WO2016136317A1 - Terminal de paiement - Google Patents

Terminal de paiement Download PDF

Info

Publication number
WO2016136317A1
WO2016136317A1 PCT/JP2016/050996 JP2016050996W WO2016136317A1 WO 2016136317 A1 WO2016136317 A1 WO 2016136317A1 JP 2016050996 W JP2016050996 W JP 2016050996W WO 2016136317 A1 WO2016136317 A1 WO 2016136317A1
Authority
WO
WIPO (PCT)
Prior art keywords
personal information
memory
card
settlement
payment terminal
Prior art date
Application number
PCT/JP2016/050996
Other languages
English (en)
Japanese (ja)
Inventor
裕道 戸崎
一毅 滝井
拓 小澤
Original Assignee
オムロン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by オムロン株式会社 filed Critical オムロン株式会社
Publication of WO2016136317A1 publication Critical patent/WO2016136317A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated

Definitions

  • This invention relates to a payment terminal for paying a transaction amount with a card.
  • a transaction amount is settled (settled) with a card (such as a credit card or a debit card).
  • a card such as a credit card or a debit card.
  • One of payment terminals that process electronic payment transactions is a CAT (Credit Authorization Terminal). Since the payment terminal handles card information and personal information such as personal identification number entered by the cardholder, the personal information entered is illegally read and leaked by tampering by a malicious third party. It has a function (tamper resistance function) for preventing the above.
  • the payment terminal has an opening detection function for detecting that the housing of the payment terminal main body has been opened. When the opening detection function detects that the housing of the payment terminal main body has been opened, the payment terminal stores it in the memory. It is the structure which deletes the personal information etc. which are stored (refer patent document 1 etc.).
  • tampering technique has become more sophisticated, and it is desired to enhance tamper resistance.
  • One enhancement of tamper resistance is to prevent personal information stored in the memory from being dumped and leaked to a third party by an illegally rewritten application program.
  • An object of the present invention is to improve security by preventing unauthorized reading of personal information stored in a memory by an application program that has been illegally rewritten and leaking it to a third party.
  • the purpose is to provide a payment terminal.
  • the settlement terminal of the present invention has the following configuration in order to achieve the above object.
  • the payment terminal processes, for example, an electronic payment transaction in which the transaction amount is settled (settled) with a card (such as a credit card or a debit card).
  • the first memory stores the input personal information and develops a business application program that uses the personal information.
  • the business application program that uses personal information is, for example, an authentication program that performs processing related to transaction settlement authentication, or an encryption program that encrypts input personal information.
  • the personal information is card information (card information) used for transaction settlement, a personal identification number of the card, and the like.
  • a business application program that does not use personal information is developed in the second memory.
  • Business application programs that do not use personal information are, for example, a display program that controls screen display on a display provided in the settlement terminal body, and a print program that outputs print data related to transactions to a printer.
  • the output unit outputs the personal information stored in the first memory to the host device when a business application program that uses the personal information is executed.
  • the payment terminal expands the business application program that uses personal information in the first memory, and expands the business application program that does not use personal information in the second memory that is different from the first memory in hardware. To do. Therefore, even if a business application program that does not use personal information is illegally rewritten, the personal information stored in the first memory by the illegally rewritten business application program (business application program that does not use personal information) Will not be dumped. In other words, it is possible to prevent personal information stored in the first memory from being dumped and leaked to a third party by an illegally rewritten business application program.
  • an encryption key used for encrypting personal information may be stored in the first memory.
  • the encryption key here is a key used for encrypting information (personal information).
  • the encryption key may be the same key as the decryption key used when decrypting the encrypted information (personal information), or may be a key different from this decryption key.
  • the decryption key may be the same as the encryption key or different from the encryption key.
  • the first memory may be a volatile memory and configured to be backed up by a battery to prevent the encryption key from being lost and prevent the encryption key from being read out illegally.
  • an opening detection unit that detects that the housing of the payment terminal main body has been opened is provided, and when it is detected that the housing of the payment terminal main body has been opened, the battery backup for the first memory is stopped. The encryption key stored in the first memory is lost.
  • FIG. 1 is a block diagram showing a configuration of a main part of a payment terminal according to this example.
  • FIG. 2 is a schematic diagram showing an overview of a payment terminal according to this example.
  • the settlement terminal 1 includes a CPU 2, a ROM 3, a first RAM 4, a second RAM 5, a personal information input unit 6, an input / output unit 7, and an opening detection unit 8. Each part of the settlement terminal 1 main body is electrically connected by a conductor line.
  • the settlement terminal 1 processes an electronic settlement transaction in which the transaction amount is settled (settled) with a card (such as a credit card or a debit card).
  • the CPU 2 controls the operation of the payment terminal 1 main body.
  • the ROM 3 is a program that is activated on the settlement terminal 1 main body, such as an operating system (OS), an application programming interface (API), a business application program (hereinafter simply referred to as a business application), an encryption program, and the like.
  • OS operating system
  • API application programming interface
  • business application program hereinafter simply referred to as a business application
  • An encryption program and the like.
  • a business application that uses personal information is, for example, an authentication program that performs processing related to transaction settlement authentication or an encryption program that encrypts input personal information.
  • Business applications that do not use personal information are, for example, a display program that controls screen display on the display 9 provided in the settlement terminal 1 main body, and a print program that outputs print data related to transactions to a printer.
  • the personal information is card information (card information) used for transaction settlement, a personal identification number of the card, and the like.
  • the encryption program is described separately from the business application, but this encryption program is also one of the business applications.
  • the first RAM 4 business applications (encryption program, authentication program, etc.) that use personal information stored in the ROM 3 are deployed when the payment terminal 1 main body is activated.
  • the first RAM 4 stores an encryption key.
  • the first RAM 4 is a volatile memory, but is backed up by a battery, so that the encryption key is not lost when the payment terminal 1 is turned off.
  • the decryption key used when decrypting information (personal information) encrypted with the encryption key may be this encryption key or a key different from this encryption key.
  • the OS, API, and business applications that do not use personal information stored in the ROM 3 are expanded when the settlement terminal 1 main unit is activated.
  • the first RAM 4 and the second RAM 5 are different hardware.
  • the second RAM 5 is also a volatile memory, but is not backed up by a battery.
  • the first RAM 4 corresponds to the first memory referred to in the present invention
  • the second RAM 5 corresponds to the second memory referred to in the present invention.
  • the personal information input unit 6 includes a card reader 6a for reading card information recorded on the card, an operation key 6b having a numeric keypad and function keys, and a PIN pad (not shown) connected to the payment terminal 1 main body. Etc.
  • the PIN pad is a device for the cardholder to input a personal identification number. 2 shows only a magnetic card reader that reads card information from a magnetic card as the card reader 6a.
  • the personal information input unit 6 may be an IC card reader that reads card information from a contact-type IC card, The configuration may also include a non-contact type IC card reader that reads card information from a contact type IC card.
  • the input / output unit 7 inputs / outputs data to / from connected external devices.
  • the external device include a communication device for communicating with a host device, a printer for printing transaction contents, a POS terminal for registering a transaction product, and the like.
  • the host device is an authentication center that authenticates whether or not settlement is possible for an electronic settlement transaction, a transaction management device that manages a transaction history, and the like.
  • the input / output unit 7 has a configuration corresponding to the output unit referred to in the present invention.
  • the opening detection unit 8 detects that the housing of the payment terminal 1 main body has been opened.
  • the opening detection part 8 is a structure which detects that the housing
  • the settlement terminal 1 also includes the display unit 9 shown in FIG. 2 and a display unit (not shown) that controls screen display of the display unit 9.
  • FIG. 3 is a flowchart showing the operation of the payment terminal.
  • the settlement terminal 1 When the power of the main body is turned on, the settlement terminal 1 performs a load process for loading various programs stored in the ROM 3 (s1, s2).
  • FIG. 4 is a flowchart showing the loading process according to s2.
  • the settlement terminal 1 executes a loading program in the CPU 2 (s11), and develops business applications (encryption program, authentication program, etc.) that use personal information stored in the ROM 3 in the first RAM 4 (s12).
  • the settlement terminal 1 develops the OS, API, and business application (printing program, display program, etc.) that does not use personal information stored in the ROM 3 in the second RAM 5 (s13), and completes this loading process. To do.
  • the processes of s12 and s13 may be reverse to the above order or may be executed in parallel.
  • the settlement terminal 1 is ready for transaction processing upon completion of the load processing for s2.
  • the payment terminal 1 waits for an input operation related to the start of the transaction to be performed or until the power source of the payment terminal 1 is turned off (s3, s4).
  • the settlement terminal 1 performs a transaction process when an input operation related to the start of the transaction is performed (s5). Further, when the payment terminal 1 is turned off, the payment terminal 1 performs a power-off process (s6) and ends this process.
  • FIG. 5 is a flowchart showing a transaction process related to s5.
  • the settlement terminal 1 receives input of transaction information (s21).
  • the transaction information that receives the input in s21 is a product / service code for identifying the product or service to be traded, a transaction amount, and the like.
  • the settlement terminal 1 stores the transaction information input in s21 in a variable area (not shown) of the first RAM 4.
  • the payment terminal 1 accepts input of personal information used for payment of the transaction amount (s22).
  • the personal information that receives the input in s22 is card information of a card that settles the transaction amount, a personal identification number of the card that settles the transaction amount, and the like.
  • FIG. 6 is a flowchart showing the personal information input acceptance process in s22.
  • the settlement terminal 1 receives an input of the type of card used for settlement of the transaction amount (s31).
  • s31 an input of a type related to the usage of a card such as a credit card, a debit card or a prepaid card or a type related to a physical configuration of a card such as a magnetic card, a contact IC card, or a non-contact IC card is accepted.
  • the card type used for settlement of the transaction amount is input by the operation of the operation key 6b by the operator.
  • the payment terminal 1 accepts input of card information for the type of card input in s31 (s32).
  • the card reader included in the personal information input unit 6 reads the card information, and inputs the read card information to the first RAM 4.
  • the first RAM 4 stores the input card information in the variable area.
  • the settlement terminal 1 encrypts the card information input in s32 (s33).
  • the input card information is encrypted by the encryption program developed in the first RAM 4.
  • the settlement terminal 1 encrypts the card information using the encryption key stored in the first RAM 4. Further, when the payment terminal 1 encrypts the card information, the encrypted card information is stored in the variable area of the first RAM 4 and the unencrypted card information (in s32) stored in the variable area. Delete the entered card information.
  • the payment terminal 1 deletes the unencrypted card information from the variable area of the first RAM 4 as soon as the card information becomes unnecessary (however, the encrypted card information (It is stored in the variable area of the RAM 4). This suppresses a decrease in security against leakage of unencrypted card information.
  • the settlement terminal 1 accepts an input of a password (s34).
  • s34 the card holder inputs the personal identification number using the PIN pad provided in the personal information input unit 6.
  • the input password is input to the first RAM 4.
  • the first RAM 4 stores the input password.
  • the settlement terminal 1 determines whether authentication for settlement of the transaction amount related to the current transaction is performed at the center or the settlement terminal 1 main body (s35). If the settlement terminal 1 determines that authentication related to settlement of the transaction amount is performed at the center, the settlement terminal 1 encrypts the input password by the encryption program developed in the first RAM 4 (s36).
  • the payment terminal 1 encrypts the password using the encryption key stored in the first RAM 4.
  • the settlement terminal When the settlement terminal encrypts the password, it stores the encrypted password in the variable area of the first RAM 4 and the unencrypted password stored in this variable area (input in s34). Delete the password. That is, the settlement terminal 1 deletes the unencrypted personal identification number from the first RAM 4 as soon as the personal identification number is no longer necessary (however, the encrypted personal identification number is stored in the variable of the first RAM 4). Is stored in the area.) As a result, a decrease in security against leakage of the unencrypted password is suppressed.
  • the settlement terminal 1 determines that the authentication for the settlement of the transaction amount is not performed at the center (that is, performed by the settlement terminal 1 itself), the settlement terminal 1 performs an authentication process regarding whether the transaction amount can be settled (s37).
  • the settlement terminal 1 determines that the authentication for settlement of the transaction amount is not performed at the center in s36 when the card used for settlement of the transaction is a prepaid card or the like.
  • s37 if the value balance of the prepaid card used for transaction settlement is less than the transaction amount, it is determined that the transaction amount cannot be settled.
  • the value balance of the prepaid card used for transaction settlement is equal to or greater than the transaction amount, it is determined that the transaction amount can be settled.
  • the settlement terminal 1 does not authenticate the settlement of the transaction amount at the center in s35 even when the transaction amount is less than a predetermined amount (for example, 1000 yen) (when it is a small transaction) (settlement terminal) It is also possible to make a determination as follows.
  • a predetermined amount for example, 1000 yen
  • the payment terminal 1 determines whether or not the authentication related to the payment of the transaction amount is completed (s23). In s23, it is determined whether or not authentication related to settlement of the transaction amount has been performed in s37 described above, that is, whether or not authentication related to settlement of the transaction amount is performed in the center.
  • the process proceeds to s26 described later without performing the processes related to s24 and s25 described below.
  • the settlement terminal 1 determines that it has not been authenticated in s23, it transmits an authentication request to the center (s24), and waits to receive an authentication result from the center (s25).
  • the payment terminal 1 transmits the encrypted personal information (encrypted card information and personal identification number) and transaction information including the transaction amount to the center.
  • the center stores an encryption key stored in the payment terminal 1 as a decryption key. Therefore, the center can decrypt the personal information included in the authentication request received from the settlement terminal 1.
  • the center may be configured to recognize the settlement terminal 1 that has transmitted the authentication request by the line number, or by the terminal code (terminal code that identifies the settlement terminal 1) included in the authentication request. It may be a configuration. Alternatively, each settlement terminal 1 may store a public key of the center as an encryption key and store a decryption key (secret key) corresponding to the center. In this case, the center does not need to recognize the payment terminal 1 that has transmitted the authentication request.
  • the settlement terminal 1 determines whether the transaction amount can be settled using a card (s26). If settlement is possible, the settlement terminal 1 performs settlement processing for settlement of the transaction amount with a card and processes the transaction (s27). On the other hand, if payment is not possible, the payment terminal 1 performs transaction cancellation processing for canceling the transaction (s28), and ends this processing. Further, when executing the transaction processing shown in FIG. 5, the settlement terminal 1 executes a display program developed in the second RAM 5, a printing program, and the like, thereby controlling screen display on the display unit 9 and input / output. Processing related to generation and output of print data for the printer connected to the unit 7 is performed.
  • the payment terminal 1 has a configuration in which business applications that use personal information are expanded in the first RAM 4 and business applications that do not use personal information are expanded in the second RAM 5.
  • the personal information stored in the first RAM 4 is not dumped by the business application expanded in the second RAM 5. Therefore, it is possible to prevent the personal information stored in the first RAM 4 from being read illegally and leaked to a third party by a business application that does not use the illegally rewritten personal information, and security can be improved. .
  • the opening detection unit 8 detects that the housing of the main body of the payment terminal 1 is opened, the payment terminal 1 deletes the personal information and the encryption key stored in the first RAM 4. Specifically, the personal information and the encryption key stored in the first RAM 4 are lost by stopping the battery backup for the first RAM 4. Therefore, the settlement terminal 1 does not leak the encryption key stored in the first RAM 4 by opening.
  • the settlement terminal 1 encrypts the input personal information (card information and password) and transmits it to the host device.
  • the input personal information (card information and password) is encrypted. It may be configured to transmit to a higher-level device without being converted. That is, the payment terminal 1 may not include the above-described configuration for encrypting personal information.

Abstract

Selon la présente invention, dans ce terminal de paiement, une première mémoire mémorise des informations personnelles entrées, et exécute un programme d'application commerciale qui utilise les informations personnelles. Une seconde mémoire exécute un programme d'application commerciale qui n'utilise pas les informations personnelles. Lorsqu'un programme d'application commerciale qui utilise des informations personnelles a été exécuté, une section de sortie émet les informations personnelles mémorisées dans la première mémoire à un dispositif de niveau plus élevé.
PCT/JP2016/050996 2015-02-27 2016-01-14 Terminal de paiement WO2016136317A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015037707A JP6464817B2 (ja) 2015-02-27 2015-02-27 決済端末
JP2015-037707 2015-02-27

Publications (1)

Publication Number Publication Date
WO2016136317A1 true WO2016136317A1 (fr) 2016-09-01

Family

ID=56788331

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/050996 WO2016136317A1 (fr) 2015-02-27 2016-01-14 Terminal de paiement

Country Status (2)

Country Link
JP (1) JP6464817B2 (fr)
WO (1) WO2016136317A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210090069A1 (en) * 2019-09-19 2021-03-25 Mastercard International Incorporated Simulated contactless payment cards providing multiple temporary profiles and corresponding credentials

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6897147B2 (ja) * 2017-02-24 2021-06-30 オムロン株式会社 カード処理端末、決済データ処理方法、および決済データ処理プログラム

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001184567A (ja) * 1999-12-24 2001-07-06 Toshiba Tec Corp 取引処理装置
JP2003122640A (ja) * 2001-10-11 2003-04-25 Fujitsu Frontech Ltd 秘密情報保護システム
JP2006155159A (ja) * 2004-11-29 2006-06-15 Fuji Electric Holdings Co Ltd 耐タンパ装置
US20100230490A1 (en) * 2009-03-13 2010-09-16 Assa Abloy Ab Secure access module for integrated circuit card applications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001184567A (ja) * 1999-12-24 2001-07-06 Toshiba Tec Corp 取引処理装置
JP2003122640A (ja) * 2001-10-11 2003-04-25 Fujitsu Frontech Ltd 秘密情報保護システム
JP2006155159A (ja) * 2004-11-29 2006-06-15 Fuji Electric Holdings Co Ltd 耐タンパ装置
US20100230490A1 (en) * 2009-03-13 2010-09-16 Assa Abloy Ab Secure access module for integrated circuit card applications

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210090069A1 (en) * 2019-09-19 2021-03-25 Mastercard International Incorporated Simulated contactless payment cards providing multiple temporary profiles and corresponding credentials
US11556918B2 (en) * 2019-09-19 2023-01-17 Mastercard International Incorporated Simulated contactless payment cards providing multiple temporary profiles and corresponding credentials

Also Published As

Publication number Publication date
JP2016162020A (ja) 2016-09-05
JP6464817B2 (ja) 2019-02-06

Similar Documents

Publication Publication Date Title
RU2715032C2 (ru) Взаимная аутентификация программных уровней
JP5050066B2 (ja) 携帯型電子的課金/認証デバイスとその方法
US7089214B2 (en) Method for utilizing a portable electronic authorization device to approve transactions between a user and an electronic transaction system
EP2525595B1 (fr) Architecture de sécurité d'utilisation de la mémoire hôte dans la conception d'un élément sécurisé
US11580527B2 (en) Battery life estimation
US20190392427A1 (en) Digital transaction system and method with a virtual companion card
US8620824B2 (en) Pin protection for portable payment devices
JP2004126889A (ja) 電子印鑑、リムーバブルメモリ媒体、事前認証システム、携帯機器、携帯電話装置および車両始動制御装置
WO2015132244A1 (fr) Transactions par dispositif mobile sécurisées
AU2022291589A1 (en) Limited operational life password for digital transactions
JP6124034B2 (ja) 取引処理装置、取引処理方法、プログラム及び取引処理システム
JP2013122684A (ja) 金融取引システム、金融機関端末、金融取引システムの取引方法およびプログラム
WO2016136317A1 (fr) Terminal de paiement
JP6464816B2 (ja) 決済端末
WO2017127879A1 (fr) Système et procédé de sécurité indirecte
JP5866535B1 (ja) 取引処理装置、取引処理方法、プログラム及び取引処理システム
JP6201654B2 (ja) 決済システム
JP6897147B2 (ja) カード処理端末、決済データ処理方法、および決済データ処理プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16755067

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16755067

Country of ref document: EP

Kind code of ref document: A1