valleys, shortcomings, and the like) of the payment customer are generated to generate fingerprint information in the form of a template.

In this case, the size of the template increases as the number of feature points increases, but the recognition error rate decreases. In general, about 15 to 60 feature points are included in the template, and the payment terminal 10900 It is noted that the recognition error rate and size of the fingerprint information may be changed according to the specification.

According to another exemplary embodiment of the present invention, when the customer fingerprint information is mounted on the customer IC card, the fingerprint information processing unit 10960 may receive customer fingerprint information read from the IC card from the card reader unit. Can be.

The fingerprint information processing unit 10960 encrypts the generated fingerprint information so that the fingerprint information cannot be used even if the fingerprint information of the payment customer is illegally stolen or leaked. The customer of the fingerprint information processing unit 10960 The fingerprint information encryption process will be described with reference to FIGS. 111 to 114 below, and this description will not be described separately in FIG.

In addition, the fingerprint information processing unit 10960, after the payment approval request message and the direct payment customer fingerprint information are transmitted through the information transmission unit 10970, the normal fingerprint response response of the immediately previous payment customer is received from the server. When received through the specialized receiving unit (10975), it is characterized in that to delete the last payment customer fingerprint information stored in the memory unit 10950.

When the fingerprint information of the current payment customer is generated through the fingerprint information processing unit 10960, the fingerprint information storage unit 10980 stores the generated customer fingerprint information in the memory unit 10950. .

Here, the fingerprint information of the payment customer is generated through the fingerprint information processing unit 10960 after the payment processing approval of the payment customer is completed, and stored in the memory unit 10950 through the fingerprint information storage unit 10980. Preferably, it is transmitted to the server at the next payment approval process of the customer.

The specialized component 10965 may include card information (eg, a credit card number, etc.) read from the customer card through the card reader unit 10910 and transaction information (eg, through the key input unit 10920). And a payment approval request message including payment amount information) and merchant information (or payment terminal 10900 information, etc.) previously stored in the memory unit 10950. The information is transmitted to the transmission unit 10970.

At this time, the information transmission unit 10970, the payment approval request text and the fingerprint information through the fingerprint information confirming unit (10985) is characterized in that the transfer to the server (or payment server) with the previous payment customer fingerprint information together.

Here, the information transmitting unit 10970, if the immediately before the customer fingerprint information does not exist through the fingerprint information confirmation unit (10985) (for example, payment error, rejection, fingerprint input device unavailable, If the previous payment customer fingerprint information is not input for reasons such as the termination of the session, only the configured payment approval request message is transmitted to the server.

The expert receiving unit 10175 may further receive a normal reception response result of the previous payment customer fingerprint information transmitted from the server.

110 is a diagram illustrating a configuration of a fingerprint information processing unit 10960 having a function of encrypting fingerprint information through a predetermined encryption key according to one embodiment of the present invention.

In more detail, in FIG. 110, in the fingerprint information processing unit 10960 of the payment terminal 10900 illustrated in FIG. 105, the fingerprint information processing unit 10 of the payment terminal 10900 receives fingerprint information input from a predetermined fingerprint input unit. A function configuration provided by encrypting through a predetermined encryption key at 10960, and a person having ordinary knowledge in the art to which the present invention pertains refers to the fingerprint input unit 10955 by referring to and / or modifying the drawing 110. It is possible to infer various implementation methods for the fingerprint information processing unit 10960 by encrypting fingerprint information inputted from a predetermined encryption key, but the present invention includes all of the inferred implementation methods, as shown in FIG. It is not limited to the implemented method.

Referring to FIG. 110, the fingerprint information processing unit 10960 stores a memory for linking and storing a predetermined encryption key for encrypting fingerprint information input from the fingerprint input unit 10955 and the encryption key index, and the encryption key. Characterized in that it comprises a password processing unit 11000 for encrypting the input fingerprint information through.

The memory may store a predetermined encryption key for encrypting the input fingerprint information, and the encryption key may be processed in association with a predetermined encryption key index to store the memory (or the payment terminal 10900 or the memory unit 10950). It is characterized in that stored in).

Here, the encryption key is an encryption key for encrypting the fingerprint information in a symmetric key (or secret key) encryption method, and / or an encryption key for encrypting the fingerprint information in a public key encryption method, and / or the fingerprint information. It may include at least one or more of an encryption key for encrypting the electronic envelope encryption method, and / or an encryption key for encrypting the fingerprint information in a key exchange encryption method.

In addition, the encryption key index stored in the memory in association with the encryption key is index information (for example, merchant code) for identifying a predetermined decryption key associated with the encryption key in a host that decrypts the encrypted fingerprint information. Or a payment terminal 10900 code, etc.), whereby a host (for example, a biometric information management server, etc.) that decrypts the encrypted fingerprint information is assigned to the encryption key based on the encryption key index. At least one corresponding decryption key may be identified and the encrypted fingerprint information may be decrypted using the identified decryption key.

Here, the decryption key identified through the encryption key index is a decryption key for decrypting the encrypted fingerprint information by a symmetric key (or secret key) decryption method, or decrypting the encrypted fingerprint information by a public key decryption method. At least one or more of a decryption key for decryption, a decryption key for decrypting the encrypted fingerprint information by an electronic envelope decryption method, or a decryption key for decrypting the encrypted fingerprint information by a key exchange decryption method.

According to another exemplary embodiment of the present invention, when the payment terminal 10900 information (or merchant code information) included in the payment approval request text generated by the payment terminal 10900 performs the encryption key index function, the memory The encryption key index may be omitted, and the present invention is not limited thereto.

The encryption processing unit 11000 may use a symmetric key (or secret key) encryption method, a public key encryption method, and / or a user fingerprint information input through the fingerprint input unit 10955 through an encryption key stored in the memory. And encrypting through at least one or more of an electronic envelope encryption scheme and / or a key exchange encryption scheme.

The fingerprint information encrypted by the fingerprint information processing unit 10960 is preferably secured until a predetermined decryption key is decrypted by a predetermined host (for example, a biometric information management server).

111 is a diagram illustrating a method for encrypting fingerprint information in a symmetric key (or secret key) method by the fingerprint information processing unit 10960 according to an embodiment of the present invention.

More specifically, FIG. 111 is a method of encrypting the fingerprint information by a symmetric key (or secret key) method in a fingerprint information processing unit 10960 equipped with an encryption function as shown in FIG. Those skilled in the art may refer to and / or modify this drawing 111 to infer various implementation methods for encrypting the fingerprint information in a symmetric key (or secret key) manner by the fingerprint information processing unit 10960. However, the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In the figure 111 according to the embodiment of the present invention, the symmetric key (or secret key) is preferably read from the memory (or payment terminal 10900, memory unit 10950) included in the fingerprint information processing unit 10960. Do.

Referring to FIG. 111, when user fingerprint information is input through the fingerprint input unit 10955, the fingerprint information is provided to the encryption processing unit 11000 (11100). When the user fingerprint information is provided, the encryption processing unit 11000 is provided. Read a predetermined symmetric key (or secret key) for encrypting fingerprint information from the memory (or payment terminal 10900, memory unit 10950) included in the fingerprint information processing unit 10960 (11105), The fingerprint information is encrypted using a symmetric key (or secret key) (11110).

Here, the encryption function of the encryption processing unit 11000 is called E (Encryption), the symmetric key (or secret key) is k (key), the fingerprint information is P (Plaintext), and the symmetric key (or secret key). If the fingerprint information encrypted with) is C (Ciphertext), the encryption function of the encryption processing unit 11000 may be expressed by an equation such as "Ek (P) = C".

According to the embodiment of the present invention, the encryption processing unit 11000 encrypts the fingerprint information through the symmetric key (or secret key), SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA It is preferable to include at least one or more of the International Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used, but the present invention is not limited to a specific encryption algorithm.

112 is a diagram illustrating a method for encrypting user fingerprint information in a public key infrastructure structure in the fingerprint information processing unit 10960 according to an embodiment of the present invention.

More specifically, FIG. 112 is a method for encrypting a user's fingerprint information in a public key infrastructure structure in a fingerprint information processing unit 10960 equipped with an encryption function as shown in FIG. 110, in the technical field to which the present invention pertains. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in the public key method by referring to and / or modifying the drawing 112. It includes all the inferred implementation method, and is not limited to the implementation method shown in FIG.

In the drawing 112 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 10900 and the memory unit 10950) of the fingerprint information processing unit 10960.

Referring to FIG. 112, when user fingerprint information is input through the fingerprint input unit 10955, the fingerprint information is provided to the encryption processing unit 11000 (11200). When the fingerprint information is provided, the encryption processing unit 11000 may provide the fingerprint information. A predetermined server side public key for encrypting the fingerprint information is extracted from a memory (11205), and the fingerprint information is encrypted through the extracted server side public key (11210).

Here, the encryption function of the encryption processing unit 11000 is called E (Encryption), the server side public key is k1 (key), the fingerprint information is P (Plaintext), and the fingerprint information encrypted with the server side public key. When C (Ciphertext), the encryption function of the encryption processing unit 11000 can be expressed by a formula such as "Ek1 (P) = C".

According to an embodiment of the present invention, the algorithm for encrypting the fingerprint information through the server-side public key by the encryption processing unit 11000 may include RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the fingerprint information through the RSA encryption algorithm among the encryption algorithms, the published method (Modulus) used in the encryption process is n, and the undisclosed prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 11000 may be expressed as" C = Ek1 (P) = Pe mod n ".

113 is a diagram illustrating a method for encrypting fingerprint information by an electronic envelope method in the fingerprint information processing unit 10960 according to an embodiment of the present invention.

More specifically, FIG. 113 is a method for encrypting the user fingerprint information by an electronic envelope method in a fingerprint information processing unit 10960 equipped with an encryption function as shown in FIG. 110, which is common in the art. Those skilled in the art will be able to infer various implementation methods for encrypting the user fingerprint information in an electronic envelope by the fingerprint information processing unit 10960 by referring to and / or modifying the drawing 113. It includes all the implementation methods, and is not limited to the implementation method shown in FIG.

In the diagram 113 according to the embodiment of the present invention, the server-side public key is preferably read from the memory (or the payment terminal 10900, the memory unit 10950) provided in the fingerprint information processing unit 10960.

