KR20140137223A - System and Method for Payment using Encrypted Card Information - Google Patents

System and Method for Payment using Encrypted Card Information Download PDF

Info

Publication number
KR20140137223A
KR20140137223A KR1020130057881A KR20130057881A KR20140137223A KR 20140137223 A KR20140137223 A KR 20140137223A KR 1020130057881 A KR1020130057881 A KR 1020130057881A KR 20130057881 A KR20130057881 A KR 20130057881A KR 20140137223 A KR20140137223 A KR 20140137223A
Authority
KR
South Korea
Prior art keywords
key
card information
pos terminal
server
module
Prior art date
Application number
KR1020130057881A
Other languages
Korean (ko)
Inventor
박용현
Original Assignee
한국정보통신주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국정보통신주식회사 filed Critical 한국정보통신주식회사
Priority to KR1020130057881A priority Critical patent/KR20140137223A/en
Publication of KR20140137223A publication Critical patent/KR20140137223A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

A system for encrypting card information according to the present invention reads card information, encrypts the read card information using a public key provided from a key distribution server to generate encrypted card information, To a POS terminal; And a POS terminal for transmitting the public key provided from the key distribution server to the card reader module and transmitting the encrypted card information to the VAN server.

Figure P1020130057881

Description

[0001] System and Method for Encrypting and Payment of Card Information [0002]

The present invention relates to a point-of-sale (POS) system and a card information encryption and payment method using the POS system. More specifically, the present invention relates to a POS system for encrypting card information and providing the card information to a Value Added Network Server (VAN Server) The present invention relates to an encryption settlement method.

As card settlement becomes generalized, it is practically difficult to provide each terminal connected to each credit card in the position of a card merchant, so the settlement proxy server is used. The VAN server performs various roles, but typically receives the payment request from the merchant, transmits the request to the credit card company, receives the result of approval / inquiry, and transmits the result to the merchant.

Figure 1 shows a typical payment system. 1, a general payment system includes a point of sale (POS) terminal 100, a card reader module (also referred to as a MSR (magnetic stripe reader) 110), a VAN server 300, (Not shown). In general, the card reader module 110 and the POS terminal 100 are often combined and are generally referred to as a POS terminal or a POS. However, in the present invention, the form in which the card reader module 110 and the POS terminal 100 are combined is referred to as a POS system for the sake of clarity. Although not specifically discussed in the present invention, the card reader module 110 may exist separately from the POS terminal 100 and may be connected to a PC, a mobile computing device such as a smart phone, a personal digital assistant (PDA) Or a tablet or the like.

Referring again to FIG. 1, the POS terminal 100 includes a POS module 140 and a communication module 150. The POS module 140 functions to generate an approval request message using the card information received from the card reader module 110. When the payment action occurs at the merchant's office, the card information read by the card reader module 110 and the payment information stored in the POS module are input through the input interface (not shown) of the POS terminal 100, The POS module 140 performs a function of receiving the information on the amount, the payment details, and the signature information of the payer to generate a payment approval special. The payment approval information thus generated is transmitted to the communication module 150. The communication module 150 sends an approval request to the VAN server 300 connected to the POS terminal 100 or instructed by the approval specialist. The VAN server 300 then processes the authorization request by relaying the card issuer and transmits a response to the approval to the communication module 150 of the POS terminal 100 again. The communication module 150 transfers the received approval response to the POS module 140, and the POS module 140 ends the settlement process by outputting a receipt or the like.

However, as described above, the card reader module 110 may be separated from the POS terminal 100 and used independently. This means that the card reader module 110 must be connected to the POS terminal 100 or another connection target terminal through a predetermined connection interface. Data (particularly card information) received from the card reader module 110 to the POS terminal 100 is used by the POS module 140 to generate an approval request telegram. POS module 140 may be implemented using software or software to generate an authorization request telegram, and POS terminal 100 is typically operated using an operating system such as Microsoft Windows®. In view of the above, in the general payment system, the POS terminal 100 includes a risk of hacking at the interface level (hardware level) with the card reader module 110 and at the software level inside the POS terminal 100 . Therefore, a security function for safely protecting the card information of the customer from such a hacking threat is required.

It is an object of the present invention to provide a method for securely encrypting card information from both hardware and software levels and using the information for payment.

At the same time, it avoids the use of security solutions through security vendors and provides a security system that can be controlled by VAN servers, which causes problems in authorization transactions due to software-software, software-hardware or software- The other purpose is to build a system that can solve problems on its own without going through a security company.

