KR20170043960A - Device Injection Key managing apparatus - Google Patents

Device Injection Key managing apparatus Download PDF

Info

Publication number
KR20170043960A
KR20170043960A KR1020150143690A KR20150143690A KR20170043960A KR 20170043960 A KR20170043960 A KR 20170043960A KR 1020150143690 A KR1020150143690 A KR 1020150143690A KR 20150143690 A KR20150143690 A KR 20150143690A KR 20170043960 A KR20170043960 A KR 20170043960A
Authority
KR
South Korea
Prior art keywords
key
terminal
dik
disposable
merchant payment
Prior art date
Application number
KR1020150143690A
Other languages
Korean (ko)
Other versions
KR101764363B1 (en
Inventor
강영길
배영직
이정관
Original Assignee
케이아이에스정보통신 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 케이아이에스정보통신 주식회사 filed Critical 케이아이에스정보통신 주식회사
Priority to KR1020150143690A priority Critical patent/KR101764363B1/en
Publication of KR20170043960A publication Critical patent/KR20170043960A/en
Application granted granted Critical
Publication of KR101764363B1 publication Critical patent/KR101764363B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a disposable terminal injection key management apparatus, and more particularly, to a disposable terminal injection key management apparatus for managing a single-use terminal injection key management apparatus by using a terminal master key (PMK) (DIK), which is the only symmetric key, to be efficiently managed.

Description

[0001] The present invention relates to a device injection key managing apparatus,

The present invention relates to a payment encryption technology, and more particularly to a disposable terminal injection key management device.

The asymmetric key cryptosystem is a method of performing encryption and decryption using a private key known to the user and a public key publicly known to each other, and a key for encryption and decryption is different.

The symmetric key cryptosystem uses encryption and decryption using the same cryptographic key. Compared to the asymmetric key cryptosystem, the encryption and decryption speed is fast and the encryption algorithm is not complicated.

Korean Patent Laid-Open No. 10-2002-0082670 (Oct. 31, 2002) proposes a technology for encrypting financial information in a personal mobile communication terminal using a symmetric key security algorithm.

The present inventor has developed a disposable terminal injection key (DIK) which is a unique symmetric key for each merchant payment terminal used to download a terminal master key (PMK) for downloading a POS Working Key (PWK) We have studied the technology that can manage efficiently.

Korean Patent Publication No. 10-2002-0082670 (October 31, 2002)

SUMMARY OF THE INVENTION The present invention has been made in view of the above-mentioned circumstances, and it is an object of the present invention to provide a method and apparatus for downloading a POS Master Key (PMK) for downloading a POS Working Key (PWK) And an object thereof is to provide a disposable terminal injection key management apparatus capable of efficiently managing a disposable terminal injection key (DIK) as a key.

According to an aspect of the present invention, a disposable terminal injection key management apparatus includes a first communication unit for receiving a disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal; A memory for storing a disposable terminal injection key (DIK) which is a unique symmetric key for each merchant payment terminal received by the first communication unit; A second communication unit for transmitting a disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal stored in the memory, to the merchant payment terminal; (DIK), which is a unique symmetric key for each of the merchant payment terminals; And the like.

According to a further aspect of the present invention, the disposable terminal injection key management apparatus comprises an input unit for inputting user authentication information; And further comprising:

According to a further aspect of the present invention, when the control unit compares the user authentication information inputted through the input unit with the user authentication information stored in advance and confirms the user authentication information, the transmission / reception function of the disposable terminal injection key (DIK) .

According to a further aspect of the present invention, the first communication unit communicates with the temporary key storage device or the key management server through a serial communication, a USB communication, or an Ethernet communication method.

According to a further aspect of the present invention, the second communication unit communicates with the merchant payment terminal in a serial communication manner.

According to a further aspect of the present invention, the disposable terminal injection key (DIK) is used for encrypting and decrypting a POS Master Key (PMK) for downloading a POS Working Key (PWK) And is an encryption key to be used.

The present invention provides a disposable terminal injection key (DIK) which is a unique symmetric key for each merchant payment terminal used to download a terminal master key (PMK) for downloading a POS Working Key (PWK) ) Can be efficiently managed.