Referring to FIG. 113, when the user fingerprint information is input from the fingerprint input unit 10955, the fingerprint input unit 10955 provides the fingerprint information to the encryption processing unit 11000 (11300). When the fingerprint information is provided, the encryption processing unit 11000 provides the fingerprint. Generates a random random secret key for encrypting the information in a secret key (symmetric key) method (11305), and encrypts the fingerprint information using the generated secret key (11310) .

Here, the encryption function of the encryption processing unit 11000 is called E (Encryption), the secret key is r (random secret key), the user fingerprint information is P (Plaintext), and the fingerprint information encrypted with the secret key is C In the case of (Ciphertext), the encryption function of the encryption processing unit 11000 can be expressed by a formula such as "Er (P) = C".

According to the exemplary embodiment of the present invention, the encryption processing unit 11000 encrypts the fingerprint information through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data Encryption Algorithm). It is preferable to include at least one of), and in addition to the encryption algorithm of various forms may be used, but the present invention is not limited by a specific encryption algorithm.

Thereafter, the encryption processing unit 11000 encrypts the secret key (random secret key) used to encrypt the user fingerprint information. For this purpose, the encryption processing unit 11000 extracts a predetermined server-side public key from the memory. (11315) The private key is encrypted using the server-side public key (11320).

Here, the encryption function of the encryption processing unit 11000 is called E (Encryption), the server-side public key is k1 (key), the secret key is r (random Secret key), and the secret encrypted with the server-side public key. If the key is C (Ciphertext), the encryption function of the encryption processing unit 11000 may be expressed by an expression such as "Ek1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key by the encryption processing unit 11000 may include RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 11000 may be expressed as" C = Ek1 (r) = re mod n ".

If the fingerprint information is encrypted with the secret key and the secret key is encrypted with the server-side public key, the encryption processing unit 11000 may encrypt the fingerprint information encrypted with the secret key and the secret key encrypted with the server-side public key. Interworking

114 is a diagram illustrating a method of encrypting fingerprint information in a key exchange method in the fingerprint information processing unit 10960 according to an embodiment of the present invention.

More specifically, FIG. 114 is an embodiment of a method for encrypting and transmitting the fingerprint information by a key exchange method in a fingerprint information processing unit 10960 equipped with an encryption function as shown in FIG. 110, which is common in the art. Those skilled in the art may refer to and / or modify this drawing 114 to infer various implementation methods for encrypting the fingerprint information in a key exchange method in the fingerprint information processing unit 10960, but the present invention is inferred from the above. It includes all implementation methods, and is not limited to the implementation method shown in FIG.

In the drawing 114 according to the embodiment of the present invention, the fingerprint input unit 10955 side private key and the server side public key may include the memory (or payment terminal 10900) memory unit 10950 provided in the fingerprint information processing unit 10960. It is preferable to read from).

Referring to FIG. 114, when user fingerprint information is input through the fingerprint input unit 10955, the fingerprint information is provided to the encryption processing unit 11000 (11400). When the fingerprint information is provided, the encryption processing unit 11000 may be configured to provide the fingerprint information. Generates a message digest including a predetermined one-way hash function (eg, a hash code of a predetermined length regardless of the length of the fingerprint information), and generates the hash code (or message digest). One-way hash function that cannot identify (or infer) the original message through the message input host 10955 and the host that decrypts the encrypted fingerprint information using the same hash function). And digitally sign the message digest by encrypting the message digest through the private key of the fingerprint information processing unit 10960 (11410).

Herein, the encryption function of the encryption processing unit 11000 is referred to as E (Encryption), the fingerprint information processing unit 10960 side private key is t1 (yerminal side key), the message digest is m (message digest), and the fingerprint If the message digest encrypted with the private key of the input unit 10955 is called C (Ciphertext), the digital signature function of the encryption processing unit 11000 may be expressed by an expression such as "Et1 (m) = C".

According to an embodiment of the present invention, an algorithm for encrypting the message digest by the encryption processing unit 11000 through the private key of the fingerprint information processing unit 10960 may include RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA ( Digital Signature Algorithm (DH), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, ECDH is preferably included at least one or more, in addition to various encryption algorithms may be used, specific encryption The present invention is not limited by the algorithm.

For example, in the case of encrypting the message digest through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the prime numbers that are not disclosed by the different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the digital signature function of the encryption processing unit 11000 may be expressed as" C = Et1 (m) = me mod n ".

In addition, the encryption processing unit 11000 generates a predetermined random secret key for encrypting the fingerprint information using a secret key (symmetric key) method (11415), and the fingerprint information and the fingerprint. The message digest encrypted with the private key of the input unit 10955 and the copy of the certificate (for example, a certificate including the public key of the fingerprint information processing unit 10960) of the memory are linked to each other and encrypted using the generated private key ( 11420).

Here, the encryption function of the encryption processing unit 11000 is called E (Encryption), the secret key is r (random secret key), the fingerprint information and the copy of the certificate P (Plaintext), and the fingerprint information encrypted with the secret key And a copy of the certificate is C (Ciphertext), the encryption function of the encryption processing unit 11000 can be expressed by a formula such as "Er (P) = C".

According to an embodiment of the present invention, the encryption processing unit 11000 encrypts the fingerprint information and the certificate copy through the secret key, SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International) It is preferable to include at least one or more of Data Encryption Algorithm, and in addition, various types of encryption algorithms may be used.

In addition, the encryption processing unit 11000 extracts a predetermined server-side public key from the memory (11425) to encrypt the private key that encrypts the fingerprint information, and uses the server-side public key to extract the fingerprint information. The encrypted secret key is encrypted (11430).

Here, the encryption function of the encryption processing unit 11000 is called E (Encryption), the server side public key is encrypted with s1 (server side key), the secret key is r (random secret key), and the server side public key. When the secret key is referred to as C (Ciphertext), the encryption function of the encryption processing unit 11000 may be expressed by an expression such as "Es1 (r) = C".

According to an embodiment of the present invention, the algorithm for encrypting the secret key through the server-side public key by the encryption processing unit 11000 may include RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), It is preferable to include at least one or more of DH (Diffie, Hellman), ECC (Elliptic Curve Cryptosystem), KCDSA, ECDSA, ECDH, in addition to various encryption algorithms may be used, the present invention by a specific encryption algorithm This is not limited.

For example, in the case of encrypting the secret key through the RSA encryption algorithm among the encryption algorithms, the public method (Modulus) used in the encryption process is n, and the non-public prime numbers with different prime factors of n are a and b. , If the published index (e.g., 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod (a-1). (b-1) ", wherein the encryption function of the encryption processing unit 11000 may be expressed as" C = Es1 (r) = re mod n ".

A copy of a certificate including the message digest encrypted with the fingerprint information and the private key of the fingerprint information processing unit 10960 and the public key of the fingerprint information processing unit 10960 is linked and encrypted through the generated secret key, and the secret. When a key is encrypted through the server-side public key, the encryption processing unit 11000 may encrypt the message digest and the fingerprint information processing unit encrypted with the fingerprint information encrypted with the secret key and the private key of the fingerprint information processing unit 10960. (10960) A predetermined encrypted fingerprint information is generated by associating a copy of the certificate including the public key on the side with the secret key encrypted with the server-side public key.

115 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

More specifically, the figure 115 is connected to the payment terminal 10900 shown in Figure 109 through a predetermined network (eg, VAN, etc.), the predetermined payment approval request from the payment terminal 10900 and the payment When the encrypted user biometric information of the immediately preceding user is previously stored in the terminal 10900, the sales slip corresponding to the encrypted user biometric information of the immediately preceding user and the encrypted user biometric information of the immediately preceding user are linked to each other. When the card company server is requested to confirm the unauthorized use of the card included in the sales slip, the encrypted user biometric information associated with the sales slip is checked, thereby verifying the encrypted user biometric information. Transmits to a predetermined biometric information management server, requests user unique identification information corresponding to the biometric information, and As a method of implementing a server (eg, a VAN company server) on a network that transmits the transmitted user unique identification information to the card company server when the user identification information corresponding to the biometric information is transmitted from the biometric information management server. In the technical field to which the present invention pertains, the sales to the predetermined biometric information management server in response to a request for confirming the unauthorized use of the card included in the sales slip by referring to and / or modifying the drawing 115. Various server configurations for requesting confirmation of user's unique identification information (eg, name, social security number, insurance number, driver's license number, financial transaction information, etc.) corresponding to the biometric information by transmitting encrypted biometric information. It may be inferred that, but the present invention includes all the implementation method inferred, the implementation shown in Figure 115 It shall not be limited by law.

In addition, although the server illustrated in FIG. 115 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the functional unit may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 115, the server includes a receiving unit 11505, a reading unit 1115, a specialized processing unit 1115, an approval requesting unit 1520, a biometric information processing unit 111535, and a sales information processing unit 11525. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 11505 includes a payment including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal 10900 shown in FIG. Receives the encrypted fingerprint information of the last user previously stored in the full text of the approval request and the payment terminal (10900), and transfers the received payment approval request full text to the reading unit (11510), and also of the last user The encrypted fingerprint information is transmitted to the biometric information processing unit 11535.

The reading unit 11510 reads the full text of the payment approval request, when the payment approval request message received through the receiving unit 11505 is transmitted, and user card information (eg, credit) included in the full text of the payment approval request. Card number, etc.), and the card company information corresponding to the checked card information, the card company information and the payment approval request details are transmitted to the approval request unit 1520.

The approval request unit 1520, when the payment approval request details and the card company information are transmitted through the reading unit 11510, transmits the payment approval request details to the card company server to request the approval of the payment, Receive a payment approval response to the payment approval request from the card company server.

The information processing unit forms a sales slip including payment approval history of a user immediately stored in a predetermined storage medium, and when the encrypted user fingerprint information of the previous user is received through the receiving unit 11505, the received encrypted The fingerprint information and the sales slip corresponding thereto are linked to be stored in a predetermined storage medium through the information storage unit 1930.

The biometric information processing unit 11535 transmits encrypted fingerprint information associated with the sales slip to a biometric information management server in response to a request for confirming the unauthorized use of a card included in the sales slip from the card company server. Request identification of corresponding user identification information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.), and the user identification information corresponding to the fingerprint information is stored through the biometric information management server. When the identification is confirmed, the received unique user identification information is received, and the received user unique identification information is transmitted to the card company server.

The expert processing unit 1115 receives the payment approval response received through the approval request unit 1520, configures a payment approval response message to be transmitted to the payment terminal 10900, and writes the configured payment approval response message. Transmission to the payment terminal 10900.