Another object of the present invention is to provide a method for supporting a plurality of VAN servers in one POS terminal and simultaneously managing autonomous / independent encryption keys by each VAN company.

A system for encrypting card information according to the present invention reads card information, encrypts the read card information using a public key provided from a key distribution server to generate encrypted card information, To a POS terminal; And a POS terminal for transmitting the public key provided from the key distribution server to the card reader module and transmitting the encrypted card information to the VAN server.

In addition, the card reader module may process the at least a portion of the read card information to generate scratched card information, and transmit the scratched card information to the POS terminal.

Also, the POS terminal may generate an approval request telegram based on the received scratch card information, and may transmit the approval request telegram to the VAN server.

The system may further include a VAN server having a private key corresponding to the public key and decrypting the received encrypted card information with the private key.

The VAN server may generate a public key and a corresponding private key to transmit the public key to the key distribution server.

The system may further include a key distribution server for receiving each public key from at least one VAN server and transmitting the public key to the POS terminal.

The key distribution server may encrypt the public key with an encryption key matched with the unique information of the card reader module and transmit the encryption key to the POS terminal.

The card reader module may be provided with at least one public keys corresponding to each of the at least one VAN servers from the key distribution server, encrypting the read card information with the at least one public keys, And generate encrypted card information.

A card information encryption settlement method according to the present invention comprises: reading a card information from a card reader module; The card reader module encrypts the read card information using a public key provided from a key distribution server to generate encrypted card information; The card reader module transmitting the encrypted card information to the POS terminal; And the POS terminal transmitting the encrypted card information to the VAN server.

Also, the public key provided from the key distribution server may be transmitted to the card reader module by the POS terminal.

In addition, the VAN server may have a private key corresponding to the public key, and the method may further include the step of the VAN server decrypting the received encrypted card information with the private key.

The method may further include the step of the key distribution server receiving each public key from at least one VAN server and transmitting the public key to the POS terminal.

According to the present invention, the card information read by the card reader module is securely encrypted and provided to the POS terminal, thereby improving the security of the card payment system.

Further, by using a software module serving as a simple gateway, there is an effect of significantly lowering the possibility of occurrence of a failure in the settlement system due to a conflict with the environment of the POS terminal, that is, the version of the operating system, installed modules, drivers, software,

Further, since the key management entity becomes each VAN provider, it is possible to independently manage the encryption without depending on the security company, and it is possible to instantly cope with the failure situation, thereby minimizing the failure time or the damage scale.

In addition, it is possible to apply the solution without modifying the existing POS module installed in the POS terminal, and furthermore, realize a multi-VAN function that enables a plurality of VAN servers to be securely encrypted in one POS terminal.

Figure 1 shows a typical payment system.
Figure 2 shows a software-based encrypted payment system.
Figure 3 shows an encrypted payment system in a combination of hardware and software.
Fig. 4 conceptually shows the structure of the card reader module shown in Fig.
5 shows a method of encrypting and providing a public key to a card reader module.
6 specifically shows a method of providing an encryption key in the key distribution server.
FIG. 7 specifically shows a method of providing a public key in the key distribution server.

Figure 2 shows a software-based encrypted payment system. The software billing system shown in FIG. 2 includes a security module 120 and a security server 400 for managing and maintaining the same. Hereinafter, a software billing system will be described in detail with reference to FIG.

Card information read from the card reader module 110 is transmitted to the security module 120 of the POS terminal 100 through a PS2 or a serial connection. At this time, the card information is transmitted in a non-encrypted state. The security module 120 may be software installed at a low level of a driver level. As will be described below, software installed at the driver level is relatively low risk of hacking and has primary access to the transmitted / received data, compared to software installed at the level of the general application level. However, the probability of conflict with other software or operating system is relatively high. For example, conflicts with security software installed at a low level, such as Internet banking, can easily occur. The security module 120 encrypts the card information with the encryption key provided in advance from the security server 400 to generate encrypted data. The encrypt logic used for this encryption is private and is managed only by the security server 400 or the security company providing the security server 400. In addition, the security module 120 generates scratched track data in which some or all of the card information is privately processed with special characters or the like. For example, some of the card numbers may be privately processed, such as " 5409-XXXX-XXXX-1234 ". In addition, all or part of the CVC code or pin number can also be closed.

The security module 120 sends the scratched data to the POS module 140 and the encrypted data to the registry 130. The POS module 140 recognizes the scratch data as card information and generates approval request information in combination with payment information (payment amount, payment item, settlement time, merchant information, etc.), and transmits the approval request information to the communication module 150. This authorization request information may be in the form of an authorization request.

The communication module 150 transmits the approval request information transferred from the POS module 140 and the encrypted data transferred from the registry 130 to the VAN server 300. At this time, the communication module 150 may combine the approval request information and the encrypted data to generate an approval request message and transmit the approval request message to the VAN server 300.

The VAN server 300 decrypts the encrypted data included in the approval request received from the POS terminal 100 using the decryption module provided from the security server 400 to acquire the complete card information, And transmits an approval response to the communication module 150 of the POS terminal 100 after processing the approval or disapproval based on the received payment information and the acquired card information. The approval response is transmitted to the POS module 140, and the final settlement result is output in the form of a receipt or the like using an output unit (not shown).

The software-based payment system has the following advantages. The security module 120 provided by the security vendor is installed at a low level of the system and assures a high level of security, making hacking difficult. Even if the connection between the security module 120 and the registry 130 is hacked to obtain encrypted data, since the encryption logic is a private method generated by the security company, the encryption module does not use the decryption module provided by the security company It is difficult to decode. This is true even if data exchanged between the registries 130 and the communication module 150 or between the communication module 150 and the VAN server 300 is taken.

However, such a software-based payment system has some disadvantages. In particular, even if the security module 120 operates at the driver level, the risk of hacking the connection section between the card reader module 110 and the POS terminal 100 can not be completely solved.

Another problem is that the security server 400 or the security vendor providing the security server 400 manages all the decryption modules provided to the security module 120 and the VAN server 300. [ Since the security module 120 operates at a low level, there is a high likelihood of constantly causing conflicts with continuously updated operating systems and other low-level software or drivers. Since many POS terminals 100 use a wide variety of operating systems and various kinds of drivers / software, it is practically impossible to immediately cope with various problems that a security company may encounter. Accordingly, when the payment failure situation occurs, the time required until the settlement is normally resumed is relatively long. Even if the security module 120 fails to perform its function and the hacking of the card information starts, The termination of the recognition and hacking situation is delayed, and the damage such as leakage of personal information becomes large. Furthermore, because the encryption logic is private, reliance on the decryption module provided by the security vendor is so high that the payment stability is heavily dependent on the persistence of security vendors.

Figure 3 shows an encrypted payment system in a combination of hardware and software. 3 includes a POS terminal 100 including a plurality of VAN servers 310 and the like, a key distribution server 200, a card reader module 110 having an encryption function, and a gateway module 160 ). Note that the same reference numerals are used for corresponding configurations in this specification. For example, although the POS terminal of FIG. 2 includes a security module 120 and the POS terminal of FIG. 3 includes a gateway module 160 instead of the security module 120, POS terminals are denoted by the same reference numeral 100 as 'POS terminal 100'.

Referring to FIG. 3, the gateway module 160 serves as a kind of gateway for distributing data. Since the gateway module 160 performs only a relatively simple function, it does not need to be installed at a low level as in the security module 120 of FIG. The gateway module 160 is installed at a general application level, and thus the probability of causing a collision with an operating system, a driver, and other security modules installed in the POS terminal 100 is significantly lowered.

The removal of the security module 120 and further the security server 400 can be performed by performing the encryption of the card information in the card reader module 110 step instead of performing the POS terminal 100 step. Instead, the card reader module 110 is required to have a configuration for performing encryption.

Fig. 4 conceptually shows the structure of the card reader module shown in Fig.

4, the card reader module 110 includes an MSR head 111, a CPU 112, a memory 113, a decoder 114, and a connection interface 115. 4, a USB to RS232 (a method of connecting to the POS terminal 100 through a USB port and a card reader module 110 through an RS232 port) is illustrated as the connection interface 115, but various connection interfaces can be used The present invention is not limited to the illustrated example. For example, a serial interface that supports data cables that can be connected to a smartphone may be used.

One example of the specifications of the components of the card reader module 110 for performing the encryption is that it may require a memory 113 that includes a 32 bit CPU 112, a 32 kb RAM, and a 128 kb flash memory But are not limited thereto.

Referring again to FIG. 3, the card reader module 110 encrypts the card information read by the MSR head 111 using a public key. More specifically, the card information read by the MSR head 111 is interpreted by the decoder 114 and the CPU 112 encrypts the card information using the public key stored in the memory 113, To the gateway module 160 again. At this time, the card reader module 110 may process at least a part of the read card information to generate the scratch card information together, and transmit it to the gateway module 160.