1 is a block diagram showing a configuration of an embodiment of a disposable terminal injection key management apparatus according to the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

The terms used throughout the specification of the present invention have been defined in consideration of the functions of the embodiments of the present invention and can be sufficiently modified according to the intentions and customs of the user or operator. It should be based on the contents of.

1 is a block diagram showing a configuration of an embodiment of a disposable terminal injection key management apparatus according to the present invention. 1, the disposable terminal injection key management apparatus 100 according to the present invention includes a first communication unit 110, a memory 120, a second communication unit 130, and a control unit 140 .

The first communication unit 110 receives the disposable terminal injection key (DIK: Device Injection Key), which is a unique symmetric key for each merchant payment terminal, from the key management server 200 in a secure manner. For example, the first communication unit 110 may be configured to communicate with the key management server 200 through a wired or wireless Ethernet communication method in which serial communication, USB communication, or security is established with a secure temporary key storage device (not shown) .

At this time, the disposable terminal injection key (DIK) may be a cryptographic key used for encrypting and decrypting a POS Master Key (PMK) for downloading a terminal working key (PWK) used for settlement .

The key management server 200 generates a disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal, and transmits the disposable terminal injection key management apparatus 100, which is connected through the first communication unit 110, Provides a disposable terminal injection key (DIK) which is the only symmetric key for each merchant payment terminal.

Then, the disposable terminal injection key management apparatus 100 receives a disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal, through the first communication unit 110. [

At this time, the disposable terminal injection key (DIK) which is the only symmetric key for each merchant payment terminal may include an injection key ID, injection key generation date and time, and injection key derivation frequency. The injection key ID may include a merchant payment terminal manufacturer ID and an injection key generation number.

Meanwhile, the key management server 200 inputs a basic derivation key (BDK) made up of a key generation element (smart card or generated value) possessed by the manager and at least one key generation element (DIK: Device Injection Key), which is a unique symmetric key for each merchant payment terminal, through the injection key generating function. At this time, the key generation component may include a merchant payment terminal manufacturer ID.

The memory 120 stores a disposable terminal injection key (DIK) which is a unique symmetric key for each merchant payment terminal received by the first communication unit 110. For example, the memory 120 may be a non-volatile memory such as an EEPROM.

The second communication unit 130 transmits a disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal stored in the memory 120, to the merchant payment terminal 300. For example, the second communication unit 130 may be configured to communicate with the merchant payment terminal 300 through a serial communication method such as a UART.

The controller 140 controls the entire apparatus including transmission / reception and storage control of the disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal. For example, the control unit 140 may be implemented as a microcomputer that executes software for transmission / reception and storage control of the disposable terminal injection key (DIK).

When the disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal, is stored in the memory 120 of the disposable terminal injection key management device 100, the manager carries the disposable terminal injection key management device 100, The user visits the affiliated shop where the terminal 300 is installed and connects the disposable terminal injection key management apparatus 100 and the merchant payment terminal 300 through the second communication unit 130 in serial communication.

The control unit 140 executes software for transmission / reception and storage control of the disposable terminal injection key (DIK) via the second communication unit 130 and transmits the disposable use key (DIK) And transmits the terminal injection key (DIK) to the merchant payment terminal 300.

The merchant payment terminal 300 receiving the disposable terminal injection key (DIK), which is the only symmetric key for each merchant payment terminal, downloads the terminal operating key (PWK) used for settlement by using the disposable terminal injection key (DIK) From the key management server 200, a terminal master key (PMK: POS Master Key)

The process of acquiring the terminal master key (PMK: POS Master Key) includes receiving the one-time terminal injection key (DIK), which is the only symmetric key corresponding to the merchant payment terminal, from the one- The terminal 300 transmits the terminal master key (PMK) transmission request information including the disposable terminal injection key (DIK) identification information to the key management server 200.

Then, the key management server 200 receives the terminal master key (PMK) transmission request information including the disposable terminal injection key (DIK) identification information from the merchant payment terminal 300 and transmits the disposable terminal injection key (DIK) Encrypts the terminal master key PMK using the disposable terminal injection key (DIK) corresponding to the identification information, and transmits the encrypted terminal master key PMK to the merchant payment terminal 300.