The information storage unit 1930 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

FIG. 116 is a diagram showing the functional configuration of a card company server 11600 according to an embodiment of the present invention.

More specifically, FIG. 116 is connected to the server shown in FIG. 115 by a predetermined network (eg, a payment network). When the payment approval request details are received from the server, payment corresponding to the payment approval request details is performed. When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user or the like, a request for unauthorized use confirmation of the card is made to the server, and the card user unique identification information is received from the server. As a method of implementing a card company server (11600) for receiving the user identification information by receiving, and confirming whether the user identification information is matched with the card user information, the card user, which is common in the technical field to which the present invention belongs Those skilled in the art may refer to and / or modify this drawing 116 for use transmitted from the server. Various card company servers 11600 configured to authenticate the card user by comparing the unique identification information with the user information stored in the card user information (customer information) DB (or storage medium), and responding to the request for confirming the unauthorized use of the card. It may be inferred that, but the present invention includes all the implementation methods inferred above, and is not limited to the implementation method shown in FIG.

In addition, although the card company server 11600 illustrated in FIG. 116 is shown to include at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and is provided in the server. The at least one functional component may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 116, the card company server 11600 includes a receiving unit 11605, a reading unit 11110, a specialized processing unit 11115, a user authentication unit 11120, a limit checking unit 1116, and information storage. It may be configured to include a part (11625), it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 11605 receives the payment approval request details of a predetermined card user from the server illustrated in FIG. 115 and transfers the received payment approval request details to the reading unit 1116.

The reading unit 1116 reads the payment approval request history received through the receiving unit 11605, confirms user card information, and checks the confirmed card information and payment approval request details (for example, a payment amount). Characterized in that the transfer to the limit check unit (11630).

When the user card information and payment approval request details (eg, payment amount, etc.) are transmitted through the reading unit 1116, the limit checking unit 1116 may check payment limit information corresponding to the card information. It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is delivered to the specialized processing unit 1115, and the result of the determination is transferred to the information storage unit 1625 and the card company DB (or stored). Media).

When the result of the determination that the payment is possible through the limit checking unit 1116 is transmitted, the specialized processing unit 1115 constructs a payment approval response detail including the transferred details and transmits the details to the server.

When the user authentication unit 1620 is requested to confirm the illegal use of the user card, the user authentication unit 1116 requests the user identification information according to the request for the unauthorized use of the card to correspond to the user card information from the server. When the unique user identification information is delivered, the user identification information is compared with the transmitted card user information, characterized in that for performing the user authentication for the transaction.

117 is a diagram showing the configuration of a biometric information management server according to an embodiment of the present invention.

More specifically, FIG. 117 is connected to the server shown in FIG. 115 through a predetermined network, receives predetermined encrypted user biometric information from the server, decrypts the received encrypted user biometric information, An embodiment of a biometric information management server configured to check user unique identification information corresponding to the decrypted user biometric information and transmit the identified user unique identification information to the server, which is common in the art. Those skilled in the art will be able to infer various server configurations for verifying user's unique identification information corresponding to the user's biometric information by decrypting the encrypted biometric information by referring to and / or modifying this figure 117. Includes all the implementation methods inferred, and is limited to the implementation method illustrated in FIG. It does not.

In addition, although the server illustrated in FIG. 117 is illustrated as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the functional unit may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 117, the biometric information management server 11700 may include an information receiving unit 11705, a decoding unit 11710, an information transmitting unit 11715, and an information confirming unit 1720. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 11705 may receive predetermined encrypted biometric information from the server illustrated in FIG. 115, and transmit the received encrypted biometric information to the decryption unit 1710.

The decryption unit 1710 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 11705 is transmitted. 11720).

An encrypted biometric information decryption process of the decryptor 1117 will be described in more detail with reference to FIGS. 118 to 121 below.

When the encrypted biometric information is decrypted by the decryption unit 1710, the information confirming unit 1720 confirms (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmission unit 1117.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information verification unit 1720, the information transmission unit 1117 may transmit the encrypted user identification information to the encrypted biometrics. Send the information to the server that sent it.

FIG. 118 illustrates a method of decrypting predetermined encrypted biometric information received from the server by the symmetric key (or secret key) method in the biometric information management server 11700 according to an embodiment of the present invention.

More specifically, FIG. 118 is encrypted from the payment terminal 10900 equipped with the encryption function as shown in FIG. 109, and the biometric information management server 11700 shown in FIG. The present invention relates to a method for decrypting by a symmetric key (or secret key) method, and if the skilled in the art to which the present invention pertains, refer to and / or modify this figure 118 to modify the encrypted biometric information. Although various implementation methods for decrypting using a symmetric key (or secret key) method may be inferred, the present invention includes all the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

In FIG. 118 according to an embodiment of the present invention, fingerprint information will be presented as an embodiment of the biometric information.

Referring to FIG. 118, the information receiving unit 11705 of the biometric information management server 11700 provides the encrypted fingerprint information received from the server to the decrypting unit 1710 (11800).

Thereafter, the decryption unit 1710 may be configured to decrypt the encrypted fingerprint information from a storage medium provided in the biometric information management server 11700 or provided in a predetermined key management server (for example, an authentication server) on a network. The extracted symmetric key (or secret key) is extracted or provided (11805), and the encrypted fingerprint information is decrypted through the extracted symmetric key (or secret key) (11810).

Here, the decryption function of the decryption unit 1710 is called D (Decryption), the symmetric key (or secret key) is k (key), and the fingerprint information encrypted with the symmetric key (or secret key) is C ( Ciphertext) and the decrypted fingerprint information are P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 1710 is "Dk = P, or Dk (Ek (P)) = P". It can be expressed as

According to an embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 1710 through the symmetric key (or secret key) is SEED, DES (Data Encryption Standard), Triple-DES, Skipjack It is preferable to include at least one or more of the International Data Encryption Algorithm (IDEA), and various forms of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 10900. The present invention is not limited by the specific decoding algorithm.

When the fingerprint information encrypted through the symmetric key (or the secret key) is decrypted as described above, the decryption unit 1710 transfers the decrypted fingerprint information to the information verification unit 1720, and the information verification unit 1720. ) May identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium.

FIG. 119 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server 11700 by the public key infrastructure according to an embodiment of the present invention.

More specifically, FIG. 119 illustrates a structure of a public key infrastructure in the biometric information management server 11700 for the encrypted biometric information encrypted from a payment terminal 10900 having an encryption function as shown in FIG. 109 and transmitted through the server. Method for decrypting by the method, if the present invention has a common knowledge in the art, fingerprints encrypted with the server-side public key in the payment terminal 10900 by referring to and / or modified in this figure 119. Although various implementation methods for decrypting information in a public key infrastructure structure can be inferred, the present invention includes all the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

According to an embodiment of the present invention, in FIG. 119, a server-side private key for decrypting fingerprint information encrypted with the server-side public key in a public key infrastructure structure is provided in the biometric information management server 11700 or on a network. It is preferable to read from the storage medium provided in the key management server (for example, authentication server, etc.), and the present invention is not limited thereby.

Referring to FIG. 119, the encrypted fingerprint information received through the information receiver 11705 of the biometric information management server 11700 is provided to the decryption unit 1710 (11900).

Thereafter, the decryption unit 1710 extracts a server-side private key for decrypting the encrypted fingerprint information from a storage medium provided in the biometric information management server 11700 or a predetermined key management server (11905). The encrypted fingerprint information is decrypted using the extracted server-side private key (11910).

Here, the decryption function of the decryption unit 1710 is called D (Decryption), the server-side private key is k2 (key), the fingerprint information encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When the fingerprint information decrypted by the key is called P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 1710 is expressed by a formula such as "Dk2 = P, or Dk2 (Ek (P)) = P". I can express it.

According to an embodiment of the present invention, an algorithm for decrypting the fingerprint information encrypted by the payment terminal 10900 with the server-side public key through the server-side private key may be RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 10900, the present invention is not limited by a specific decryption algorithm.

For example, when the fingerprint information is decoded through the RSA decryption algorithm among the public key based decryption algorithms, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the reading unit 180 may be expressed as" P = Dk2 = Cd mod n ".

When the fingerprint information encrypted with the server-side public key is decrypted by the payment terminal 10900 through the server-side private key as described above, the decryption unit 1710 transfers the decrypted fingerprint information to the information verification unit 1720. The information confirming unit 1720 may identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium.

120 is a diagram illustrating a method of decrypting encrypted biometric information received from the biometric information management server 11700 from the server according to an embodiment of the present invention by an electronic envelope method.

More specifically, FIG. 120 is encrypted by the biometric information management server 11700 that receives the encrypted biometric information encrypted from the payment terminal 10900 having the encryption function as shown in FIG. 109 and transmitted through the server. The present invention relates to a method for decoding biometric information by an electronic envelope method. If the present invention belongs to those skilled in the art, the electronic device may be referred to and / or modified with reference to FIG. 120. It is possible to infer various implementation methods for decrypting the fingerprint information encrypted in the manner in the biometric information management server (11700) by the same electronic envelope method, but the present invention includes all the inferred implementation methods, as shown in FIG. It is not limited to the implementation method shown.

In this drawing 120 according to the embodiment of the present invention, a server-side private key for decrypting the encrypted fingerprint information by an electronic envelope method is provided in the biometric information management server 11700 or a predetermined key management server (for example, on a network). It is preferable to read from the storage medium provided in the authentication server, etc., whereby the present invention is not limited.

Referring to FIG. 120, the encrypted fingerprint information received through the information receiving unit 11705 of the biometric information management server 11700 is provided to the decryption unit 1710 (12000), and thereafter, the decryption unit 1710 ) Extracts a server-side private key for decrypting the encrypted secret key included in the fingerprint information from a storage medium provided in the biometric information management server 11700 or provided in a predetermined key management server (12005), By decrypting the secret key encrypted with the server-side public key in the payment terminal 10900 through the extracted server-side private key (12010), a predetermined secret key for decrypting the fingerprint information is extracted (12015), The fingerprint information is decrypted using the extracted secret key (12020), and the payment terminal 10900 extracts the fingerprint information encrypted with the secret key (12025).

Here, the decryption function of the decryption unit 1710 is called D (Decryption), the server-side private key is k2 (key), the secret key encrypted with the server-side public key is C (Ciphertext), and the server-side individual. When the secret key decrypted with the key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 1710 is as follows: "Dk2 = r, or Dk2 (Ek1 (r)) = r". It can be expressed as an expression.