The public key is provided by the key distribution server 200. The public key is transmitted to the gateway module 160 of the POS terminal 100 and then transmitted to the card reader module 110 to encrypt the card information using the public key. This public key is used in an asymmetric encryption / decryption method, and a private key (a key capable of decrypting data encrypted with a public key) corresponding to the public key is held in the VAN server. More specifically, each of the VAN servers 310, 320, 330 has a public key 311, 321, 331 and a private key 312, 322, 332, respectively. 321, and 331 from the plurality of encryption / decryption keys to the key distribution server 200, and the private keys 312, 322, and 332 are stored in the respective VAN servers so as not to be leaked. That is, even if data encrypted by the public key 321 of the VAN server # 2 320 is transmitted to the VAN server # 1 310, the private key 312 held by the VAN server # Encrypted data can not be decrypted. Only the private key 322 of the VAN server # 2 320 can decrypt the encrypted data. In other words, unless the private keys 312, 322, and 332 held by the respective VAN servers 310, 320, and 330 are leaked, the encrypted data is not decrypted, and therefore hacking damage does not occur.

Hereinafter, a method of implementing a multi-VAN in the payment system of FIG. 3 will be described. The key distribution server 200 holds a plurality of public keys each received from a plurality of VAN servers. The key distribution server 200 provides at least one of the held public keys to the gateway module 160 and the gateway module 160 transmits the provided public key to the card reader module 110 again. The card reader module 110 generates encrypted data using the at least one public key, and transmits the card information read from the MSR head 111 to the gateway module. In other words, the card reader module 110 generates encrypted data corresponding to the number of public keys received from the gateway module 160, and provides the data to the gateway module 160 again. At this time, the card reader module 110 may generate the scratch data together and transmit the scratch data to the gateway module 160.

The gateway module 160 passes the encrypted data (s) to the registry 130 and the registry 130 again communicates the encrypted data (s) to the communication module 150. The POS module 140 recognizes the scratch data as card information and generates approval request information in combination with payment information (payment amount, payment item, settlement time, merchant information, etc.), and transmits the approval request information to the communication module 150. This authorization request information may be in the form of an authorization request. At this time, the approval request information may include VAN server information (for example, VAN code) to be used for settlement. The communication module 150 transmits the approval request information and the encrypted data transferred from the registry 130 to the VAN server corresponding to the VAN server information. At this time, the communication module 150 may generate an approval request message by combining the approval request information and the encrypted data.

This method is particularly useful in that the POS terminal 100 of an affiliate shop can communicate with a plurality of VAN servers. For example, in the case of a food court such as a mart or a department store, a different VAN company may be used for each merchant that has entered the food court. If the customer orders a menu at the merchant A and orders b menu at the merchant B Lt; / RTI > In this case, since the POS terminal 100 receives a plurality of pieces of data encrypted by the public key of the plurality of VAN servers from the card reader module 110, the payment amount of the a menu is encrypted with the public key of the VAN company used by the A- The user can request the approval using the data encrypted with the public key of the VAN company used by the B merchant for the payment amount of the menu b. Accordingly, even if a customer orders different menus from different merchants using different VAN companies, the POS terminal 100 can request approval from a plurality of VAN companies and process payment.

The payment system shown in FIG. 3 may also function in other ways. It is assumed that the first public key 311 provided from the key distribution server 200 is stored in the card reader module 110. The POS terminal 100 connected to the card reader module 110 transmits an approval request to the first VAN server 310. (The data encrypted by the first public key 311 can be decrypted only by the first VAN server 310 having the first private key 312.) Now, the payment agency server used by the POS terminal 100 The POS module 140 sends a response to the second VAN server 320 to the key distribution server 200 using the communication module 150 or the gateway module 160 To request a public key. When the second public key is provided from the key distribution server 200 to the card reader module 110, the processor 112 deletes the first public key 311 stored in the memory 113, / RTI > Now, by using the second public key to encrypt the card information, the POS terminal 100 can use the second VAN server 320 as a payment proxy server.

The above-described payment system described with reference to FIG. 3 has the following advantages. First, since the card information is encrypted in the card reader module 110, the security is enhanced as compared with a configuration in which unencrypted information is received and encrypted at the POS terminal 100. [ In addition, since the gateway module 160 performs only a simple function of distributing data, the possibility of settlement failure due to a collision with another program / operating system or the like is remarkably reduced. In particular, the asymmetric encryption logic of the public key / private key method is an open method, and the VAN provider can maintain the independence of the key management without the intervention of the security company as the key management subject.