At this time, the key management server 200 generates a vane master key (VMK: VAN Master Key) generated by seeding a key generating element (smart card or generated value) possessed by the manager and a vender master terminal (TID) and a terminal master key generation function that receives a randomly generated terminal master key ID, to generate a symmetric key based terminal master key (PMK).

Then, the merchant payment terminal 300 receives the encrypted terminal master key PMK from the key management server 200 using the one-time-use terminal injection key DIK, and encrypts it using the received disposable terminal injection key DIK (PMK) by using the disposable terminal injection key (DIK) stored in the merchant payment terminal to acquire the terminal master key (PMK).

The merchant payment terminal 300 acquiring the symmetric key-based terminal master key (PMK) encrypts the information requesting the provision of the POS Working Key (PWK) used for settlement through the terminal master key (PMK) To the key management server (200).

Then, the key management server 200 decrypts the information requesting to provide the POS working key (PWK) used for the encrypted settlement using the terminal master key (PMK) Key to the merchant payment terminal 300 by using the terminal master key PMK.

At this time, the key management server 200 generates a vane master key (VMK: VAN Master Key) generated by seeding a key generation element (smart card or generated value) held by the manager and a key serial number Number) input by the terminal-driving-key generating function to generate a symmetric-key-based terminal driving key PWK.

The key serial number KSN may include information such as a van master key (VMK) ID, a randomly generated serial number, an ID of a merchant payment terminal manufacturer, identification information of a merchant payment terminal, and the number of transactions encrypted to date.

The merchant payment terminal 300 receiving the encrypted POS operation key (PWK) using the terminal master key PMK transmits the encrypted terminal operation key PWK using the terminal master key PMK stored therein, POS Working Key), and encrypts and decrypts the special payment for transmission and reception with a broadcasting server (not shown) by using the obtained terminal driving key PWK.

Meanwhile, when using the disposable terminal injection key (DIK), the merchant payment terminal 300 increases the number of times of injection key derivation of the disposable terminal injection key (DIK) to redistribute and store the disposable terminal injection key (DIK) May be implemented to update the key (DIK). Meanwhile, the injection key derivation number may be limited to a certain number of times.

According to a further aspect of the present invention, the disposable terminal injection key management apparatus 100 may further include an input unit 150. [ The input unit 150 is input means such as a keypad for inputting user authentication information.

When the user authentication information is inputted from the administrator through the input unit 150, the control unit 140 compares the user authentication information inputted through the input unit 150 with the user authentication information stored in advance, , And activates the transmission / reception function of the disposable terminal injection key (DIK).

Therefore, according to the present invention, the present invention provides a unique symmetric key for each merchant payment terminal used for downloading a POS Master Key (PMK) for downloading a POS Working Key (PWK) Can be efficiently managed through the disposable terminal injection key management apparatus 100 which can be carried by the manager.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. .

The present invention is industrially applicable in the field of payment encryption technology and its application technology.

100: Disposable terminal injection key management device
110: first communication section
120: Memory
130: second communication section
140:
150:
200: Key management server
300: Merchant payment terminal

Claims (6)

A first communication unit for receiving a disposable terminal injection key (DIK: Device Injection Key) which is a unique symmetric key for each merchant payment terminal;
A memory for storing a disposable terminal injection key (DIK) which is a unique symmetric key for each merchant payment terminal received by the first communication unit;
A second communication unit for transmitting a disposable terminal injection key (DIK), which is a unique symmetric key for each merchant payment terminal stored in the memory, to the merchant payment terminal;
(DIK), which is a unique symmetric key for each of the merchant payment terminals, to control the entire apparatus including the transmission / reception and storage control of the disposable terminal injection key (DIK);
Wherein the key input device is a key input device. The method according to claim 1,
The disposable terminal injection key management apparatus comprising:
An input unit for inputting user authentication information;
Further comprising: a first key input unit for inputting a key for inputting a key to the terminal; 3. The method of claim 2,
Wherein the control unit comprises:
Wherein the user authentication information comparing unit compares the user authentication information inputted through the input unit with the user authentication information stored in advance and confirms the user authentication if the user authentication information matches the user authentication information and activates the transmission / reception function of the disposable terminal injection key (DIK) . The method according to claim 1,
Wherein the first communication unit comprises:
And communicates with the temporary key storage device or the key management server through a serial communication, a USB communication, or an Ethernet communication method. The method according to claim 1,
Wherein the second communication unit comprises:
And communicates with the merchant payment terminal in a serial communication manner. 6. The method according to any one of claims 1 to 5,
Wherein the disposable terminal injection key (DIK) comprises:
And a cryptographic key used for encrypting and decrypting a POS Master Key (PMK) for downloading a POS Working Key (PWK) used for settlement.
KR1020150143690A 2015-10-14 2015-10-14 Device Injection Key managing apparatus KR101764363B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150143690A KR101764363B1 (en) 2015-10-14 2015-10-14 Device Injection Key managing apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150143690A KR101764363B1 (en) 2015-10-14 2015-10-14 Device Injection Key managing apparatus