According to an embodiment of the present invention, an algorithm for decrypting the secret key encrypted by the payment terminal 10900 with the server-side public key through the server-side private key is RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 10900, the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoding unit 11710 may be expressed as" P = Dk2 = Cd mod n ".

Here, the decryption function of the decryption unit 1710 is called D (Decryption), the secret key is r (random secret key), the fingerprint information encrypted with the secret key (C (Ciphertext)), and the decrypted fingerprint When the information is referred to as P (Plaintext), the function of decrypting the encrypted fingerprint information by the decryption unit 1710 may be expressed by a formula such as "Dr = P or Dr (Er (P)) = P".

According to an embodiment of the present invention, the algorithm for decrypting the encrypted fingerprint information by the decryption unit 1710 through the secret key is SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, IDEA (International Data). It is preferable to include at least one or more of the Encryption Algorithm, and in addition to the decryption algorithm of various forms may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal (10900), The present invention is not limited by the specific decoding algorithm.

When the fingerprint information is decrypted as described above, the decryption unit 1710 may provide the decrypted fingerprint information to the information verification unit 1720, and the information verification unit 1720 corresponds to the decrypted biometric information. User identification information can be identified (or extracted) from a predetermined storage medium.

121A and 121B illustrate a method of decrypting encrypted biometric information received from the biometric information server 11700 by the key exchange method according to an embodiment of the present invention.

More specifically, FIGS. 121a and 121b illustrate the encrypted fingerprint information in the biometric information management server 11700 which receives the encrypted fingerprint information from the payment terminal 10900 having the encryption function as shown in FIG. 109 through the server. The present invention relates to a method of decrypting by a key exchange method, and the present invention belongs to those skilled in the art. Referring to FIG. 121 and / or modified, the payment terminal 10900 performs the key exchange method. Various implementation methods for decrypting the encrypted payment means information in the biometric information management server 11700 by the same key exchange method may be inferred, but the present invention includes all the inferred implementation methods, as shown in FIG. 121. It is not limited to the implemented method.

In this figure 121 according to the embodiment of the present invention, the server-side private key and the payment terminal 10900-side public key for decrypting the encrypted fingerprint information in a key exchange method are provided in the biometric information management server 11700 or It is preferable to read from a storage medium provided in a predetermined key management server or the like, and the present invention is not limited thereto.

121A and 121B, when the encrypted fingerprint information is received and transmitted through the information receiving unit 11705 of the biometric information management server 11700 (12100), the encrypted fingerprint information is decrypted by the decryption unit 11710. The fingerprint information encrypted with the secret key is a copy of a certificate including the message digest encrypted with the private key of the payment terminal 10900 and the public key of the payment terminal 10900, and the server. It is preferable to include the secret key encrypted with the side public key.

Thereafter, the decryption unit 1710 receives the server-side private key from a storage medium provided in the biometric information management server 11700 or provided in a predetermined key management server to decrypt the secret key encrypted with the server-side public key. Extracting (12110) and decrypting the secret key through the server-side private key (12115), the message digest encrypted with the fingerprint information and the private key of the payment terminal (10900) and the payment terminal (10900) are disclosed. The secret key for decrypting the copy of the certificate containing the key is extracted (12120).

Here, the decryption function of the decryption unit (11710) is called D (Decryption), the server side private key is s2 (server side key), the secret key encrypted with the server side public key is C (Ciphertext), and the server When the secret key decrypted with the side private key is r (random secret key), the function of decrypting the encrypted secret key by the decryption unit 1710 is "Ds2 = r, or Ds2 (Es1 (r)) = r". It can be expressed as

According to an embodiment of the present invention, an algorithm for decrypting the secret key encrypted by the payment terminal 10900 with the server-side public key through the server-side private key is RSA (Ron Rivest, Adi Shamir). , Len Adleman (DSA), Digital Signature Algorithm (DSA), Diffie, Hellman (DH), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. Although it may be used, the decryption algorithm is characterized in that it is matched with the encryption algorithm used in the payment terminal 10900, the present invention is not limited by a specific decryption algorithm.

For example, when decrypting the secret key through the RSA decryption algorithm among the public key-based decryption algorithms, n is a public method (Modulus) used in the decryption process, and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoding unit 1710 may be expressed as" P = Ds2 = Cd mod n ".

When the secret key is extracted as described above, the decryption unit 1710 uses the extracted secret key to encrypt the message digest and the payment terminal 10900 side with the private key of the fingerprint information and the payment terminal 10900 side. By decrypting the copy of the certificate including the public key (12125), the message digest encrypted with the secret key and the message digest encrypted with the private key of the payment terminal (10900) and the public key of the payment terminal (10900) Extract a copy of the certificate.

Here, the decryption function of the decryption unit 1710 is called D (Decryption), and the secret key is encrypted with r (random secret key), fingerprint information encrypted with the secret key, and the private key of the payment terminal (10900). A copy of the certificate including a message digest and a public key of the payment terminal 10900 side is encrypted with C (Ciphertext), the decrypted fingerprint information and the private key of the payment terminal 10900 side, and the payment terminal 10900 When the copy of the certificate including the public key is called P (Plaintext), the decryption unit 1710 may encrypt the message digest and the payment terminal 10900 encrypted with the encrypted fingerprint information and the private key of the payment terminal 10900. The function of decrypting the copy of the certificate including the public key can be expressed by an expression such as "Dr = P, or Dr (Er (P)) = P".

According to the exemplary embodiment of the present invention, the decryption unit 1710 is encrypted with the encrypted fingerprint information and the private key of the payment terminal 10900 side through the secret key and the public key of the payment terminal 10900 side. Algorithm for decrypting the copy of the certificate, including, is preferably made of at least one or more of SEED, DES (Data Encryption Standard), Triple-DES, Skipjack, International Data Encryption Algorithm (IDEA), in addition to various forms of decryption An algorithm may be used, but the decryption algorithm is matched with an encryption algorithm used in the payment terminal 10900, and the present invention is not limited to a specific decryption algorithm.

In addition, the decryption unit 1710 decrypts the message digest encrypted with the private key of the payment terminal 10900 through the public key of the payment terminal 10900 (12130), so that the fingerprint is received by the payment terminal 10900. The message digest generated and transmitted from the information is extracted (12135).

Here, the decryption function of the decryption unit 1710 is referred to as D (Decryption), and the message digest encrypted with the terminal side key (t2) of the payment terminal (10900) and the private key of the payment terminal (10900) is When the message digest decrypted with C (Ciphertext) and the payment terminal 10900 side public key is m (Message Digest), the function of decrypting the encrypted message digest by the decryption unit 1710 is "Dt2 = m". Or Dt2 (Es1 (r)) = m ".

According to an embodiment of the present invention, an algorithm for decrypting the message digest encrypted by the decryption unit 11710 with the private key of the payment terminal 10900 from the payment terminal 10900 through the public terminal of the payment terminal 10900 may include: , At least one of RSA (Ron Rivest, Adi Shamir, Len Adleman), DSA (Digital Signature Algorithm), DH (Diffie, Hellman), Elliptic Curve Cryptosystem (ECC), KCDSA, ECDSA, and ECDH. In addition to the above, various types of decryption algorithms may be used, but the decryption algorithm is matched with the encryption algorithm used in the payment terminal 10900, and the present invention is not limited to a specific decryption algorithm.

For example, when decrypting the message digest through the RSA decryption algorithm of the public key-based decryption algorithm, n is a public method (Modulus) used in the decryption process and n is a prime number that is not disclosed by different prime factors of n. If a and b, the published index (e.g. 3 or 216+) is e and the undisclosed index is d, then n satisfies "n = a * b" and d is "de = 1 mod ( a-1) (b-1) ", wherein the decoding function of the decoding unit 1710 may be expressed as" P = Dt2 = Cd mod n ".

Thereafter, the decryption unit 1710 generates a predetermined message digest through the same one-way hash function with the received fingerprint information (12140), and then generates the generated message digest and the decrypted message. By comparing the digest (12145), the validity of the received fingerprint information can be confirmed.

If the generated message digest and the decrypted message digest match (12150), the decryption unit 1710 may transfer the fingerprint information to the information verification unit 1720, and the information verification unit 1720 may User identification information corresponding to the decrypted biometric information may be identified (or extracted) from a predetermined storage medium.

122 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

More specifically, the process shown in FIG. 122 is performed on the user authentication information processing system shown in FIG. 108, and a payment terminal equipped with predetermined biometric information input means (for example, fingerprint recognition means, etc.) The server on the network (for example, VAN, etc.) of the payment approval request message including the user card information and payment information (for example, the payment amount) and the encrypted biometric information of the user immediately stored in the memory of the payment terminal 10900 in 10900. (For example, a VAN company server, etc.), the encrypted fingerprint information of the immediately preceding user and the sales slip of the immediately preceding user are stored in a predetermined storage medium, and then stored in the sales slip from the card company server 11600. When requesting the card user confirmation due to misuse of an included user card, the server checks the requested sales slip, After confirming the encrypted user biometric information associated with the sales slip, the identified encrypted user biometric information is transmitted to a predetermined biometric information management server 11700, and the user unique identification information corresponding to the biometric information (eg, Request confirmation of name, resident registration number, insurance number, driver's license number, financial transaction information, etc., and decrypts the encrypted biometric information in the biometric information management server 11700 to identify the user uniquely corresponding to the biometric information. After confirming the information, and transmitting the identified user unique identification information to the server, the server transmits the identified user unique identification information to the card company server (11600), the card company server (11600) As an implementation method for the process of performing the card user's own authentication through user's unique identification information, Those skilled in the art will be able to infer various user authentication information processing procedures by referring to and / or modifying the drawing 122, but the present invention includes all the implementation methods inferred above, It is not limited to the implementation method shown.

According to the user authentication information processing shown in FIG. 122, when the payment terminal 10900 shown in FIG. 109 reads card information from the user card and checks the payment information input through a predetermined key input means (12200). The payment terminal 10900 generates a payment approval request text including card information and payment information, and extracts the encrypted fingerprint information of the immediately preceding user previously stored in the payment terminal 10900 (12202). Transmits the generated payment approval request message and the extracted immediately before user encrypted fingerprint information to a server on a network (12204);

Then, the server transfers the payment approval request details included in the received payment approval request message to the card company server 11600 to make an approval request (12206), and the payment corresponding to the approval request from the card company server 11600. When the approval response is received, the payment approval response message is transmitted to the payment terminal 10900 (12208).

In operation 12210, the server associates the encrypted fingerprint information of the immediately preceding user with the corresponding sales slip and stores it in a predetermined storage medium. Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 11600 (12212), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. In operation 12214, the encrypted user fingerprint information is transmitted to the biometric information management server 11700, and the user unique identification information corresponding to the fingerprint information is requested in operation 12216.

In addition, the biometric information management server 11700 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 118 to 121 corresponding to an encryption method of the payment terminal 10900 (12218). ).

When the encrypted fingerprint information is decrypted, the biometric information management server 11700 identifies a user uniquely corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 11700). Check the code (12220).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (12222), the biometric information management server (11700) transmits the identified unique identification code to the server (12224), while the decryption If the user identification code corresponding to the fingerprint information is not confirmed, the biometric information management server 11700 may notify the server that there is no corresponding identification code (12226).

When the user identification information corresponding to the encrypted fingerprint information is received from the biometric information management server 11700, the server transmits the received user identification information to the card company server 11600 (12228).

When the user unique identification information is received, the card company server 11600 checks user information corresponding to the card information, and compares the identified user information with the user unique identification information to perform user authentication (12230). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

123 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, FIG. 123 is a full text of a payment approval request including user card information and payment information (eg, payment amount, etc.) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.). When the encrypted biometric information of the last user previously stored in the terminal memory is transmitted to a server (for example, a VAN company server, etc.) on the network (for example, a VAN company server), the encrypted fingerprint information of the last user and the sales slip of the last user are transferred. After storing in a predetermined storage medium in association with the card company server, if the card user confirmation is requested from the card company server by misuse of the user card included in the sales slip, the server checks the requested sales slip, Confirming the encrypted user biometric information associated with the sales slip to confirm the encrypted user biometric information and the user card. When the beam is transmitted to a predetermined biometric information management server, the encrypted biometric information is decrypted by the biometric information management server to confirm user unique identification information corresponding to the biometric information, and the identified user unique identification information is stored in the user. As a method for implementing a system configuration for transmitting the card information corresponding to the card information to the card company server, and performing the card user identification through the transmitted unique user identification information from the card company server, which is common in the art. Those skilled in the art will be able to infer various user authentication information processing system configurations by referring to and / or modifying this drawing 123, but the present invention encompasses all the inferred implementation methods, as shown in this drawing 123. It is not limited to implementation method.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 123, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and card information read from the user card (eg, when the card user requests payment of a predetermined user). , A credit card number, etc.) and a predetermined payment approval request message including predetermined payment information, and the encrypted biometric information of the immediately preceding user previously stored in the configured payment approval request message and the payment terminal memory is stored on the server on the network. It characterized in that the transmission to.

The server is connected to the payment terminal through a predetermined network (eg, a VAN). When the encrypted user biometric information of the immediately preceding user is received from the payment terminal, the server corresponds to the received immediately user encrypted biometric information. When the sales slip is processed in association with the encrypted biometric information of the immediately preceding user and stored in a predetermined storage medium, the card company server requests the card user confirmation by using the user card included in the sales slip. Confirming the requested sales slip in the server, checking encrypted user biometric information associated with the sales slip, and converting the identified encrypted user biometric information and the user card information to a predetermined biometric information management server. send.

The biometric information management server is connected to the server through a predetermined network, receives encrypted user biometric information and user card information from the server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric information. And identifying the user unique identification information corresponding to the user biometric information, and transmitting the identified user unique identification information to a card company server corresponding to the user card information.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the user's user for the card for which the user's card is used for confirmation, and identifying the user uniquely from the biometric information server. When the information (for example, name, social security number, insurance number, driver's license number, financial transaction information, etc.) is received, the card user information associated with the confirmed card information is inquired, and the user unique identification information is retrieved. By confirming that the user information is matched, it is characterized in that the identity of the card user is performed. The.

124 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

In more detail, FIG. 124 is connected to the payment terminal shown in FIG. 109 through a predetermined network (eg, a VAN), and includes a predetermined payment approval request message from the payment terminal and a user immediately stored in the payment terminal. When the encrypted user biometric information is received, the sales slip corresponding to the encrypted user biometric information of the immediately preceding user and the encrypted user biometric information of the immediately preceding user are interworked and stored in a predetermined storage medium, and the card company When a request for unauthorized use of the card included in the sales slip is requested from the server, the encrypted user biometric information associated with the sales slip is checked to determine the encrypted user biometric information and the user card information. Implementation of the server (for example, VAN company server) configuration on the network to send to the information management server As a method, a person of ordinary skill in the art to which the present invention pertains may refer to the biometrics management server according to the request for confirming the illegal use of a card included in the sales slip by referring to and / or modifying the drawing 124. Although it is possible to infer various server configurations for transmitting encrypted biometric information and the user card information corresponding to the sales slip, the present invention includes all the inferred implementation methods, and the implementation method illustrated in FIG. It is not limited to this.

In addition, although the server illustrated in FIG. 124 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 124, the server includes a receiving unit 12400, a reading unit 12405, a specialized processing unit 12410, an approval requesting unit 12415, a biometric information processing unit 12435, and a sales information processing unit 12425. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 12400 is a full payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. And receives the encrypted fingerprint information of the last user previously stored in the payment terminal memory, transfers the received payment approval request message to the reading unit 12405, and transmits the encrypted fingerprint information of the immediately previous user. The biometric information processor 12435 transmits the biometric information processor 12435.

The reading unit 12405 reads the payment approval request text when the payment approval request text received through the receiving unit 12400 is transmitted, and reads the user card information (eg, a credit card) included in the payment approval request text. Number, etc.), and the card company information corresponding to the confirmed card information, and then the confirmed card company information and the payment approval request details are transmitted to the approval request unit 12415.

The approval request unit 12415, when the payment approval request details and the card company information are transmitted through the reading unit 12405, transmits the payment approval request details to the card company server, and requests the approval of the payment. Receive a payment approval response to the payment approval request from the card company server.

The information processing unit forms a sales slip including payment approval history of a user immediately stored in a predetermined storage medium, and when the encrypted user fingerprint information of the previous user is received through the receiving unit 12400, the received encrypted The fingerprint information and the sales slip corresponding thereto are linked to be stored in a predetermined storage medium through the information storage unit 12430.

The biometric information processor 12435 transmits the encrypted fingerprint information and the user card information associated with the sales slip to the biometric information management server in response to a request for confirming the unauthorized use of the card included in the sales slip from the card company server. .

The specialized processing unit 12410 receives the payment approval response received through the approval request unit 12415, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send.

The information storage unit 12230 stores information (or data) collected or generated in the process of performing the corresponding function by the at least one or more function components provided in the server.

125 is a diagram showing the functional configuration of a card company server 12500 according to an embodiment of the present invention.

More specifically, FIG. 125 is connected to the server shown in FIG. 124 by a predetermined network (eg, a payment network). When the payment approval request details are received from the server, payment corresponding to the payment approval request details is performed. When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from a user, the server requests the server for unauthorized use confirmation, and the card user is sent from the biometric information server. An embodiment of the present invention relates to a card company server 12500 configured to perform identity verification for the card user by receiving the unique identification information and confirming that the user identification information corresponds to the card user information. Those skilled in the art can refer to and / or modify this diagram 125 to transfer from the server. Various card company servers 12500 for authenticating the card user in response to a request for confirming the unauthorized use of the card by comparing the user's unique identification information with the user information stored in the card user information (customer information) DB (or storage medium). The configuration may be inferred, but the present invention includes all the implementation methods inferred above and is not limited to the implementation method shown in FIG.

In addition, although the card company server 12500 illustrated in FIG. 125 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively. At least one or more functional components may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 125, the card company server 12500 includes a receiver 12505, a reader 12510, a professional processor 12515, a user authentication unit 12520, a limit check unit 1250, and information storage. It may be configured to include a part 112525, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 12505 receives the payment approval request details of a predetermined card user from the server illustrated in FIG. 124, and transmits the received payment approval request details to the reading unit 12210.

The reading unit 12510 reads the payment approval request history received through the receiving unit 12505, confirms user card information, and checks the confirmed card information and payment approval request details (for example, payment amount). Characterized in that the transfer to the limit checker (12530).

When the user card information and payment approval request details (for example, payment amount, etc.) are transmitted through the reading unit 12510, the limit checking unit 1250 checks payment limit information corresponding to the card information. It is determined whether payment of the payment amount included in the payment approval request details is possible, and the result of the determination is delivered to the specialized processing unit 12515, and the result of the determination is transferred to the information storage unit 1525 to the card company DB (or storage). Media).

When the result of the determination that the payment is possible through the limit checking unit 12530 is transmitted, the specialized processing unit 12515 forms a payment approval response detail including the transferred details and transmits the details to the server.

When the user authentication unit 12520 is required to confirm the illegal use of the user card, the user authentication unit 12520 requests the user identification information according to the request for the unauthorized use of the card from the server, the user card from the biometric information management server When the user specific identification information corresponding to the information is transmitted, the user identification information for the corresponding transaction is performed by comparing the transmitted user unique identification information with the card user information.

FIG. 126 is a diagram illustrating a functional configuration of the biometric information management server 12600 according to an embodiment of the present invention.

In more detail, FIG. 126 is connected to the server shown in FIG. 124 via a predetermined network, receives encrypted user biometric information and user card information from the server, and receives the received encrypted user biometric information. And decrypts the user identification information corresponding to the decrypted user biometric information, and transmits the identified user identification information to the card company server 12500 corresponding to the user card information. As a method for implementing a configuration, a person having ordinary knowledge in the technical field to which the present invention pertains refers to a user corresponding to the user biometric information by decrypting the encrypted biometric information by referring to and / or modifying the drawing of FIG. While various server configurations may be inferred for identifying uniquely identifying information, the present invention is inferred from the above inferred model. Any implementation method is included and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 126 is shown to include at least one or more functional components, this is merely one embodiment for more effectively explaining the present invention, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 126, the biometric information management server 12600 may include an information receiver 12605, a decoder 12610, an information transmitter 12515, and an information checker 12620. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiving unit 12605 receives predetermined encrypted biometric information and user card information from the server shown in FIG. 124, transfers the received encrypted biometric information to the decryption unit 12610, and transmits the user card. It is characterized by transmitting the information to the information transmission unit (12615).

The decryption unit 12610 decodes the encrypted biometric information when the encrypted biometric information received through the information receiving unit 12605 is transmitted. 12620).

An encrypted biometric information decryption process of the decryption unit 12610 will be described with reference to FIGS. 118 to 121.

When the encrypted biometric information is decrypted by the decryption unit 12610, the information checking unit 12620 may identify (or extract) user-specific identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 12615.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information confirmation unit 12620, the information transmission unit 12215 receives the transmitted user unique identification information as the user card information. It transmits to the card company server 12500 corresponding to the.

127 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

More specifically, the process shown in FIG. 127 is performed on the user authentication information processing system shown in FIG. 123, and in a payment terminal equipped with a predetermined biometric information input means (for example, fingerprint recognition means, etc.). A server on a network (for example, a VAN server) that stores encrypted payment information of a user immediately before the payment approval request message including user card information and payment information (for example, a payment amount) and previously stored in a payment terminal memory. Etc.), the encrypted fingerprint information of the immediately preceding user and the sales slip of the immediately preceding user are stored in a predetermined storage medium, and then the user card included in the sales slip is denied from the card company server 12500. When requesting the card user confirmation by use, etc., the server confirms the requested sales slip, and before the sales Checking the encrypted user biometric information associated with the, and transmits the encrypted user biometric information and the user card information to a predetermined biometric information management server 12600, the biometric information management server 12600 the encryption Decrypts the biometric information, checks the user unique identification information corresponding to the biometric information, and transmits the identified user unique identification information to the card company server 12500 corresponding to the user card information, thereby transmitting the card company server 12500. As an embodiment of the method for performing the card user's own authentication through the user's unique identification information transmitted from the above), a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or see FIG. It will be possible to infer a variety of user authentication information processing process by modifying, but the present invention is to implement all the inferred method It is not limited to the implementation method shown in FIG.

According to the user authentication information processing shown in FIG. 127, the payment terminal shown in FIG. 109 reads card information from the user card and checks the payment information input through a predetermined key input means (12700). The payment terminal generates a payment approval request text including card information and payment information, extracts the encrypted fingerprint information of the immediately preceding user previously stored in the payment terminal memory (12702), and generates the payment approval request text message. The extracted immediately before user encrypted fingerprint information is transmitted to a server on a network (12704),

Then, the server transfers the payment approval request details included in the received payment approval request message to the card company server 12500 to make an approval request (12706), and the payment corresponding to the approval request from the card company server 12500. When the approval response is received, the payment approval response message is transmitted to the payment terminal (12708).

In operation 12710, the server associates the encrypted fingerprint information of the immediately transmitted user with the corresponding sales slip and stores it in a predetermined storage medium. Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 12500 (12712), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. In operation 12714, the encrypted user fingerprint information and the user card information are transmitted to the biometric information management server 12600 (12716).

The biometric information management server 12600 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 118 to 121 corresponding to an encryption method of the payment terminal (12718).

When the encrypted fingerprint information is decrypted, the biometric information management server 12600 may identify a user uniquely corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 12600). Check the code (12720).

If the user identification code corresponding to the decrypted fingerprint information is confirmed (12722), the biometric information management server 12600 transmits the identified unique identification code to the card company server (12500) (12724), On the other hand, if the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 12600 may notify the server that there is no corresponding identification code (12226).

When the user unique identification information is received, the card company server 12500 checks user information corresponding to the card information, and compares the identified user information with the user unique identification information to perform user authentication (12728). It is possible to authenticate the user corresponding to the sales slip requested to confirm the fraudulent use.

128 is a diagram showing the configuration of a user authentication information processing system according to another embodiment of the present invention.

More specifically, this drawing 128 shows the full text of payment approval request including user card information and payment information (eg payment amount) in a payment terminal equipped with predetermined biometric information input means (eg, fingerprint recognition means, etc.) and payment. When the encrypted biometric information of the last user previously stored in the terminal memory is transmitted to a server (for example, a VAN company server, etc.) on the network (for example, a VAN company server), the encrypted fingerprint information of the last user and the sales slip of the last user are transferred. After storing in a predetermined storage medium in association with the card company server, if the card user confirmation is requested from the card company server by misuse of the user card included in the sales slip, the server checks the requested sales slip, Checking the encrypted user biometric information associated with the sales slip, the card company server to verify the encrypted user biometric information If provided, the card company server transmits the encrypted user biometric information to a predetermined biometric information management server, and decrypts the encrypted biometric information at the biometric information management server to obtain user unique identification information corresponding to the biometric information. In accordance with an embodiment of the present invention, a system configuration for verifying and transmitting the identified user identification information to the card company server and performing the card user identification through the transmitted user identification information from the card company server is provided. Those skilled in the art will be able to infer various user authentication information processing system configurations by referring to and / or modifying the drawing 128, but the present invention includes all the inferred implementation methods, It is not limited to the implementation method shown in FIG.

User authentication information processing system according to an embodiment of the present invention with reference to Figure 128, characterized in that the payment terminal, server, biometric information management server and card company server (or financial company server) is connected through a predetermined network The payment terminal may include predetermined biometric information input means (for example, fingerprint recognition means, etc.) for acquiring user biometric information, and card information read from the user card (eg, when the card user requests payment of a predetermined user). , A credit card number, etc.) and a predetermined payment approval request message including predetermined payment information, and the encrypted biometric information of the immediately preceding user previously stored in the configured payment approval request message and the payment terminal memory is stored on the server on the network. It characterized in that the transmission to.

The server is connected to the payment terminal through a predetermined network (eg, a VAN). When the encrypted user biometric information of the immediately preceding user is received from the payment terminal, the server corresponds to the received immediately user encrypted biometric information. When the sales slip is processed in association with the encrypted biometric information of the immediately preceding user and stored in a predetermined storage medium, the card company server requests the card user confirmation by using the user card included in the sales slip. The server confirms the requested sales slip in the server, checks encrypted user biometric information associated with the sales slip, and transmits the checked encrypted user biometric information to the card company server.

The biometric information management server is connected to the server through a predetermined network, receives predetermined encrypted user biometric information from the card company server, decrypts the received encrypted user biometric information, and decrypts the decrypted user biometric. Identifying the user unique identification information corresponding to the information, characterized in that for transmitting the identified user unique identification information to the card company server.

In addition, in the present invention, the biometric information registration server and the biometric information management server are separately shown in order to more effectively explain the registration and management of the biometric information, but the biometric information registration server and the biometric information management server are the same server, or It is specified that the same engine can be provided.

The card company server (or financial company server) is connected to the server through a predetermined network (e.g., a payment network, etc.), and when a payment approval request message is received from the server, a payment approval response corresponding to the received payment approval request is received. Provides the server with the server, and if the user's card is requested for unauthorized use, requesting the server to verify the user's card for which the user's card is used for unauthorized use, and encrypting the encrypted fingerprint information of the user from the server. Receiving and transmitting the received encrypted fingerprint information to a predetermined biometric information management server, and the user unique identification information (eg, name, social security number, insurance number, driving) corresponding to the fingerprint information from the biometric information management server. License number, financial transaction information, etc.), the received user identification information and the card company By comparing the character information, by the user-specific identification information, a check for compliance to the card user information, and wherein the performing identity authentication on the user card.

129 is a diagram illustrating a server function configuration according to an embodiment of the present invention.

In more detail, FIG. 129 is connected to the payment terminal shown in FIG. 109 through a predetermined network (eg, a VAN), and includes a predetermined payment approval request message from the payment terminal and a user immediately stored in the payment terminal. When the encrypted user biometric information is received, the sales slip corresponding to the encrypted user biometric information of the immediately preceding user and the encrypted user biometric information of the immediately preceding user are interworked and stored in a predetermined storage medium, and the card company When a server is requested to confirm fraudulent use of the card included in the sales slip, the encrypted user biometric information associated with the sales slip is checked and the encrypted user biometric information is transmitted to the card company server on the network. As a method for implementing a server (eg, a VAN company server, etc.), If one of ordinary skill in the art of the present invention refers to and / or modifying this drawing 129, in response to a request for confirming the unauthorized use of a card included in the sales slip, encrypted biometric information corresponding to the sales slip is sent to the card company server. Various server configurations for transmitting may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

In addition, although the server illustrated in FIG. 129 is shown as including at least one or more functional components, this is just one embodiment for more effectively explaining the present invention, and at least one or more servers provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 129, the server includes a receiving unit 12905, a reading unit 12910, a specialized processing unit 12315, an approval requesting unit 12920, a biometric information processing unit 12935, and a sales information processing unit 12925. It may be configured to include, it may be possible to add a predetermined function configuration within the scope of the present invention.

The receiving unit 12905 includes a payment approval request message including user card information (eg, credit card number, etc.) and payment information (eg, payment amount, merchant information, terminal information, etc.) from the payment terminal shown in FIG. And receiving the encrypted fingerprint information of the immediately preceding user previously stored in the payment terminal memory, transferring the received payment approval request message to the reading unit 12910, and further transmitting the encrypted fingerprint information of the immediately preceding user. The biometric information is transmitted to the processor 12935.

When the payment approval request message received through the reception unit 12905 is transmitted, the reading unit 12910 reads the payment approval request message and stores user card information (eg, a credit card) included in the payment approval request message. Number, etc.), and the card company information corresponding to the checked card information, the card company information and the payment approval request details are transmitted to the approval request unit 12920.

The approval request unit 12920, when the payment approval request details and the card company information are transmitted through the reading unit 12910, transmits the payment approval request details to the card company server to request the approval of the payment. Receive a payment approval response to the payment approval request from the card company server.

The information processing unit configures a sales slip including payment approval history of a user immediately stored in a predetermined storage medium, and when the encrypted user fingerprint information of the previous user is received through the receiving unit 12905, the received encrypted The fingerprint information and the sales slip corresponding thereto are linked to be stored in a predetermined storage medium through the information storage unit 12930.

The biometric information processing unit 12935 confirms encrypted fingerprint information associated with the sales slip in response to a request for confirming fraudulent use of a card included in the sales slip from the card company server, and checks the encrypted fingerprint information. Send to card company server.

The specialized processing unit 12315 receives a payment approval response received through the approval request unit 12920, configures a payment approval response message to be transmitted to the payment terminal, and converts the configured payment approval response message into the payment terminal. send.

The information storage unit 12930 stores information (or data) collected or generated in the process of performing the function by the at least one or more function components provided in the server.

130 is a diagram illustrating a functional configuration of a card company server 13000 according to an exemplary embodiment of the present invention.

More specifically, the drawing 130 is connected to the server shown in the drawing 129 by a predetermined network (for example, a payment network, etc.), and when the payment approval request details are received from the server, the payment corresponding to the payment approval request details When an authorization response is provided to the server, and a request for unauthorized use confirmation of the payment approved card is received from the user, the server requests the server for unauthorized use confirmation, and receives encrypted fingerprint information of the user. And transmitting the received encrypted user fingerprint information to the biometric information management server to receive card user unique identification information corresponding to the user fingerprint information from the biometric information server, and the user unique identification information corresponds to the card user. A card company that performs identity verification for the card user by checking that the information is met. (13000) As a method for implementing the configuration, those of ordinary skill in the art to which the present invention pertains can refer to and / or modify this drawing 130 and the user unique identification information and the card user information (transmitted from the server). Customer information) By comparing the user information stored in the DB (or storage medium), it is possible to infer the configuration of a variety of card company server (13000) for authenticating the card user in response to the request to confirm the unauthorized use of the card, but the present invention Includes all the implementation methods inferred and is not limited to the implementation method shown in FIG.

In addition, although the card company server 13000 illustrated in FIG. 130 is shown to include at least one or more functional components, this is just one embodiment for explaining the present invention more effectively. At least one or more functional components may be implemented as a server (or apparatus) or functional means for performing a corresponding function on the user authentication information processing system illustrated in FIG. 128.

Referring to FIG. 130, the card company server 13000 may include a receiver 13005, a reader 13010, a professional processor 13015, a user authenticator 13020, a limit checker 1230, and information storage. It may be configured to include a unit 1325, it may be possible to add a predetermined functional configuration within the scope of the present invention.

The receiving unit 13005 receives the payment approval request details of a predetermined card user from the server illustrated in FIG. 129, and transmits the received payment approval request details to the reading unit 13010.

The reading unit 13010 reads the payment approval request history received through the receiving unit 13005, checks user card information, and checks the checked card information and payment approval request details (for example, payment amount). Characterized in that the transfer to the limit checker (13030).

The limit checking unit 1130 checks the payment limit information corresponding to the card information when the user card information and payment approval request details (for example, payment amount, etc.) are transmitted through the reading unit 13010, It is determined whether payment of the payment amount included in the payment approval request details is possible, and the determination result is transmitted to the specialized processing unit 1305, and the determination result is transferred to the information storage unit 1525 to the card company DB (or storage). Media).

When the result of the determination that the payment is possible through the limit checking unit 1130, the specialized processor 13015 may configure a payment approval response detail including the received details and transmit the same to the server.

When the user authentication unit 1320 is required to confirm the illegal use of the user card, the user authentication unit 1320 receives the user encrypted fingerprint information according to the request for the unauthorized use of the card, and receives the received encrypted fingerprint information. When the user identification information corresponding to the fingerprint information is transmitted to the biometric information management server, and the biometric information management server is transmitted, the transmitted user unique identification information and the card user information are compared, and the corresponding transaction case is transmitted. Characterized in that the user authentication.

131 is a diagram illustrating a functional configuration of the biometric information management server 13100 according to an exemplary embodiment of the present invention.

In more detail, FIG. 131 is connected to the card company server 13000 illustrated in FIG. 130 through a predetermined network, receives predetermined user biometric information from the card company server 13000, and receives the encrypted information. The biometric information management server 13100 configures the decrypted user biometric information, verifies user unique identification information corresponding to the decrypted user biometric information, and transmits the identified user unique identification information to the card company server 13000. As a method for implementing the present invention, a person having ordinary knowledge in the art to which the present invention pertains can refer to and / or modify this figure 131 to decrypt the encrypted biometric information to identify the user unique identification information corresponding to the user biometric information. It will be possible to infer a variety of server configuration to confirm that, but the present invention includes all implementation methods inferred , It is not limited to the exemplary method shown in the figure 131.

In addition, although the server illustrated in FIG. 131 is illustrated as including at least one or more functional components, this is just one embodiment for explaining the present invention more effectively, and at least one or more provided in the server. It is noted that the function configuration unit may be implemented as a server (or apparatus) or a function means for performing a corresponding function on the user authentication information processing system shown in FIG.

Referring to FIG. 131, the biometric information management server 13100 may include an information receiver 13105, a decoder 13110, an information transmitter 13115, and an information checker 13120. It may be possible to add a predetermined function configuration within the scope of the present invention.

The information receiver 13105 receives predetermined encrypted biometric information from the card company server 13000 illustrated in FIG. 130, and transmits the received encrypted biometric information to the decryption unit 13110.

The decryption unit 13110 decrypts the encrypted biometric information when the encrypted biometric information received through the information receiving unit 13105 is transmitted. 13120).

An encrypted biometric information decryption process of the decryption unit 13110 will be described with reference to FIGS. 118 to 121.

When the encrypted biometric information is decrypted by the decryption unit 13110, the information confirming unit 13120 confirms (or extracts) unique user identification information corresponding to the decrypted biometric information from a predetermined storage medium. The identification (or extracted) unique user identification information is transmitted to the information transmitter 13115.

When the user identification information corresponding to the biometric information is confirmed (or extracted) and transmitted through the information confirmation unit 13120, the information transmission unit 13115 transmits the transmitted user unique identification information to the card company server ( 13000).

132 is a diagram illustrating a process of processing user authentication information according to an embodiment of the present invention.

In more detail, the process shown in FIG. 132 is performed on the user authentication information processing system shown in FIG. 129, and in a payment terminal equipped with a predetermined biometric information input means (eg, fingerprint recognition means, etc.). A server on a network (for example, a VAN server) that stores encrypted payment information of a user immediately before the payment approval request message including user card information and payment information (for example, a payment amount) and previously stored in a payment terminal memory. Etc.), the encrypted fingerprint information of the immediately preceding user and the sales slip of the immediately preceding user are stored in a predetermined storage medium, and then the user card included in the sales slip from the card company server 13000 is illegal. When requesting the card user confirmation by use, etc., the server confirms the requested sales slip, and before the sales Confirming the encrypted user biometric information associated with the provided information, and providing the identified encrypted user biometric information to the card company server 13000, the card company server 13000 manages predetermined biometric information on the encrypted user biometric information. Transmitting to the server 13100, decrypting the encrypted biometric information at the biometric information management server 13100, confirming user unique identification information corresponding to the biometric information, and checking the identified user unique identification information at the card company. As a method of performing the card user's own authentication through the transmitted user unique identification information in the card company server 13000 by transmitting to the server 13000, the general knowledge in the technical field to which the present invention belongs If you have, it will be able to infer a variety of user authentication information processing process by referring to and / or modified in this drawing 132, Invention includes all embodiments in which the inference method, not limited to the exemplary method shown in the figure 132.

According to the user authentication information processing shown in FIG. 132, the payment terminal shown in FIG. 109 reads card information from the user card and checks the payment information input through a predetermined key input means (13200). The payment terminal generates a payment approval request text including card information and payment information, extracts the encrypted fingerprint information of the user immediately stored in the payment terminal memory (13202), and generates the payment approval request text. The extracted immediately before user encrypted fingerprint information is transmitted to a server on a network (13204),

Then, the server transfers the payment approval request details included in the received payment approval request message to the card company server 13000 to make an approval request (13206), and the payment corresponding to the approval request from the card company server 13000. When the acknowledgment is received, the full text of the payment approval response is transmitted to the payment terminal (13208).

In addition, the server associates the encrypted fingerprint information of the immediately preceding user and the sales slip corresponding thereto and stores the linked fingerprint in a predetermined storage medium (13210). Thereafter, when the server is requested to confirm the illegal use of the card included in the sales slip from the card company server 13000 (13212), the server receives encrypted user fingerprint information corresponding to the sales slip requested to confirm the unauthorized use. In operation 1314, the encrypted user fingerprint information is transmitted to the card company server 13000 (13216).

When the card company server 13000 receives encrypted user fingerprint information from the server, the card company server 13000 transmits the received encrypted user fingerprint information to a predetermined biometric information management server 13100 (13218), and the biometric information management server ( 13100 decrypts the received encrypted fingerprint information through a decryption process as illustrated in FIGS. 118 to 121 corresponding to an encryption method of the payment terminal (13220).

When the encrypted fingerprint information is decrypted, the biometric information management server 13100 identifies a user unique ID corresponding to the decrypted fingerprint information from a storage medium (eg, a storage medium provided in the biometric information management server 13100). Check the code (13222).

If the user unique identification code corresponding to the decrypted fingerprint information is confirmed (13224), the biometric information management server 13100 transmits the identified unique identification code to the card company server 13000 (13226), On the other hand, if the user identification code corresponding to the decrypted fingerprint information is not confirmed, the biometric information management server 13100 may notify the server that there is no corresponding identification code (13228).

When the user identification information is received, the card company server 13000 checks user information corresponding to the card information, and compares the identified user information with the user identification information to perform user authentication (13230). In addition, the user authentication corresponding to the sales slip requested to confirm the fraudulent use becomes possible.

FIG. 133 is a diagram showing the configuration of an information processing system for locking a user's payment means for which illegal use is confirmed or notifying the user's wired / wireless terminal of the illegal use according to an embodiment of the present invention.

In more detail, in FIG. 133, when the user's payment means (for example, a card or the like) is confirmed to be illegal on the user authentication information processing system described above, the user's payment means is set to a prohibited state, or The information processing system is configured to transmit the fraudulent usage details to the user wired / wireless terminal. Those skilled in the art to which the present invention pertains may refer to and / or modify this drawing 133 to pay the user. Various implementation methods may be inferred for setting a user prohibition of use of a user's payment means according to an illegal use of means or a system configuration for notifying the user of the illegal use history, but the present invention includes all the inferred implementation methods. However, the present invention is not limited to the implementation method shown in FIG.

Hereinafter, at least one or more means required for setting a user prohibition of use of a user's payment means or notifying the user's wired / wireless terminal of the user's wired / wireless terminal on the information processing system shown in FIG. 133. The component corresponding to the functional configuration is called &quot; information processing server 13300 &quot; for convenience.

According to an embodiment of the present invention, the information processing server 13300 is provided in the above-described user authentication information processing system, or in a predetermined information processing system interoperating with the user authentication information processing system, or the user authentication. And a financial system of a financial institution that interworks with the information processing system.

Referring to FIG. 133 in accordance with an embodiment of the present invention, the information processing system, in conjunction with the above-described user authentication information processing system, performs the user's payment means (for example, a card) through the user authentication information processing system. When the fraudulent use is confirmed, information linked to a financial system that manages and operates the user payment means to set the payment means of the user to a prohibition state or to transmit the fraudulent use history to the user wired or wireless terminal. And a user wired / wireless terminal for receiving the illegal usage history from the processing server 13300 and the information processing server 13300.

Referring to FIG. 133, the information processing server 13300 interoperates with the above-described user authentication information processing system and determines whether the user's payment means (eg, a card, etc.) is illegally used through the user authentication information processing system. A predetermined financial institution (financial) that manages the payment means when the illegal use of the payment means (for example, a card, etc.) of the user is confirmed through the information confirming unit 1320 and the information confirming unit 1320 that confirms And the information processing unit 1325 for setting the payment means of the user to the prohibition state, and transmitting the illegal use history or the prohibition state setting details of the user payment means to the user wired / wireless terminal. It characterized in that it comprises an information transmitting unit 1315.

The information confirming unit 1320 may be linked with the user authentication information processing system to check whether the user's payment means (eg, a card, etc.) is illegally used through the user authentication information processing system. For example, the information checking unit 1320 may be provided with a fraudulent use history of the payment means (for example, the card) of the user from the card company server on the user authentication information processing system, the payment means of the user ( For example, the misuse history of the card or the like is transmitted to the information processor 1325 and the information transmitter 1315.

Here, the illegal use history of the payment means (for example, a card, etc.) is characterized in that it comprises at least one or more payment means information, payment means use merchant information, payment means use date information, fraudulent use amount information.

The information processing unit 1325, when the illegal use history of the payment means (for example, a card, etc.) is confirmed through the information verification unit 1320, interworkes with a predetermined financial institution (financial system) that manages the payment means. To set the user's payment means to the prohibition state.

The information transmission unit 1315 is a state of prohibition of use of the user's payment means for which the illegal usage history is confirmed through the information verification unit 1320 or the illegal usage history set through the information processing unit 1325 is confirmed. Characterized in that the setting details are transmitted to the user wired or wireless terminal (eg, e-mail, text message, etc.).

According to an embodiment of the present invention, the information processing server 13300 may be connected to the information receiving terminal through the network means to provide an interface corresponding to a user terminal and a network means connected to the information processing server 13300. And an interface unit 13305 for connecting and managing a predetermined communication channel, whereby the information processing server 13300 is communicatively connected to the user terminal through a wired network and / or a wireless network. .

According to an embodiment of the present invention, when the user terminal is a wired terminal to which a communication channel is connected through a TCP / IP based wired network, the interface unit 13305 may be connected to the information receiving terminal and HTTP (Hyper-Text Transfer Protocol). Connect a predetermined communication channel based on a protocol, transmit and output an interface screen and / or information providing screen in the form of a Hyper-Text Markup Language (HTML) compatible document to the information receiving terminal through the communication channel, Through the interface screen, the user terminal may perform a function of providing a history of illegal use of the user payment means or a use prohibition state setting detail of the user payment means.

According to another exemplary embodiment of the present invention, when the user terminal is a wireless terminal to which a communication channel is connected through a CDMA-based wireless network, the interface unit 13305 is connected to the enterprise terminal and a WAP (Wireless Application Protocol) and / or Connect a predetermined communication channel based on the ME (Mobile Explorer) protocol, and transmit an interface screen and / or an information providing screen in the form of a WML (Wireless Markup Language) and / or HTML compatible document to the enterprise terminal through the communication channel. It is preferable to perform a function of outputting the information, and providing the user terminal with the illegal use history of the user payment means or the setting of the prohibition state of use of the user payment means through the interface screen.

According to another exemplary embodiment of the present invention, when the user terminal is a wireless terminal to which a communication channel is connected through an IEEE 802.16x based wireless network, the interface unit 13305 is configured to provide the information receiving terminal and the IEEE 802.16x standard. Connect a predetermined communication channel based on a wireless protocol corresponding to the present invention, and transmit and output a predetermined interface screen and / or information providing screen to the user terminal through the communication channel, and to the user terminal through the interface screen. It is preferable to perform a function of providing a history of illegal use of the user payment means, or the setting of the prohibition state of use of the user payment means, and / or the user terminal communicates through a wireless network based on IEEE 802.11x If the channel is a wireless terminal connected, the interface unit 13305 is different from the user terminal. Connect a predetermined communication channel based on a wireless protocol corresponding to the IEEE 802.11x standard, and transmit and output a predetermined interface screen and / or information providing screen to the user terminal through the communication channel, and output the interface screen. It is preferable to perform a function of providing the user terminal through the illegal use history of the user payment means, or the setting of the prohibition state of use of the user payment means.

According to the present invention, when the predetermined user terminal is connected to the information processing server 13300 through the interface unit 13305, the information processing server 13300 is linked to the interface unit 13305 in the user terminal. And an interface providing unit 1310 which generates (or extracts) and provides a predetermined interface screen for checking the illegal use history of the user payment means or the use prohibition state setting history of the user payment means. can do.

The interface providing unit 13310 has a functional configuration (eg, a browser provided in the information receiving terminal) provided in the user terminal when a predetermined user terminal is connected to the information processing server 13300 through the interface unit 13305. Program) to generate a predetermined interface screen that allows the user terminal to check the illegal use history of the user payment means or the use prohibited state setting history of the user payment means, and / or a predetermined database. It extracts from (not shown) and provides the interface screen generated (or extracted) to the user terminal through the network means in association with the interface unit 13305.

According to an embodiment of the present invention, a predetermined user terminal connected to the information processing server 13300 may check the illegal use history of the user payment means or the use prohibition state setting history of the user payment means. The information processing server 13300 through a wired network (eg, Asymmetric Digital Subscriber Line (ADSL) / Very High-data Rate Digital Subscriber Line (VDSL) and / or a cable communication network based on Transmission Control Protocol / Internet Protocol (IP)). And at least one wired terminal including a desktop computer and / or a laptop connected to the communication device. According to the intention of a person skilled in the art, the user terminal is a CDMA (Code Division Multiple Access) based mobile communication network (or A mobile communication terminal connected to a High Speed Downlink Packet Access (HSDPA) based mobile communication network, and / or IEEE 802.16x based ultra high speed It is possible to include at least one wireless terminal including at least one portable Internet terminal connected to the wireless Internet, and / or a wireless LAN terminal connected to an IEEE 802.11x-based wireless LAN communication network.

According to an embodiment of the present invention, the user terminal connects to the information processing server 13300 through a predetermined network means (eg, a wired network and / or a wireless network) and provides at least the information processing server 13300 provided by the information processing server 13300. A function configuration (for example, a browser program and a communication function) for outputting one or more interface screens and receiving an illegal usage history of the user payment means or a banned state setting history of the user payment means through the interface screen is provided. It is preferable that it is provided.

Those skilled in the art to which the present invention pertains can easily infer the characteristics of the information receiving terminal corresponding to at least one or more wired terminals and / or wireless terminals, and thus a detailed description thereof is omitted for convenience. do.

134 is a diagram illustrating an information processing process according to one embodiment of the present invention.

In more detail, in the above-described user authentication information processing system, this figure 134 sets the user's payment means to a prohibition state when illegal use of the user's payment means (eg, a card, etc.) is confirmed, or An information processing process for transmitting the fraudulent usage details to the user wired / wireless terminal. If a person of ordinary skill in the art belongs to the present invention, the payment means of the user will be described with reference to FIG. Various implementation methods may be inferred for the process of setting a user prohibition of use of a user's payment means due to fraudulent use or of notifying the user of the fraudulent usage history to the user's wired / wireless terminal. It is not limited only to the implementation method shown in FIG.

Referring to FIG. 134, when the information processing server 13300 checks the user payment means fraudulent usage history (13400), the information processing server 13300 interoperates with a financial institution managing the payment means, and transmits to the payment means. To set the prohibition state for use (13405).

In addition, the information processing server 13300 checks the user communication means information (13410), and transmits the notification of the illegal use of the payment means or the setting of the prohibition of use of the payment means to the confirmed user communication means (not shown) (1310). 13415).

Through the processing of the user authentication information according to the present invention, the card user can be free from worry about loss of the card, unauthorized use, exposure to fingerprint information, etc., the payment agency has the advantage that can be more clearly card user authentication.

In addition, the payment agency or financial institution has the advantage that through the user authentication information including the card user fingerprint information, it can effectively cope with problems that may occur in the future, such as customers or merchants.

Claims (5)

Encrypted user authentication information receiving means for receiving the full payment approval request corresponding to the payment processing using the user payment means and the user's encrypted authentication information such as user biometric information; User information checking means for confirming user information corresponding to the encrypted user authentication information in association with a user authentication information management server on a communication network; The approval information receiving means for receiving the payment result after the payment approval corresponding to the payment approval request and the user approval corresponding to the user information are processed by the financial company (or card company) server corresponding to the user payment means. ; And And information storage means for linking and processing the sales slip information corresponding to the approval result and the encrypted user authentication information in a predetermined storage medium. Encrypted user authentication information receiving means for receiving the encrypted authentication information of the user, such as user biometric information, in a payment processing process using a user payment means or a payment processing using a user payment means; Information storage means for linking and processing the sales slip information corresponding to the payment processing approval result and the encrypted user authentication information in a predetermined storage medium; When it is necessary to confirm the illegal use of the payment means included in the sales slip, or when the user who generated the sales slip requires confirmation, the sales slip information in connection with the storage medium (or storage medium operating means) Encrypted user authentication information extracting means for extracting encrypted user authentication information stored in association with processing; And And user information checking means for confirming user information corresponding to the extracted encrypted user authentication information in association with a user authentication information management server on a communication network. The method of claim 2, If it is determined that the payment means included in the sales slip is illegally determined according to the user information checking result of the user information checking means, check the user payment means information included in the sales slip and prohibit use of the checked user payment means. To set the state, or And information processing means for notifying the payment means misuse information to the communication means of the payment means owner included in the sales slip. According to claim 2, After the payment process using the user payment means, And receiving the full payment approval request of the next user after the payment processing of the user. Receiving encrypted authentication information, such as user biometric information, of the user in a payment processing process using a user payment means or a payment processing using a user payment means at a server; And And storing the sales slip information corresponding to the payment processing approval result and the encrypted user authentication information in a predetermined storage medium in the server and storing the encrypted sales authentication information in a predetermined storage medium.

Images