Hereinafter, a method of encrypting and providing a public key in the key distribution server 200 will be described with reference to FIGS.

5 shows a method of encrypting and providing a public key to a card reader module. Although not shown in some of the constituent elements described with reference to Figs. 1 to 4 for convenience of explanation, it is understood that the constituent elements still implement the aforementioned functions properly on the settlement system.

Referring to the POS system, the card reader module 110 includes unique information of the module itself. This unique information is assigned at the time of creation of the module, and may be a serial number of the card reader module 110, for example. The card reader module 110 may also include an authentication key (e.g., a VAN Authorization Key (VAK) 117). The use of the authentication key 117 will be described later.

Now, the card reader module 110 provides the unique information to the gateway module 160. The gateway module 160 transmits the unique information to the key distribution server 200 and the gateway server 210 of the key distribution server 200 provides the unique information to the key management server 220, (E.g., a terminal PIN key (TPK)). (2) The gateway server 210 provides the encryption key to the gateway module 160 of the POS terminal 100 again. The gateway module 160 provides the encryption key to the card reader module 110.

When the VAN code indicating the VAN server to be used by the POS terminal 100 is input, the POS module 140 sends the VAN code to the register 130 to store the VAN code, 140 to the gateway module 160. The gateway module 160 transmits the VAN code list to the gateway module 160. [ As described above with reference to FIG. 3, the POS terminal 100 may use a plurality of VAN servers, and thus the VAN code list may include a value corresponding to a plurality of VAN servers.

The gateway module 160 again transmits the unique information of the card reader module 110 and the VAN code included in the VAN list to the key distribution server 200. [ The key distribution server 200 holds the public key received from the VAN servers, encrypts the public key corresponding to the VAN code with the encryption key, and (4) encrypts the public key (the [public key] encryption key ) To the gateway module 160 again. The encrypted public key is provided to the card reader module 110 again and the CPU 112 of the card reader module 110 decrypts the encrypted public key using the encryption key stored in the memory 113 to generate a public key . An asymmetric encryption algorithm is used to encrypt card information with a public key, but an encryption algorithm that is used when encrypting a public key with an encryption key is a symmetric algorithm, that is, a cryptographic algorithm in which the same encryption key is used for encryption (encoding) and decryption .

According to the method described with reference to FIG. 5, since both the symmetric encryption algorithm and the asymmetric encryption algorithm are used, it is practically impossible to attempt hacking from the outside without understanding the entire encryption process. That is, even if the hacking program provides the self-generated public key by the card reader module 110, the card reader module 110 attempts to decrypt it with the encryption key and determines that the public key is not a proper format for decrypting with the encryption key And delete it. Further, even if the hacking program acquires all of the unique information of the card reader module 110, the encryption key, the public key encrypted with the encryption key, and the VAN code list, if the entire encryption process is not understood, The public key generated by the encrypted hacking program) can not be provided to the card reader module 110. According to this method, therefore, it is possible to prevent the hacking program from penetrating other public keys other than the public key provided by the key distribution server 200 and taking out the card information.

6 specifically shows a method of providing an encryption key in the key distribution server. The key distribution server 200 includes a gateway server 210 and a key management server 220. The key management server 220 includes an access point system 221, a hardware security module 221, (HSM) 222, an MSR database 223, and a software module 224. Here, the software module 224 may be software for registering a serial number (i.e., unique information) of the card reader module 110 such as 'Easy Office'. Of course, the key distribution server 200 may be implemented as a plurality of modules including a communication module and a key management module in one server. The functions of the gateway server 210 and the key management server 220 described below may be implemented so as to correspond to the communication module and the key management module, respectively.

The gateway server 210, which has received the request for the encryption key from the POS terminal 100, transmits the request to the AP system 221. This request may include unique information of the card reader module 110. [ The AP system 221 inputs an authentication key value corresponding to the unique information to the hardware security module 222, thereby performing an authentication key generation request. At this time, the authentication key is a unique value stored in a one-to-one correspondence with the card reader module 110 and the key management server 220. The hardware security module 222 may include a domain master key (KM), which may be encrypted by a master key. The hardware security module 222 generates an encryption key encrypted with the authentication key and an encryption key encrypted with the master key in response to the encryption key generation request, and provides the generated encryption key to the AP system 221. More specifically, the hardware security module 222 holds the master key KM and can decrypt the authentication key (e.g., [VAK] KM ) encrypted with the master key by the symmetric key cryptography . Now, the hardware security module 222 holds the master key KM and the authentication key (VAK) information, generates an encryption key (for example, TPK) necessary for encrypting the public key, ([TPK] VAK , [TPK] KM ) generated by encrypting each of the master key and the authentication key to the AP system 221. The AP system 221 stores the encryption key encrypted with the master key in the MSR database 223 and provides the encryption key encrypted with the authentication key to the POS terminal 100 through the gateway server 210. [

The advantages of the method described with reference to FIG. 6 are as follows. Finally, the encryption key used to encrypt the public key is encrypted and transmitted with the authentication key. The authentication key is managed only on the AP system 221 of the card reader module 110 and the key management server 220 and is managed only by the key distribution server 200 and the POS terminal 100, The module 110 does not transmit or receive on the network. Even if the hacking program infiltrates the key management server 220, the information that can be acquired from the internal communication network is only the authentication key encrypted with the master key, so that the authentication key can not be decrypted still. Therefore, even if the hacking program has information on the entire encryption process of the payment system described with reference to FIG. 5, the system can not be hacked because the authentication key value can not be obtained.

In the drawings used in this specification, it is described that the key distribution server 200 communicates with the card reader module 110 via the POS terminal 100. [ This is merely an explanation for the sake of understanding since the card reader module 110 may exist independently from the POS terminal 100. The card reader module 110 is not limited to the card reader module 110, And may be integrally coupled to the inside of the POS terminal 100. Furthermore, the card reader module 110 can directly communicate with the key distribution server 200 or the like without going through the POS terminal 100 if a separate module having a communication function is added.

FIG. 7 specifically shows a method of providing a public key in the key distribution server. FIG. 7 assumes that the encryption key is encrypted with the authentication key and transmitted to the POS terminal 100 by the method of FIG. Referring to FIG. 7, the gateway server 210 receiving the public key generation request from the POS terminal transmits the request to the AP system 221. This request may include unique information of the card reader module 110. [ In addition, as described above with reference to FIG. 5, the POS terminal 100 may also include VAN code information to be used. The AP system 221 obtains the encryption key ([encryption key] master key ) encrypted with the master key based on the unique information from the MSR database 223. [ The AP system 221 provides the encryption key encrypted with the master key and the public key provided from the VAN server corresponding to the received VAN code among the public keys provided from one or more VAN servers to the hardware security module 222 . The hardware security module 222 generates a public key ([public key] encryption key ) encrypted with the encryption key and provides it to the AP system 221 again. The key distribution server 200 provides the public key encrypted with the encryption key to the POS terminal 100 through the gateway server 210. [

Referring again to FIG. 5, the gateway module 160 of the POS terminal 100 transmits the encryption key encrypted with the authentication key and the public key encrypted with the encryption key to the card reader module 110. Since the card reader module 110 includes the authentication key 117, the card reader module 110 can decrypt the encryption key encrypted with the authentication key using the authentication key to obtain the encryption key 119. [ The encryption key 119 is used to decrypt the encrypted public key to acquire the public key of the VAN server, and the card information to be read using the public key can be encrypted and provided to the POS terminal 100. The procedure for the subsequent payment approval is the same as that described above and will be omitted.

It will be appreciated by those skilled in the art that the block diagrams disclosed herein are conceptual representations of the circuitry for implementing the principles of the invention. Likewise, any flow chart, flow diagram, state transitions, pseudo code, etc., may be substantially represented in a computer-readable medium to provide a variety of different ways in which a computer or processor, whether explicitly shown or not, It will be appreciated by those skilled in the art. Therefore, the above-described embodiments of the present invention can be realized in a general-purpose digital computer that can be created as a program that can be executed by a computer and operates the program using a computer-readable recording medium. The computer-readable recording medium includes a storage medium such as a magnetic storage medium (e.g., ROM, floppy disk, hard disk, etc.), optical reading medium (e.g., CD ROM,

The functions of the various elements shown in the figures may be provided through use of dedicated hardware as well as hardware capable of executing the software in association with the appropriate software. When provided by a processor, such functionality may be provided by a single dedicated processor, a single shared processor, or a plurality of individual processors, some of which may be shared. Also, the explicit use of the term " processor "or" control unit "should not be construed to refer exclusively to hardware capable of executing software and includes, without limitation, digital signal processor May implicitly include memory (ROM), random access memory (RAM), and non-volatile storage.

In the claims hereof, the elements depicted as means for performing a particular function encompass any way of performing a particular function, such elements being intended to encompass a combination of circuit elements that perform a particular function, Or any form of software, including firmware, microcode, etc., in combination with circuitry suitable for carrying out the software for the processor.

Reference throughout this specification to " one embodiment " of the principles of the invention and various modifications of such expression in connection with this embodiment means that a particular feature, structure, characteristic or the like is included in at least one embodiment of the principles of the invention it means. Thus, the appearances of the phrase " in one embodiment " and any other variation disclosed throughout this specification are not necessarily all referring to the same embodiment.

In this specification, the expression 'at least one of' in the case of 'at least one of A and B' means that only the selection of the first option (A) or only the selection of the second listed option (B) It is used to encompass the selection of options (A and B). As an additional example, in the case of 'at least one of A, B and C', only the selection of the first enumerated option (A) or only the selection of the second enumerated option (B) Only the selection of the first and second listed options A and B or only the selection of the second and third listed options B and C or the selection of all three options A, B, and C). Even if more items are listed, they can be clearly extended to those skilled in the art.

The present invention has been described with reference to the preferred embodiments. It is to be understood that all embodiments and conditional statements disclosed herein are intended to assist the reader in understanding the principles and concepts of the present invention to those skilled in the art, It will be understood that the invention may be embodied in various other forms without departing from the spirit or essential characteristics thereof. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

100: POS terminal
120: Security module
130: Registries
140: POS module
150: Communication module
160: Gateway module (GW module)
110: card reader module
111: MSR HEAD
112: CPU (Propeller)
113: Memory
114: decoder
115: Connection Interface
200: Key distribution server (system)
210: Gateway server (GW server)
220: Key management server
221: AP System (Access Point System)
222: Host Security Module (HSM)
223: MSR DB
224: Software module
300: VAN server
400: Security Server

Claims (19)

A card reader module for reading the card information, encrypting the read card information using a public key provided from a key distribution server to generate encrypted card information, and transmitting the encrypted card information to the POS terminal; And
A POS terminal for transmitting the public key provided from the key distribution server to the card reader module and transmitting the encrypted card information to the VAN server;
Wherein the card information is encrypted. The method according to claim 1,
Wherein the card reader module generates scratch card information by performing at least a part of the read card information in a non-disclosure process, and transmits the scratched card information to the POS terminal. The method of claim 2,
Wherein the POS terminal generates an approval request telegram based on the received scratch card information, and transmits the approval request telegram to the VAN server. The method according to claim 1,
A VAN server having a private key corresponding to the public key and decrypting the received encrypted card information with the private key;
Further comprising the step of: The method of claim 4,
Wherein the VAN server generates a public key and a corresponding private key to transmit the public key to the key distribution server. The method according to claim 1,
A key distribution server receiving each public key from at least one VAN server and transmitting the public key to the POS terminal;
Further comprising: a card information encrypting system for encrypting the card information. The method of claim 6,
Wherein the key distribution server encrypts the public key with an encryption key that matches the unique information of the card reader module and transmits the encryption key to the POS terminal. The method according to claim 1,
Wherein the card reader module is provided with at least one public keys corresponding to each of the at least one VAN servers from the key distribution server. The method of claim 8,
Wherein the card reader module encrypts the read card information with the at least one public keys to generate at least one encrypted card information. Reading the card information by the card reader module;
The card reader module encrypts the read card information using a public key provided from a key distribution server to generate encrypted card information;
The card reader module transmitting the encrypted card information to the POS terminal; And
The POS terminal transmitting the encrypted card information to the VAN server;
The method comprising the steps of: The method of claim 10,
And the public key provided from the key distribution server is transmitted to the card reader module by the POS terminal. The method of claim 10,
Wherein the card reader module generates scratch card information by performing at least a part of the read card information in a non-disclosure process, and transmits the scratched card information to the POS terminal. The method of claim 12,
Wherein the POS terminal generates an approval request telegram based on the received scratch card information, and transmits the approval request telegram to the VAN server. The method of claim 10,
Wherein the VAN server has a private key corresponding to the public key,
And the VAN server decrypts the received encrypted card information with the private key. 15. The method of claim 14,
Wherein the VAN server generates a public key and a corresponding private key to transmit the public key to the key distribution server. The method of claim 10,
Further comprising the step of the key distribution server receiving each public key from at least one VAN server and transmitting the public key to the POS terminal. 18. The method of claim 16,
Wherein the key distribution server encrypts the public key with an encryption key that matches the unique information of the card reader module and transmits the encryption key to the POS terminal. The method of claim 10,
Wherein the card reader module is provided with at least one public keys corresponding to each of the at least one VAN servers from the key distribution server. 19. The method of claim 18,
Wherein the card reader module encrypts the read card information with the at least one public keys to generate at least one encrypted card information.
KR1020130057881A 2013-05-22 2013-05-22 System and Method for Payment using Encrypted Card Information KR20140137223A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130057881A KR20140137223A (en) 2013-05-22 2013-05-22 System and Method for Payment using Encrypted Card Information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130057881A KR20140137223A (en) 2013-05-22 2013-05-22 System and Method for Payment using Encrypted Card Information

Publications (1)

Publication Number Publication Date
KR20140137223A true KR20140137223A (en) 2014-12-02

Family

ID=52457160

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130057881A KR20140137223A (en) 2013-05-22 2013-05-22 System and Method for Payment using Encrypted Card Information

Country Status (1)

Country Link
KR (1) KR20140137223A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160137051A (en) * 2015-05-22 2016-11-30 한국정보통신주식회사 Method for distributing encrypt key, terminal, card reader and system for distributing encrypt key thereof
WO2016195198A1 (en) * 2015-06-01 2016-12-08 주식회사 나우앤페이 Credit card affiliated store terminal, payment system including same, and method for operating payment system using same
KR20170105152A (en) * 2016-03-08 2017-09-19 주식회사 빅솔론 Method for controlling payment application for improving security and apparatus having the payment application
KR20180006123A (en) * 2016-07-08 2018-01-17 주식회사 한국스마트카드 Method for encrypting card information and system for the same
KR20190081192A (en) * 2017-12-29 2019-07-09 한국정보통신주식회사 A server for precessing approvals of payments, a payment terminal apparatus and a method of operating it
US11727403B2 (en) 2019-05-20 2023-08-15 Samsung Electronics Co., Ltd. System and method for payment authentication

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160137051A (en) * 2015-05-22 2016-11-30 한국정보통신주식회사 Method for distributing encrypt key, terminal, card reader and system for distributing encrypt key thereof
WO2016195198A1 (en) * 2015-06-01 2016-12-08 주식회사 나우앤페이 Credit card affiliated store terminal, payment system including same, and method for operating payment system using same
KR20170105152A (en) * 2016-03-08 2017-09-19 주식회사 빅솔론 Method for controlling payment application for improving security and apparatus having the payment application
KR20180006123A (en) * 2016-07-08 2018-01-17 주식회사 한국스마트카드 Method for encrypting card information and system for the same
KR20190081192A (en) * 2017-12-29 2019-07-09 한국정보통신주식회사 A server for precessing approvals of payments, a payment terminal apparatus and a method of operating it
US11727403B2 (en) 2019-05-20 2023-08-15 Samsung Electronics Co., Ltd. System and method for payment authentication

Similar Documents

Publication Publication Date Title
KR101449644B1 (en) POS System and Method for Payment using Encrypted Card Information
US11876905B2 (en) System and method for generating trust tokens
US11531985B2 (en) Multi-approval system using M of N keys to generate a sweeping transaction at a customer device
US10904002B2 (en) Token security on a communication device
CN108027926B (en) Authentication system and method for service-based payment
JP6438989B2 (en) Apparatus and method for secure element transaction and asset management
JP2022177233A (en) Authentication systems and methods using location matching
RU2631983C2 (en) Data protection with translation
US10135614B2 (en) Integrated contactless MPOS implementation
US8214298B2 (en) Systems and methods for performing wireless financial transactions
KR101401675B1 (en) System and method for providing public key for encrypting card information
US10673622B2 (en) Cryptographic shader in display hardware
US10366250B1 (en) Systems and methods for protecting personally identifiable information during electronic data exchanges
US10733598B2 (en) Systems for storing cardholder data and processing transactions
KR20140137223A (en) System and Method for Payment using Encrypted Card Information
US10430789B1 (en) System, method and computer program product for secure retail transactions (SRT)
US20150248668A1 (en) Secure mobile device transactions
US10410210B1 (en) Secure generation and inversion of tokens
US20150206117A1 (en) Usb-hid wireless beacons connected to point of sale devices for communication with communication devices
JP2013529804A (en) Method and system for data encryption, decryption and segmentation of a secure order management system
KR101517914B1 (en) Pos system and managing method for public key of the same
KR101803786B1 (en) Pos terminal, card reader, system and method for distributing encrypt key thereof
US20220138760A1 (en) Dynamic Ledger Address Masking
KR101849209B1 (en) Pos terminal, card reader, system and method for distributing encrypt key thereof
JP6757988B2 (en) Information security method and information security system using key synchronization

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application