Publications (2)

Publication Number Publication Date
KR20170043960A true KR20170043960A (en) 2017-04-24
KR101764363B1 KR101764363B1 (en) 2017-08-02

Family

ID=58704493

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150143690A KR101764363B1 (en) 2015-10-14 2015-10-14 Device Injection Key managing apparatus

Country Status (1)

Country Link
KR (1) KR101764363B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200046451A (en) * 2018-10-24 2020-05-07 테크온미디어(주) Method for contents distribution based peer to peer, apparatus and system for executing the method
KR20220076030A (en) * 2020-11-30 2022-06-08 한국정보통신주식회사 Card terminal performing card payment using secure access module and method of operating the same

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101449644B1 (en) * 2013-05-22 2014-10-15 한국정보통신주식회사 POS System and Method for Payment using Encrypted Card Information

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200046451A (en) * 2018-10-24 2020-05-07 테크온미디어(주) Method for contents distribution based peer to peer, apparatus and system for executing the method
KR20220076030A (en) * 2020-11-30 2022-06-08 한국정보통신주식회사 Card terminal performing card payment using secure access module and method of operating the same

Also Published As

Publication number Publication date
KR101764363B1 (en) 2017-08-02

Similar Documents

Publication Publication Date Title
US11521203B2 (en) Generating a cryptographic key based on transaction data of mobile payments
CN108377190B (en) Authentication equipment and working method thereof
US10460314B2 (en) Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
EP2695148B1 (en) Payment system
CN1960363B (en) Method and equipment for implementing remote updating information security devices through network
EP3608860A1 (en) Payment system for authorising a transaction between a user device and a terminal
WO2018090763A1 (en) Method and device for configuring terminal master key
CN103988464A (en) System and method for key management for issuer security domain using global platform specifications
US20170353315A1 (en) Secure electronic entity, electronic apparatus and method for verifying the integrity of data stored in such a secure electronic entity
KR101764363B1 (en) Device Injection Key managing apparatus
CN115374405A (en) Software authorization method, license authorization method, device, equipment and storage medium
EP3292654A1 (en) A security approach for storing credentials for offline use and copy-protected vault content in devices
KR101347124B1 (en) Method of managing electronic prescription based on one-time public information and apparatus using the same
CN105577650A (en) Remote time synchronization method and system of one-time password (OTP)
JP2017108237A (en) System, terminal device, control method and program
KR101771484B1 (en) Creation Method of Signature Key to use Security Token efficiently
KR101764362B1 (en) Device Injection Key managing method
KR20100087493A (en) Method and system for providing synthesis membership using mobile communication terminal and mobile communication terminal having synthesis membership providing function
JP2016152438A (en) Software updating device, portable terminal and software updating system
CN107682147B (en) Security management method and system for smart card chip operating system file
KR101834522B1 (en) Apparatus for confirming data and method for confirming data using the same
KR101664471B1 (en) Method for Processing Mobile OTP Based On Network
KR101957885B1 (en) Method of payment processing and security card reader device performing the same
JP2013073299A (en) Information processing system
KR20180135222A (en) Method for authentication using multi-channel, Authentication Server and AuthenticationAPPARATUS

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant