WO2017222183A1 - Method for processing transaction approval and card issuer server - Google Patents

Method for processing transaction approval and card issuer server Download PDF

Info

Publication number
WO2017222183A1
WO2017222183A1 PCT/KR2017/004984 KR2017004984W WO2017222183A1 WO 2017222183 A1 WO2017222183 A1 WO 2017222183A1 KR 2017004984 W KR2017004984 W KR 2017004984W WO 2017222183 A1 WO2017222183 A1 WO 2017222183A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
payment
encryption
merchant terminal
card
Prior art date
Application number
PCT/KR2017/004984
Other languages
French (fr)
Korean (ko)
Inventor
박상춘
김창열
Original Assignee
비씨카드(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 비씨카드(주) filed Critical 비씨카드(주)
Publication of WO2017222183A1 publication Critical patent/WO2017222183A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/067Enterprise or organisation modelling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards

Definitions

  • the present invention relates to a transaction approval processing method and a card issuer server, and more particularly, to a transaction approval processing method and a credit card company server which decrypt card information encrypted with an encryption key corresponding to a serial number of an encryption key among encryption key sets generated based on a payment key, And a card issuer server, which performs transaction approval through encryption between terminals in a direct authorization process.
  • Card companies provide various card services to increase card usage, and the number of transactions between credit card companies and merchants is gradually increasing due to increased card usage.
  • VAN acts as an intermediary.
  • the credit card company and the merchant pay a predetermined fee to VAN in accordance with the transaction approval.
  • the present invention has been made in order to solve the problems of the related art described above, and it is an object of the present invention to provide a method and apparatus for decrypting card information encrypted with an encryption key corresponding to a serial number of an encryption key, And a transaction acceptance processing method and a card issuer server which perform transaction approval through encryption between terminals at the time of direct approval processing.
  • a method for processing transaction approval in a card issuer server comprising the steps of: (a) generating a first payment key upon completion of authentication of the merchant terminal, Transmitting to the terminal; (b) receiving, from the merchant terminal, a transaction approval request including card information encrypted with any one of the encryption keys selected from among the encryption key sets generated based on the first payment key; (c) generating the encryption key set based on the first payment key, obtaining an encryption key corresponding to the serial number of the selected encryption key in the generated encryption key set, and transmitting the encrypted Decrypting the card information; And (d) performing transaction approval using the decrypted card information, and transmitting a transaction approval result to the merchant terminal.
  • the step (c) may include generating a second payment key with the first payment key and generating the encryption key set based on the generated second payment key.
  • the encryption key set may be generated on the basis of the second payment key in the card company server and the merchant terminal.
  • the first payment key may be deleted when the second payment key is generated.
  • the encryption key set may include a plurality of one-time encryption keys each of which can be used only once.
  • the encrypted card information may be encrypted from the time when the card is recognized by the merchant terminal to the transmission period to the card issuer server.
  • the serial number of the encryption key may include special data including key identification information used for encryption, identification information of the merchant terminal, and transaction count.
  • a credit card server for processing transaction approval, the method comprising: generating a first payment key when authentication of an affiliate terminal is completed; A key generation unit for generating a set of encryption keys; A key transmission unit for transmitting the generated first payment key to the merchant terminal; An approval request receiver for receiving a transaction approval request from the merchant terminal including card information encrypted with any one of the encryption keys selected from among the encryption key sets generated based on the first payment key; A decryption unit that obtains an encryption key corresponding to a serial number of the selected encryption key among the generated encryption key sets and decrypts the encrypted card information with the obtained encryption key; And a transaction admission unit for performing transaction approval using the decrypted card information and transmitting a transaction approval result to the affiliate terminal.
  • the key generation unit may generate a second payment key using the first payment key and generate the encryption key set based on the generated second payment key.
  • the encryption key set may be generated based on the second payment key in the key generation unit and the merchant terminal.
  • the first payment key may be deleted when the second payment key is generated.
  • the encryption key set may include a plurality of one-time encryption keys each of which can be used only once.
  • the encrypted card information may be encrypted from the time when the card is recognized by the merchant terminal to the transmission period to the card issuer server.
  • the serial number of the encryption key may include special data including key identification information used for encryption, identification information of the merchant terminal, and transaction count.
  • a payment approval process can be performed without a VAN company through a direct approval process between a merchant terminal and a card issuer server, so that a transaction fee paid to a VAN company can be reduced.
  • end-to-end encryption (E2E) of the merchant terminal and the card issuing server can be performed to secure security in transaction approval through direct approval.
  • FIG. 1 is a diagram illustrating a billing key management system according to an embodiment of the present invention.
  • FIG. 2 is a block diagram illustrating the configuration of a card issuer server according to an embodiment of the present invention.
  • FIG. 3 is a diagram showing an encryption range of card information according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a key exchange process for authentication and encryption processing of an affiliate terminal.
  • FIG. 5 is a diagram illustrating a process of encrypting and decrypting card information according to an embodiment of the present invention
  • FIG. 6 is a diagram illustrating a process of performing end-to-end encryption (E2E) for a direct authorization process between an affiliate terminal and a card issuer server according to an embodiment of the present invention.
  • E2E end-to-end encryption
  • FIG. 1 is a diagram illustrating a billing key management system according to an embodiment of the present invention.
  • a payment key management system may include a merchant terminal 100 and a card issuer server 200 that can communicate with each other.
  • the communication network can be configured without regard to its communication mode such as wired and wireless.
  • LAN local area network
  • MAN metropolitan area network
  • WAN wide area network
  • the merchant terminal 100 may be a POS terminal, which is installed in an affiliate store registered as an affiliated merchant of a merchant operating a card issuer server 200.
  • the merchant terminal 100 may send a payment approval request to the card issuer server 200. For example, when the card payment approval request is made, the merchant terminal 100 transmits a payment approval request including the card information to the card issuer server 200, Lt; / RTI >
  • the merchant terminal 100 recognizes the plastic card information through a MS (Magnetic Strip), an IC (Integrated Circuit) chip or the like in the plastic card presented by the customer, or displays the barcode, QR code And transmits the payment approval request including the recognized card information to the card issuer server 200.
  • the card issuer server 200 can receive the payment approval request including the recognized card information.
  • a payment approval request may be made using a plastic card and a mobile card.
  • the payment approval request may be made using various payment means such as an NFC tag or a virtual card Approval requests may be made.
  • a payment approval request using a card can be made online through an Internet site provided by a merchant.
  • Card issuer server 200 can store merchant information, customer information, and the like in a database and manage it.
  • the merchant information may include information related to an affiliate shop, such as the name of a merchant, a business type, and information related to the affiliated shop terminal 100, such as location information and identification information of the affiliate shop terminal 100 installed in the merchant store May also be included.
  • the customer information is information registered when the customer issues a card, and may include information related to the customer such as a customer card, an account linked to the customer card, a customer contact, and the like.
  • the card issuer server 200 can authenticate the franchisee terminal 100 based on the franchisee information. When the authentication of the franchisee terminal 100 is completed, the card issuer server 200 generates a first payment key, Lt; / RTI >
  • the credit card terminal 100 When the credit card terminal 100 generates an encryption key set based on the first payment key received from the credit card company server 200 and encrypts the card information with any one of the encryption keys selected from the generated encryption key sets, May receive a transaction approval request containing the encrypted card information from the merchant terminal 100. [ At this time, the merchant terminal 100 may generate a second payment key with the first payment key and generate an encryption key set based on the generated second payment key.
  • the encryption key set may include a plurality of one-time encryption keys each of which can be used only once, and the serial number of the encryption key may include a key ID number used for encryption, ID and the number of transactions, and the encrypted card information may be encrypted until a period of time from the time when the card is recognized by the merchant terminal 100 to the card issuer server 200.
  • the card issuer server 200 can generate an encryption key set based on the first payment key and obtain an encryption key corresponding to the serial number of the selected encryption key among the generated encryption key sets, Information can be decoded.
  • the serial number of the encryption key is managed by the merchant terminal 100, and the card issuer server 200 receives a transaction approval request including the serial number of the encryption key from the merchant terminal 100 And the card issuer server 200 itself can manage the serial number of the encryption key. That is, the serial number of the encryption key can be managed by either the merchant terminal 100 or the card issuer server 200.
  • the card issuer server 200 may generate a second payment key with the first payment key and generate an encryption key set based on the generated second payment key, and the encryption key set is transmitted to the card issuer server 200 ) And the merchant terminal (100) based on the second payment key.
  • the first payment key may be deleted.
  • the card issuer server 200 can perform the transaction approval using the decrypted card information and can transmit the transaction approval result to the affiliate shop terminal 100.
  • FIG. 2 is a block diagram showing the configuration of a card issuer server 200 according to an embodiment of the present invention.
  • the card issuer server 200 may include a key generation unit 210, a key transmission unit 220, an approval request reception unit 230, a decryption unit 240, and a transaction approval unit 250 .
  • the card issuer server 200 authenticates the merchant terminal 100, and when the authentication of the merchant terminal 100 is completed, the key generating unit 210 can generate the first payment key. Details related to the authentication of the merchant terminal 100 will be described later with reference to FIG.
  • the key generation unit 210 may generate an encryption key set based on the first payment key.
  • the key generation unit 210 When generating the encryption key set, the key generation unit 210 generates a second payment key with the first payment key and generates a second payment key based on the generated second payment key An encryption key set can be generated.
  • the encryption key set may include a plurality of one-time encryption keys each of which can be used only once, and the key generation unit 210 and the merchant terminal 100
  • the first payment key may be generated in the same manner or may be generated based on the second payment key generated by the first payment key. If the second payment key is generated by the first payment key, the first payment key may be deleted.
  • the key transmitting unit 220 may transmit the first payment key generated by the key generating unit 210 to the merchant terminal 100.
  • the approval request receiving unit 230 may receive a transaction approval request from the merchant terminal 100.
  • the transaction approval request may include card information encrypted with any one of the encryption keys selected from the encryption key sets, and may further include the serial number of the encryption key. Details related to the encrypted card information will be described later with reference to FIG.
  • the serial number of the encryption key may include special data including a key ID number used for encryption, an ID of the merchant terminal 100, and the number of transactions, And may be managed by any one of the card issuer server 200.
  • the decryption unit 240 may obtain an encryption key corresponding to the serial number of the encryption key selected from the encryption key sets generated by the key generation unit 210, The encrypted card information included in the approval request can be decrypted.
  • the transaction acceptance unit 250 can perform transaction approval using the card information decrypted by the decryption unit 240 and can transmit a transaction approval result to the affiliate terminal 100.
  • FIG. 3 is a diagram showing an encryption range of card information according to an embodiment of the present invention.
  • the merchant system may be a card reader, an affiliate shop terminal 100, a POS server, or the like as shown in FIG. 3, although the merchant terminal 100 itself can perform transaction approval by performing communication with the card company server 200 And the merchant terminal 100 may communicate with the card issuer server 200 through the POS server to perform transaction approval.
  • the card reader can be implemented as a separate device, and can be implemented with both an MS card reader and an IC card reader.
  • the merchant terminal 100 connected to the card reader can recognize the card recognized by the card reader and acquire the card information.
  • the merchant terminal 100 can encrypt the card information from the time of recognizing the card, and can transmit the encrypted card information to the card issuer server 200 through the POS server. At this time, encrypted card information may be transmitted between the POS server and the card issuer server 200 through a dedicated line.
  • the card issuer server 200 can perform detour approval through the VAN company server. If a failure occurs in the card issuer server 200, Agents can be authorized through the VAN server.
  • the card issuer server 200 When the card issuer server 200 receives the encrypted card information from the POS server via the direct line, it can decrypt the encrypted card information.
  • the card information may be in an encrypted state from the time when the card is recognized by the merchant terminal 100 to the period that is transmitted to the card issuer server 200.
  • FIG. 4 is a diagram illustrating a key exchange process for authentication and encryption processing of the merchant terminal 100. As shown in FIG.
  • various key management methods may be applied as a transaction encryption processing method for the direct approval processing between the merchant terminal 100 and the card issuer server 200.
  • the key management method is a key management method that derives a unique key for each transaction approval, and may be a key management technique, not the encryption standard itself.
  • KSN Key Serial Number
  • BDK Base Derivation Key
  • IPEK Intelligent Pin Encryption Key
  • Future Key Future Key
  • the KSN is a unique value derived from information acquired by the merchant terminal 100 through the card reader, and may be a serial number of the encryption key.
  • the BDK is managed by only the card issuer server 200 as the top level key of the key management method and can be used to derive IPEK.
  • the IPEK is a key distributed to devices such as the merchant terminal 100, and is derived from the BDK and used to derive the Future Key, and can be deleted from the device after the Future Key is derived.
  • a Future Key is a set of keys to be used in the future, and can be used to generate one-time keys derived from IPEK.
  • the One-Time Key is a key used for encryption between the card issuer server 200 and the device, and is deleted once it is used, and a different key may be used for each transaction.
  • the card issuer server 200 can generate a private key using an RSA algorithm.
  • the card issuer server 200 can generate the public key from the private key, and can transmit the generated public key to the merchant terminal 100.
  • the merchant terminal 100 may store the public key received from the card issuer server 200.
  • the merchant terminal 100 may transmit the terminal authentication request to the card issuer server 200.
  • the card issuer server 200 can generate a random value.
  • the card issuer server 200 can hash the random value through SHA 256 or the like.
  • the card issuer server 200 can sign the random value in step 5) and the hash in step 6) with a private key.
  • the card issuer server 200 can transmit a terminal authentication response including a random value, a hash, a private key signature, and the like to the affiliate terminal 100.
  • the merchant terminal 100 can verify the signature with the public key, and compare the random value and the hash value with the signature value decrypted with the public key.
  • the merchant terminal 100 may generate an arbitrary value to encrypt the IPEK.
  • the merchant terminal 100 can hash any value through SHA256 or the like.
  • the merchant terminal 100 may encrypt the random value in step 10) and the hash of step 11) with the public key.
  • the merchant terminal 100 may transmit the key download request including the KSN, the random value, and the public key encryption value of the hash to the card issuing server 200.
  • the card issuer server 200 can decrypt the encrypted random value and the hash with the private key.
  • the card issuer server 200 In the hash value verification step, the card issuer server 200 generates a hash by using SHA256 or the like for an arbitrary value, compares the generated hash value with the hash value transmitted from the merchant terminal 100, and verifies the hash value can do.
  • the card issuer server 200 can generate IPEK using the KSN.
  • the card issuer server 200 can generate an encryption key and a MAC key from a random value through CMAC or the like, encrypt KSN and IPEK, and generate a MAC value of IPEK.
  • the card issuer server 200 can transmit the key including the encryption value and the MAC value to the merchant terminal 100.
  • the merchant terminal 100 can decode IPEK, and 20) In the MAC verification step, the merchant terminal 100 can verify the MAC value.
  • the merchant terminal 100 can generate a Future Key using the IPEK and delete the IPEK after generating the Future Key.
  • steps 5), 6), 7), 15), and 16) may be handled through the HSM command, and steps 14) and 17) Lt; / RTI >
  • FIG. 5 is a diagram illustrating a process of encrypting and decrypting card information according to an embodiment of the present invention
  • the merchant terminal 100 can generate a One Time Encrypt Key in the Future Key inserted into the card reader as soon as the card reader recognizes the card. After encrypting the card information using the generated One Time Encrypt Key, And may transmit the encrypted card information and the KSN to the card issuer server 200 together with the transaction approval request.
  • Card issuer server 200 can generate IPEK using KSN in BDK and generate Future Key using KSN in IPEK.
  • the card issuer server 200 can separate the encrypted One Time Encrypt Key and the encrypted card information through Future Key matching based on KSN, and can acquire the card information by decrypting the encrypted card information.
  • the card issuer server 200 can perform transaction approval using the acquired card information.
  • FIG. 6 is a diagram illustrating a process of performing end-to-end encryption (E2E) for a direct authorization process between the merchant terminal 100 and the card issuer server 200 according to an embodiment of the present invention.
  • E2E end-to-end encryption
  • the merchant terminal 100 which is a payment terminal capable of directly accepting payment, may be installed in the merchant terminal 100.
  • the merchant terminal 100 may transmit a payment key request to the credit card company server 200 in the payment key requesting step.
  • the payment key request may be a request for a first payment key, which is an initial payment key for encrypting sensitive information when a transaction is approved.
  • the merchant terminal 100 may send the terminal authentication request to the card issuer server 200 while transmitting the payment key request.
  • the card issuer server 200 can perform authentication for the merchant terminal 100 based on merchant information or the like.
  • the card company server 200 transmits an initial payment key for the end-to-end encryption E2E of the card issuer server 200 and the merchant terminal 100
  • the first payment key can be generated.
  • the credit card company server 200 can transmit the generated first payment key to the merchant terminal 100.
  • the merchant terminal 100 can generate the second payment key with the first payment key received from the card issuer server 200. [ At this time, the merchant terminal 100 can delete the first payment key while generating the second payment key.
  • the merchant terminal 100 may generate an encryption key set based on the generated second payment key.
  • the encryption key set may be generated in the same way in the merchant terminal 100 and the card issuer server 200 if the merchant terminal 100 and the card issuer server 200 have the same second payment key.
  • the merchant terminal 100 can select any one of the encryption key sets and encrypt the card information with the selected encryption key.
  • the merchant terminal 100 may transmit a transaction approval request including the encrypted card information and the serial number of the encryption key selected at the time of encryption, payment amount information, merchant store identification information, etc. to the card issuer server 200 have.
  • the serial number of the encryption key may include the key identification information used in encrypting the card information in the encryption key set, the identification information of the merchant terminal 100, and the professional data including the transaction count have.
  • the merchant terminal 100 transmits a transaction approval request not including the serial number of the encryption key to the card issuer server 200, Lt; / RTI >
  • the card issuer server 200 can distinguish the merchant terminal 100 through the serial number of the encryption key, distinguish the first payment key corresponding to the merchant terminal 100, And generate a second payment key with the first payment key.
  • the card issuer server 200 may generate an encryption key set based on the generated second payment key.
  • the card issuer server 200 can acquire the encryption key used for encryption among the encryption key set using the serial number of the encryption key, and obtains the encrypted The card information can be decoded.
  • the card issuer server 200 can perform transaction approval using the decrypted card information.
  • the card issuer server 200 can transmit the transaction approval result to the affiliate shop terminal 100.
  • the merchant terminal 100 can confirm that the approval requested through the received transaction approval result is completed, and can output the sales table, the receipt, and the like to the customer.
  • the payment approval process can be performed without the VAN company through the direct approval process between the franchisee terminal 100 and the card issuer server 200, the transaction fee paid to the VAN company Can be saved.
  • end-to-end encryption (E2E) of the merchant terminal 100 and the card issuer server 200 can be performed to secure security in transaction approval through direct approval.

Abstract

A method for processing transaction approval in a card issuer server, according to an embodiment of the present invention, comprises the steps of: (a) generating and transmitting, upon completing the authentication of an affiliate terminal, a first payment key to the affiliate terminal; (b) receiving, from the affiliate terminal, a transaction approval request including card information encrypted with any one encryption key selected from among a set of encryption keys generated on the basis of the first payment key; (c) generating the set of encryption keys on the basis of the first payment key, obtaining an encryption key corresponding to a serial number of the selected encryption key in the generated set of encryption keys, and decrypting the encrypted card information with the obtained encryption key; and (d) performing transaction approval using the decrypted card information, and transmitting a result of the transaction approval to the affiliate terminal.

Description

거래 승인 처리 방법 및 카드사 서버Transaction approval processing method and card issuer server
본 발명은 거래 승인 처리 방법 및 카드사 서버에 관한 것으로, 더욱 상세하게는, 결제키를 기반으로 생성된 암호화키 세트 중 암호화키의 시리얼 넘버에 대응하는 암호화키로 암호화된 카드 정보를 복호화하여, 가맹점 단말기와 카드사 서버 간에 직승인 처리 시 종단 간의 암호화를 통해 거래 승인을 수행하는 거래 승인 처리 방법 및 카드사 서버에 관한 것이다.The present invention relates to a transaction approval processing method and a card issuer server, and more particularly, to a transaction approval processing method and a credit card company server which decrypt card information encrypted with an encryption key corresponding to a serial number of an encryption key among encryption key sets generated based on a payment key, And a card issuer server, which performs transaction approval through encryption between terminals in a direct authorization process.
카드사에서는 카드 이용 증대를 위해 다양한 카드 서비스를 제공하고 있으며, 카드 이용 증가로 인해 카드사와 가맹점 간에 거래 승인이 이루어지는 횟수도 점차적으로 증가하고 있다.Card companies provide various card services to increase card usage, and the number of transactions between credit card companies and merchants is gradually increasing due to increased card usage.
이러한, 카드사와 가맹점 간에 거래 승인 시에는 중계 역할을 수행하는 VAN사를 통해 거래 승인 절차가 수행되고 있으며, 카드사와 가맹점은 거래 승인에 따른 소정의 수수료를 VAN사에게 지급하고 있다.When a transaction between a credit card company and a merchant is approved, a transaction approval procedure is performed through VAN, which acts as an intermediary. The credit card company and the merchant pay a predetermined fee to VAN in accordance with the transaction approval.
하지만, 거래 승인 횟수 및 금액의 증가로 인해, 카드사와 가맹점이 VAN사에게 지급해야 하는 수수료 금액이 증가하고 있어, 카드사와 가맹점 모두 수수료 지급에 따른 부담이 있는 문제가 있다.However, due to the increase in the number of transaction approvals and the amount of money, the amount of commissions that card companies and merchants need to pay to VAN is increasing, and there is a problem in that both credit card companies and merchants are burdened with commissions.
따라서, 카드사와 가맹점 간에 VAN사 없이 직승인 처리할 수 있는 요구가 증대되고 있으며, 직승인을 통한 거래 승인 시 보안성을 확보하기 위한 방안이 시급한 실정이다.Therefore, there is a growing demand for credit card companies and merchants to deal with VANs without authorization, and it is imperative to secure security when approving transactions through direct approval.
본 발명은 전술한 종래기술의 문제점을 해결하기 위한 것으로, 결제키를 기반으로 생성된 암호화키 세트 중 암호화키의 시리얼 넘버에 대응하는 암호화키로 암호화된 카드 정보를 복호화하여, 가맹점 단말기와 카드사 서버 간에 직승인 처리 시 종단 간의 암호화를 통해 거래 승인을 수행하는 거래 승인 처리 방법 및 카드사 서버를 제공하는 것을 목적으로 한다.SUMMARY OF THE INVENTION The present invention has been made in order to solve the problems of the related art described above, and it is an object of the present invention to provide a method and apparatus for decrypting card information encrypted with an encryption key corresponding to a serial number of an encryption key, And a transaction acceptance processing method and a card issuer server which perform transaction approval through encryption between terminals at the time of direct approval processing.
본 발명의 목적들은 이상에서 언급한 목적들로 제한되지 않으며, 언급되지 않은 또 다른 목적들은 아래의 기재로부터 명확하게 이해될 수 있을 것이다.The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood from the following description.
상술한 목적을 달성하기 위한 본 발명의 일 실시예에 따르면, 카드사 서버에서, 거래 승인을 처리하는 방법에 있어서, (a) 가맹점 단말기에 대한 인증이 완료되면, 제1 결제키를 생성하여 상기 가맹점 단말기로 전송하는 단계; (b) 상기 가맹점 단말기로부터, 상기 제1 결제키를 기반으로 생성된 암호화키 세트 중 선택된 어느 하나의 암호화키로 암호화된 카드 정보를 포함하는 거래 승인 요청을 수신하는 단계; (c) 상기 제1 결제키를 기반으로 상기 암호화키 세트를 생성하고, 상기 생성된 암호화키 세트 중 상기 선택된 암호화키의 시리얼 넘버에 대응하는 암호화키를 획득하고, 상기 획득된 암호화키로 상기 암호화된 카드 정보를 복호화하는 단계; 및 (d) 상기 복호화된 카드 정보를 이용하여 거래 승인을 수행하고, 거래 승인 결과를 상기 가맹점 단말기로 전송하는 단계를 포함하는, 거래 승인 처리 방법이 제공된다.According to another aspect of the present invention, there is provided a method for processing transaction approval in a card issuer server, the method comprising the steps of: (a) generating a first payment key upon completion of authentication of the merchant terminal, Transmitting to the terminal; (b) receiving, from the merchant terminal, a transaction approval request including card information encrypted with any one of the encryption keys selected from among the encryption key sets generated based on the first payment key; (c) generating the encryption key set based on the first payment key, obtaining an encryption key corresponding to the serial number of the selected encryption key in the generated encryption key set, and transmitting the encrypted Decrypting the card information; And (d) performing transaction approval using the decrypted card information, and transmitting a transaction approval result to the merchant terminal.
상기 (c) 단계는, 상기 제1 결제키로 제2 결제키를 생성하여, 상기 생성된 제2 결제키를 기반으로 상기 암호화키 세트를 생성하는 단계를 포함할 수 있다.The step (c) may include generating a second payment key with the first payment key and generating the encryption key set based on the generated second payment key.
상기 암호화키 세트는, 상기 카드사 서버 및 상기 가맹점 단말기에서 상기 제2 결제키를 기반으로 동일하게 생성될 수 있다.The encryption key set may be generated on the basis of the second payment key in the card company server and the merchant terminal.
상기 제1 결제키는, 상기 제2 결제키가 생성되면 삭제될 수 있다.The first payment key may be deleted when the second payment key is generated.
상기 암호화키 세트는, 각각 한 번만 사용 가능한 복수의 1회성 암호화키를 포함할 수 있다.The encryption key set may include a plurality of one-time encryption keys each of which can be used only once.
상기 암호화된 카드 정보는, 상기 가맹점 단말기에서 카드를 인식하는 시점부터 상기 카드사 서버로 전송되는 구간까지 암호화될 수 있다.The encrypted card information may be encrypted from the time when the card is recognized by the merchant terminal to the transmission period to the card issuer server.
상기 암호화키의 시리얼 넘버는, 암호화하는데 사용된 키 식별 정보, 상기 가맹점 단말기의 식별 정보 및 거래 횟수가 포함된 전문 데이터를 포함할 수 있다.The serial number of the encryption key may include special data including key identification information used for encryption, identification information of the merchant terminal, and transaction count.
상술한 목적을 달성하기 위한 본 발명의 다른 실시예에 따르면, 거래 승인을 처리하는 카드사 서버에 있어서, 가맹점 단말기에 대한 인증이 완료되면, 제1 결제키를 생성하고, 상기 제1 결제키를 기반으로 암호화키 세트를 생성하는 키 생성부; 상기 생성된 제1 결제키를 상기 가맹점 단말기로 전송하는 키 전송부; 상기 가맹점 단말기로부터, 상기 제1 결제키를 기반으로 생성된 암호화키 세트 중 선택된 어느 하나의 암호화키로 암호화된 카드 정보를 포함하는 거래 승인 요청을 수신하는 승인 요청 수신부; 상기 생성된 암호화키 세트 중 상기 선택된 암호화키의 시리얼 넘버에 대응하는 암호화키를 획득하고, 상기 획득된 암호화키로 상기 암호화된 카드 정보를 복호화하는 복호화부; 및 상기 복호화된 카드 정보를 이용하여 거래 승인을 수행하고, 거래 승인 결과를 상기 가맹점 단말기로 전송하는 거래 승인부를 포함하는, 카드사 서버가 제공된다.According to another aspect of the present invention, there is provided a credit card server for processing transaction approval, the method comprising: generating a first payment key when authentication of an affiliate terminal is completed; A key generation unit for generating a set of encryption keys; A key transmission unit for transmitting the generated first payment key to the merchant terminal; An approval request receiver for receiving a transaction approval request from the merchant terminal including card information encrypted with any one of the encryption keys selected from among the encryption key sets generated based on the first payment key; A decryption unit that obtains an encryption key corresponding to a serial number of the selected encryption key among the generated encryption key sets and decrypts the encrypted card information with the obtained encryption key; And a transaction admission unit for performing transaction approval using the decrypted card information and transmitting a transaction approval result to the affiliate terminal.
상기 키 생성부는, 상기 제1 결제키로 제2 결제키를 생성하여, 상기 생성된 제2 결제키를 기반으로 상기 암호화키 세트를 생성할 수 있다.The key generation unit may generate a second payment key using the first payment key and generate the encryption key set based on the generated second payment key.
상기 암호화키 세트는, 상기 키 생성부 및 상기 가맹점 단말기에서 상기 제2 결제키를 기반으로 동일하게 생성될 수 있다.The encryption key set may be generated based on the second payment key in the key generation unit and the merchant terminal.
상기 제1 결제키는, 상기 제2 결제키가 생성되면 삭제될 수 있다.The first payment key may be deleted when the second payment key is generated.
상기 암호화키 세트는, 각각 한 번만 사용 가능한 복수의 1회성 암호화키를 포함할 수 있다.The encryption key set may include a plurality of one-time encryption keys each of which can be used only once.
상기 암호화된 카드 정보는, 상기 가맹점 단말기에서 카드를 인식하는 시점부터 상기 카드사 서버로 전송되는 구간까지 암호화될 수 있다.The encrypted card information may be encrypted from the time when the card is recognized by the merchant terminal to the transmission period to the card issuer server.
상기 암호화키의 시리얼 넘버는, 암호화하는데 사용된 키 식별 정보, 상기 가맹점 단말기의 식별 정보 및 거래 횟수가 포함된 전문 데이터를 포함할 수 있다.The serial number of the encryption key may include special data including key identification information used for encryption, identification information of the merchant terminal, and transaction count.
본 발명의 일 실시예에 따르면, 가맹점 단말기와 카드사 서버 간에 직승인 처리를 통해, VAN사 없이 결제 승인 절차가 수행될 수 있으므로, VAN사에 지급되는 거래 수수료를 절감할 수 있다.According to an embodiment of the present invention, a payment approval process can be performed without a VAN company through a direct approval process between a merchant terminal and a card issuer server, so that a transaction fee paid to a VAN company can be reduced.
또한, 본 발명의 일 실시예에 따르면, 가맹점 단말기와 카드사 서버의 종단 간 암호화(E2E)를 수행하여, 직승인을 통한 거래 승인 시 보안성을 확보할 수 있다.In addition, according to an embodiment of the present invention, end-to-end encryption (E2E) of the merchant terminal and the card issuing server can be performed to secure security in transaction approval through direct approval.
본 발명의 효과는 상기한 효과로 한정되는 것은 아니며, 본 발명의 상세한 설명 또는 특허청구범위에 기재된 발명의 구성으로부터 추론 가능한 모든 효과를 포함하는 것으로 이해되어야 한다.It should be understood that the effects of the present invention are not limited to the above effects and include all effects that can be deduced from the detailed description of the present invention or the configuration of the invention described in the claims.
도 1은 본 발명의 일 실시예에 따른 결제키 관리 시스템을 도시한 도면이다.1 is a diagram illustrating a billing key management system according to an embodiment of the present invention.
도 2는 본 발명의 일 실시예에 따른 카드사 서버의 구성을 도시한 블록도이다.2 is a block diagram illustrating the configuration of a card issuer server according to an embodiment of the present invention.
도 3은 본 발명의 일 실시예에 따른 카드 정보의 암호화 범위를 도시한 도면이다.3 is a diagram showing an encryption range of card information according to an embodiment of the present invention.
도 4는 가맹점 단말기의 인증 및 암호화 처리를 위한 키 교환 과정을 도시한 도면이다.4 is a diagram illustrating a key exchange process for authentication and encryption processing of an affiliate terminal.
도 5는 본 발명의 일 실시예에 따른 카드 정보에 대한 암호화 및 복호화 과정을 도시한 도면이다5 is a diagram illustrating a process of encrypting and decrypting card information according to an embodiment of the present invention
도 6은 본 발명의 일 실시예에 따른 가맹점 단말기와 카드사 서버 간의 직승인 처리를 위해, 종단 간 암호화(E2E)를 수행하는 과정을 도시한 도면이다.FIG. 6 is a diagram illustrating a process of performing end-to-end encryption (E2E) for a direct authorization process between an affiliate terminal and a card issuer server according to an embodiment of the present invention.
이하에서는 첨부한 도면을 참조하여 본 발명을 설명하기로 한다. 그러나 본 발명은 여러 가지 상이한 형태로 구현될 수 있으며, 따라서 여기에서 설명하는 실시예로 한정되는 것은 아니다. 그리고 도면에서 본 발명을 명확하게 설명하기 위해서 설명과 관계없는 부분은 생략하였으며, 명세서 전체를 통하여 유사한 부분에 대해서는 유사한 도면 부호를 붙였다.DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
명세서 전체에서, 어떤 부분이 다른 부분과 "연결"되어 있다고 할 때, 이는 "직접적으로 연결"되어 있는 경우뿐 아니라, 그 중간에 다른 부재를 사이에 두고 "간접적으로 연결"되어 있는 경우도 포함한다. 또한 어떤 부분이 어떤 구성요소를 "포함"한다고 할 때, 이는 특별히 반대되는 기재가 없는 한 다른 구성요소를 제외하는 것이 아니라 다른 구성요소를 더 구비할 수 있다는 것을 의미한다.Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "indirectly connected" . Also, when an element is referred to as " comprising ", it means that it can include other elements, not excluding other elements unless specifically stated otherwise.
이하 첨부된 도면을 참고하여 본 발명의 실시예를 상세히 설명하기로 한다.Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
도 1은 본 발명의 일 실시예에 따른 결제키 관리 시스템을 도시한 도면이다.1 is a diagram illustrating a billing key management system according to an embodiment of the present invention.
도 1을 참조하면, 본 발명의 일 실시예에 따른 결제키 관리 시스템은 서로 통신 가능한 가맹점 단말기(100) 및 카드사 서버(200)를 포함할 수 있다.Referring to FIG. 1, a payment key management system according to an embodiment of the present invention may include a merchant terminal 100 and a card issuer server 200 that can communicate with each other.
먼저, 통신망은 유선 및 무선 등과 같은 그 통신 양태를 가리지 않고 구성될 수 있다. 근거리 통신망(LAN: Local Area Network), 도시권 통신망(MAN: Metropolitan Area Network), 광역 통신망(WAN: Wide Area Network) 등 다양한 통신망으로 구성될 수 있다.First, the communication network can be configured without regard to its communication mode such as wired and wireless. A local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), and the like.
가맹점 단말기(100)는 카드사 서버(200)를 운영하는 사업자의 제휴 가맹점으로 등록되어 있는 가맹점에 설치된 단말기로서, POS 단말기일 수 있다.The merchant terminal 100 may be a POS terminal, which is installed in an affiliate store registered as an affiliated merchant of a merchant operating a card issuer server 200. [
가맹점 단말기(100)는 결제 승인 요청을 카드사 서버(200)로 전송할 수 있는데, 예를 들어, 카드 결제 승인 요청 시, 가맹점 단말기(100)는 카드 정보를 포함하는 결제 승인 요청을 카드사 서버(200)로 전송할 수 있다.The merchant terminal 100 may send a payment approval request to the card issuer server 200. For example, when the card payment approval request is made, the merchant terminal 100 transmits a payment approval request including the card information to the card issuer server 200, Lt; / RTI >
구체적으로, 가맹점 단말기(100)는 고객이 제시한 플라스틱 카드 내 MS(Magnetic Strip), IC(Integrated Circuit) 칩 등을 통해 플라스틱 카드 정보를 인식하거나, 고객 단말기의 화면에서 디스플레이 되고 있는 바코드, QR 코드 등을 통해 모바일 카드 정보를 인식하여, 인식된 카드 정보를 포함하는 결제 승인 요청을 카드사 서버(200)로 전송할 수 있다.Specifically, the merchant terminal 100 recognizes the plastic card information through a MS (Magnetic Strip), an IC (Integrated Circuit) chip or the like in the plastic card presented by the customer, or displays the barcode, QR code And transmits the payment approval request including the recognized card information to the card issuer server 200. The card issuer server 200 can receive the payment approval request including the recognized card information.
가맹점 단말기(100)에서의 결제 승인 요청 시 상술한 바와 같이, 플라스틱 카드 및 모바일 카드를 이용하여 결제 승인 요청이 이루어질 수 있으나, 이에 제한되지 않으며, NFC 태그, 가상 카드 등 다양한 결제 수단을 이용하여 결제 승인 요청이 이루어질 수도 있다.As described above, when a payment approval request is made at the merchant terminal 100, a payment approval request may be made using a plastic card and a mobile card. However, the payment approval request may be made using various payment means such as an NFC tag or a virtual card Approval requests may be made.
또한, 가맹점에서 제공하는 인터넷 사이트를 통해, 온라인으로 카드를 이용한 결제 승인 요청이 이루어질 수 있다.In addition, a payment approval request using a card can be made online through an Internet site provided by a merchant.
카드사 서버(200)는 가맹점 정보, 고객 정보 등을 데이터베이스에 저장하여 관리할 수 있다. Card issuer server 200 can store merchant information, customer information, and the like in a database and manage it.
가맹점 정보는 제휴 가맹점 가입 시 등록된 정보로, 가맹점 이름, 업종 등 가맹점과 관련된 정보를 포함할 수 있고, 가맹점에 설치된 가맹점 단말기(100)의 위치 정보, 식별 정보 등 가맹점 단말기(100)와 관련된 정보도 포함할 수 있다.The merchant information may include information related to an affiliate shop, such as the name of a merchant, a business type, and information related to the affiliated shop terminal 100, such as location information and identification information of the affiliate shop terminal 100 installed in the merchant store May also be included.
고객 정보는 고객이 카드 발급 시 등록된 정보로, 고객 카드, 고객 카드와 연계된 계좌, 고객 연락처 등 고객과 관련된 정보를 포함할 수 있다.The customer information is information registered when the customer issues a card, and may include information related to the customer such as a customer card, an account linked to the customer card, a customer contact, and the like.
카드사 서버(200)는 가맹점 정보를 기초로, 가맹점 단말기(100)에 대한 인증을 수행할 수 있으며, 가맹점 단말기(100)에 대한 인증이 완료되면, 제1 결제키를 생성하여 가맹점 단말기(100)로 전송할 수 있다.The card issuer server 200 can authenticate the franchisee terminal 100 based on the franchisee information. When the authentication of the franchisee terminal 100 is completed, the card issuer server 200 generates a first payment key, Lt; / RTI >
가맹점 단말기(100)에서 카드사 서버(200)로부터 수신된 제1 결제키를 기반으로 암호화키 세트를 생성하고, 생성된 암호화키 세트 중 선택된 어느 하나의 암호화키로 카드 정보를 암호화하면, 카드사 서버(200)는 가맹점 단말기(100)로부터 암호화된 카드 정보를 포함하는 거래 승인 요청을 수신할 수 있다. 이 때, 가맹점 단말기(100)는 제1 결제키로 제2 결제키를 생성하여, 생성된 제2 결제키를 기반으로 암호화키 세트를 생성할 수 있다.When the credit card terminal 100 generates an encryption key set based on the first payment key received from the credit card company server 200 and encrypts the card information with any one of the encryption keys selected from the generated encryption key sets, May receive a transaction approval request containing the encrypted card information from the merchant terminal 100. [ At this time, the merchant terminal 100 may generate a second payment key with the first payment key and generate an encryption key set based on the generated second payment key.
본 발명의 일 실시예에 따르면, 암호화키 세트는 각각 한 번만 사용 가능한 복수의 1회성 암호화키를 포함할 수 있으며, 암호화키의 시리얼 넘버는 암호화하는데 사용된 키 ID번호, 가맹점 단말기(100)의 ID 및 거래 횟수가 포함된 전문 데이터를 포함할 수 있으며, 암호화된 카드 정보는 가맹점 단말기(100)에서 카드를 인식하는 시점부터 카드사 서버(200)로 전송되는 구간까지 암호화될 수 있다.According to an embodiment of the present invention, the encryption key set may include a plurality of one-time encryption keys each of which can be used only once, and the serial number of the encryption key may include a key ID number used for encryption, ID and the number of transactions, and the encrypted card information may be encrypted until a period of time from the time when the card is recognized by the merchant terminal 100 to the card issuer server 200.
카드사 서버(200)는 제1 결제키를 기반으로 암호화키 세트를 생성하고, 생성된 암호화키 세트 중 선택된 암호화키의 시리얼 넘버에 대응하는 암호화키를 획득할 수 있으며, 획득된 암호화키로 암호화된 카드 정보를 복호화할 수 있다.The card issuer server 200 can generate an encryption key set based on the first payment key and obtain an encryption key corresponding to the serial number of the selected encryption key among the generated encryption key sets, Information can be decoded.
본 발명의 일 실시예에 따르면, 암호화키의 시리얼 넘버는 가맹점 단말기(100)에서 관리되어, 카드사 서버(200)는 암호화키의 시리얼 넘버를 더 포함하는 거래 승인 요청을 가맹점 단말기(100)로부터 수신할 수 있으며, 카드사 서버(200) 자체적으로 암호화키의 시리얼 넘버를 관리할 수도 있다. 즉, 암호화키의 시리얼 넘버는 가맹점 단말기(100) 및 카드사 서버(200) 중 어느 하나에서 관리될 수 있다.According to an embodiment of the present invention, the serial number of the encryption key is managed by the merchant terminal 100, and the card issuer server 200 receives a transaction approval request including the serial number of the encryption key from the merchant terminal 100 And the card issuer server 200 itself can manage the serial number of the encryption key. That is, the serial number of the encryption key can be managed by either the merchant terminal 100 or the card issuer server 200.
암호화키 세트 생성 시, 카드사 서버(200)는 제1 결제키로 제2 결제키를 생성하여, 생성된 제2 결제키를 기반으로 암호화키 세트를 생성할 수 있으며, 암호화키 세트는 카드사 서버(200) 및 가맹점 단말기(100)에서 제2 결제키를 기반으로 동일하게 생성될 수 있다.Upon generation of the encryption key set, the card issuer server 200 may generate a second payment key with the first payment key and generate an encryption key set based on the generated second payment key, and the encryption key set is transmitted to the card issuer server 200 ) And the merchant terminal (100) based on the second payment key.
카드사 서버(200) 또는 가맹점 단말기(100)에서 제1 결제키로 제2 결제키를 생성하면, 제1 결제키는 삭제될 수 있다.When the card issuer server 200 or the merchant terminal 100 generates the second payment key with the first payment key, the first payment key may be deleted.
카드사 서버(200)는 복호화된 카드 정보를 이용하여 거래 승인을 수행할 수 있으며, 거래 승인 결과를 가맹점 단말기(100)로 전송할 수 있다.The card issuer server 200 can perform the transaction approval using the decrypted card information and can transmit the transaction approval result to the affiliate shop terminal 100. [
도 2는 본 발명의 일 실시예에 따른 카드사 서버(200)의 구성을 도시한 블록도이다.2 is a block diagram showing the configuration of a card issuer server 200 according to an embodiment of the present invention.
도 2를 참조하면, 카드사 서버(200)는 키 생성부(210), 키 전송부(220), 승인 요청 수신부(230), 복호화부(240) 및 거래 승인부(250)를 포함할 수 있다.2, the card issuer server 200 may include a key generation unit 210, a key transmission unit 220, an approval request reception unit 230, a decryption unit 240, and a transaction approval unit 250 .
먼저, 카드사 서버(200)에서 가맹점 단말기(100)에 대한 인증을 수행하여, 가맹점 단말기(100)에 대한 인증이 완료되면, 키 생성부(210)는 제1 결제키를 생성할 수 있다. 가맹점 단말기(100)에 대한 인증과 관련된 자세한 내용은 도 4를 참조하여 후술하기로 한다.First, the card issuer server 200 authenticates the merchant terminal 100, and when the authentication of the merchant terminal 100 is completed, the key generating unit 210 can generate the first payment key. Details related to the authentication of the merchant terminal 100 will be described later with reference to FIG.
키 생성부(210)는 제1 결제키를 기반으로 암호화키 세트를 생성할 수 있으며, 암호화키 세트 생성 시, 제1 결제키로 제2 결제키를 생성하여, 생성된 제2 결제키를 기반으로 암호화키 세트를 생성할 수 있다.The key generation unit 210 may generate an encryption key set based on the first payment key. When generating the encryption key set, the key generation unit 210 generates a second payment key with the first payment key and generates a second payment key based on the generated second payment key An encryption key set can be generated.
본 발명의 일 실시예에 따르면, 암호화키 세트는 각각 한 번만 사용 가능한 복수의 1회성 암호화키를 포함할 수 있으며, 키 생성부(210) 및 가맹점 단말기(100)에서 제1 결제키를 기반으로 동일하게 생성되거나, 제1 결제키로 생성된 제2 결제키를 기반으로 동일하게 생성될 수 있으며, 제1 결제키로 제2 결제키가 생성되면, 제1 결제키는 삭제될 수 있다.According to an embodiment of the present invention, the encryption key set may include a plurality of one-time encryption keys each of which can be used only once, and the key generation unit 210 and the merchant terminal 100 The first payment key may be generated in the same manner or may be generated based on the second payment key generated by the first payment key. If the second payment key is generated by the first payment key, the first payment key may be deleted.
키 전송부(220)는 키 생성부(210)에서 생성한 제1 결제키를 가맹점 단말기(100)로 전송할 수 있다.The key transmitting unit 220 may transmit the first payment key generated by the key generating unit 210 to the merchant terminal 100.
승인 요청 수신부(230)는 가맹점 단말기(100)로부터 거래 승인 요청을 수신할 수 있다. 이 때, 거래 승인 요청에는 암호화키 세트 중 선택된 어느 하나의 암호화키로 암호화된 카드 정보가 포함될 수 있으며, 암호화키의 시리얼 넘버가 더 포함될 수 있다. 암호화된 카드 정보와 관련된 자세한 내용은 도 3을 참조하여 후술하기로 한다.The approval request receiving unit 230 may receive a transaction approval request from the merchant terminal 100. [ At this time, the transaction approval request may include card information encrypted with any one of the encryption keys selected from the encryption key sets, and may further include the serial number of the encryption key. Details related to the encrypted card information will be described later with reference to FIG.
본 발명의 일 실시예에 따르면, 암호화키의 시리얼 넘버는 암호화하는데 사용된 키 ID번호, 가맹점 단말기(100)의 ID 및 거래 횟수가 포함된 전문 데이터를 포함할 수 있으며, 가맹점 단말기(100) 및 카드사 서버(200) 중 어느 하나에서 관리될 수 있다. According to an exemplary embodiment of the present invention, the serial number of the encryption key may include special data including a key ID number used for encryption, an ID of the merchant terminal 100, and the number of transactions, And may be managed by any one of the card issuer server 200.
복호화부(240)는 키 생성부(210)에서 생성한 암호화키 세트 중 선택된 암호화키의 시리얼 넘버에 대응하는 암호화키를 획득할 수 있으며, 획득된 암호화키로 승인 요청 수신부(230)에서 수신한 거래 승인 요청에 포함되어 있는 암호화된 카드 정보를 복호화할 수 있다.The decryption unit 240 may obtain an encryption key corresponding to the serial number of the encryption key selected from the encryption key sets generated by the key generation unit 210, The encrypted card information included in the approval request can be decrypted.
거래 승인부(250)는 복호화부(240)에서 복호화한 카드 정보를 이용하여 거래 승인을 수행할 수 있으며, 거래 승인 결과를 가맹점 단말기(100)로 전송할 수 있다.The transaction acceptance unit 250 can perform transaction approval using the card information decrypted by the decryption unit 240 and can transmit a transaction approval result to the affiliate terminal 100. [
도 3은 본 발명의 일 실시예에 따른 카드 정보의 암호화 범위를 도시한 도면이다.3 is a diagram showing an encryption range of card information according to an embodiment of the present invention.
먼저, 가맹점 단말기(100) 자체적으로 카드사 서버(200)와 통신을 수행하여 거래 승인을 수행할 수 있지만, 도 3에 도시된 바와 같이, 가맹점 시스템이 카드 리더기, 가맹점 단말기(100) POS서버 등으로 구현되어, 가맹점 단말기(100)가 POS 서버를 통해 카드사 서버(200)와 통신을 수행하여 거래 승인을 수행할 수도 있다.As shown in FIG. 3, the merchant system may be a card reader, an affiliate shop terminal 100, a POS server, or the like as shown in FIG. 3, although the merchant terminal 100 itself can perform transaction approval by performing communication with the card company server 200 And the merchant terminal 100 may communicate with the card issuer server 200 through the POS server to perform transaction approval.
카드 리더기는 별도 장치로 구현될 수 있으며, MS 카드 리더기와 IC 카드 리더기를 모두 포함하여 구현될 수 있다.The card reader can be implemented as a separate device, and can be implemented with both an MS card reader and an IC card reader.
카드 리더기에 카드가 인식되면, 카드 리더기와 연결된 가맹점 단말기(100)는 카드 리더기에서 인식한 카드를 인식하여, 카드 정보를 획득할 수 있다.When the card is recognized by the card reader, the merchant terminal 100 connected to the card reader can recognize the card recognized by the card reader and acquire the card information.
가맹점 단말기(100)는 카드를 인식하는 시점부터 카드 정보를 암호화할 수 있으며, 암호화된 카드 정보를 POS 서버를 통해 카드사 서버(200)로 전송할 수 있다. 이 때, POS 서버와 카드사 서버(200)사이에는 전용선으로 연결되어 직라인을 통해 암호화된 카드 정보가 전송될 수 있다.The merchant terminal 100 can encrypt the card information from the time of recognizing the card, and can transmit the encrypted card information to the card issuer server 200 through the POS server. At this time, encrypted card information may be transmitted between the POS server and the card issuer server 200 through a dedicated line.
POS 서버와 카드사 서버(200) 사이에 연결된 직라인이 장애가 발생한 경우, 카드사 서버(200)는 VAN사 서버를 통해 우회승인을 수행할 수 있으며, 카드사 서버(200)에 장애가 발생한 경우, POS 서버는 VAN사 서버를 통해 대행승인을 수행할 수 있다.When a failure occurs in the direct line connected between the POS server and the card issuer server 200, the card issuer server 200 can perform detour approval through the VAN company server. If a failure occurs in the card issuer server 200, Agents can be authorized through the VAN server.
카드사 서버(200)는 POS 서버로부터 직라인을 통해 암호화된 카드 정보를 수신하면, 암호화된 카드 정보를 복호화할 수 있다.When the card issuer server 200 receives the encrypted card information from the POS server via the direct line, it can decrypt the encrypted card information.
즉, 카드 정보는 가맹점 단말기(100)에서 카드를 인식하는 시점부터 카드사 서버(200)로 전송되는 구간까지 암호화된 상태일 수 있다.That is, the card information may be in an encrypted state from the time when the card is recognized by the merchant terminal 100 to the period that is transmitted to the card issuer server 200.
도 4는 가맹점 단말기(100)의 인증 및 암호화 처리를 위한 키 교환 과정을 도시한 도면이다.4 is a diagram illustrating a key exchange process for authentication and encryption processing of the merchant terminal 100. As shown in FIG.
먼저, 가맹점 단말기(100)와 카드사 서버(200) 간의 직승인 처리를 위해, 거래 암호화 처리 방식으로 다양한 키 관리 방식 등이 적용될 수 있다.First, various key management methods may be applied as a transaction encryption processing method for the direct approval processing between the merchant terminal 100 and the card issuer server 200. [
키 관리 방식은 거래 승인 마다 고유 키를 유도하는 키 관리 방법으로, 암호화 표준 자체가 아니라 키 관리 기법일 수 있다.The key management method is a key management method that derives a unique key for each transaction approval, and may be a key management technique, not the encryption standard itself.
키 관리 방식에는 KSN(Key Serial Number), BDK(Base Derivation Key), IPEK(Initial Pin Encryption Key), Future Key, One-Time Key 등 여러 키들이 사용될 수 있다.Key management methods include KSN (Key Serial Number), BDK (Base Derivation Key), IPEK (Initial Pin Encryption Key), Future Key, and One-Time Key.
KSN는 가맹점 단말기(100)가 카드 리더기를 통해 획득되는 정보에서 도출되는 유니크한 값으로, 암호화키의 시리얼 넘버일 수 있다.The KSN is a unique value derived from information acquired by the merchant terminal 100 through the card reader, and may be a serial number of the encryption key.
BDK는 키 관리 방식의 최상위 키로 카드사 서버(200)에서만 관리되며, IPEK를 파생하는데 사용될 수 있다.The BDK is managed by only the card issuer server 200 as the top level key of the key management method and can be used to derive IPEK.
IPEK는 가맹점 단말기(100) 등의 디바이스에 분배되는 키로, BDK로부터 파생되어 Future Key를 파생하는데 사용되며, Future Key 파생 후 디바이스에서 삭제될 수 있다.The IPEK is a key distributed to devices such as the merchant terminal 100, and is derived from the BDK and used to derive the Future Key, and can be deleted from the device after the Future Key is derived.
Future Key는 미래에 사용될 키들의 집합으로, IPEK로부터 파생되어 One-Time Key를 생성하는데 사용될 수 있다.A Future Key is a set of keys to be used in the future, and can be used to generate one-time keys derived from IPEK.
One-Time Key는 카드사 서버(200)와 디바이스 간 암호화에 사용되는 키로, 한 번 사용되면 삭제되며, 트랜잭션마다 서로 다른 키가 사용될 수 있다.The One-Time Key is a key used for encryption between the card issuer server 200 and the device, and is deleted once it is used, and a different key may be used for each transaction.
도 4를 참조하면, 1) 개인키 생성 단계에서, 카드사 서버(200)는 RSA 알고리즘을 이용하여 개인키를 생성할 수 있다.Referring to FIG. 4, 1) in the private key generation step, the card issuer server 200 can generate a private key using an RSA algorithm.
2) 공개키 생성 단계에서, 카드사 서버(200)는 개인키에서 공개키를 생성할 수 있으며, 생성된 공개키를 가맹점 단말기(100)로 전송할 수 있다.2) In the public key generation step, the card issuer server 200 can generate the public key from the private key, and can transmit the generated public key to the merchant terminal 100.
3) 공개키 단말기 탑재 단계에서, 가맹점 단말기(100)는 카드사 서버(200)로부터 수신한 공개키를 저장할 수 있다.3) In the step of installing the public key terminal, the merchant terminal 100 may store the public key received from the card issuer server 200. [
4) 단말 인증 요청 단계에서, 가맹점 단말기(100)는 단말 인증 요청을 카드사 서버(200)로 전송할 수 있다.4) In the terminal authentication request step, the merchant terminal 100 may transmit the terminal authentication request to the card issuer server 200. [
5) 랜덤값 생성 단계에서, 카드사 서버(200)는 랜덤값을 생성할 수 있다.5) In the random value generation step, the card issuer server 200 can generate a random value.
6) 랜덤값 해쉬 단계에서, 카드사 서버(200)는 랜덤값을 SHA256 등을 통해 해쉬할 수 있다.6) In the random value hash step, the card issuer server 200 can hash the random value through SHA 256 or the like.
7) 개인키 서명 단계에서, 카드사 서버(200)는 5) 단계의 랜덤값과 6) 단계의 해쉬를 개인키로 서명할 수 있다.7) In the private key signing step, the card issuer server 200 can sign the random value in step 5) and the hash in step 6) with a private key.
8) 단말 인증 응답 단계에서, 카드사 서버(200)는 랜덤값, 해쉬, 개인키 서명 등을 포함하는 단말 인증 응답을 가맹점 단말기(100)로 전송할 수 있다.8) In the terminal authentication response step, the card issuer server 200 can transmit a terminal authentication response including a random value, a hash, a private key signature, and the like to the affiliate terminal 100.
9) 서명 검증 단계에서, 가맹점 단말기(100)는 공개키로 서명 검증할 수 있으며, 랜덤값 및 해쉬값을 공개키로 복호화한 서명값과 비교할 수 있다.9) In the signature verification step, the merchant terminal 100 can verify the signature with the public key, and compare the random value and the hash value with the signature value decrypted with the public key.
9) 서명 검증 단계 이후, 가맹점 단말기(100)에 대한 인증이 완료되어, 가맹점 단말기(100)가 적법한 단말기로 인증될 수 있다.9) After the signature verification step, authentication of the merchant terminal 100 is completed, and the merchant terminal 100 can be authenticated as a legitimate terminal.
10) 임의값 생성 단계에서, 가맹점 단말기(100)는 IPEK를 암호화할 임의값을 생성할 수 있다.10) In the arbitrary value generation step, the merchant terminal 100 may generate an arbitrary value to encrypt the IPEK.
11) 임의값 해쉬 단계에서, 가맹점 단말기(100)는 임의값을 SHA256 등을 통해 해쉬할 수 있다.11) In the arbitrary value hash step, the merchant terminal 100 can hash any value through SHA256 or the like.
12) 공개키로 암호화 단계에서, 가맹점 단말기(100)는 10) 단계의 임의값과 11) 단계의 해쉬를 공개키로 암호화할 수 있다.12) In the encryption step with the public key, the merchant terminal 100 may encrypt the random value in step 10) and the hash of step 11) with the public key.
13) 키 다운로드 요청 단계에서, 가맹점 단말기(100)는 KSN과 임의값 및 해쉬의 공개키 암호값 등을 포함하는 키 다운로드 요청을 카드사 서버(200)로 전송할 수 있다.13) In the key download request step, the merchant terminal 100 may transmit the key download request including the KSN, the random value, and the public key encryption value of the hash to the card issuing server 200.
14) 개인키 복호화 단계에서, 카드사 서버(200)는 암호화된 임의값 및 해쉬를 개인키로 복호화할 수 있다.14) In the private key decryption step, the card issuer server 200 can decrypt the encrypted random value and the hash with the private key.
15) 해쉬값 검증 단계에서, 카드사 서버(200)는 임의값에 대해 SHA256 등을 통해 해쉬를 생성하고, 생성한 해쉬값과 가맹점 단말기(100)로부터 전송된 해쉬값을 비교하여, 해쉬값을 검증할 수 있다.15) In the hash value verification step, the card issuer server 200 generates a hash by using SHA256 or the like for an arbitrary value, compares the generated hash value with the hash value transmitted from the merchant terminal 100, and verifies the hash value can do.
16) IPEK 생성 단계에서, 카드사 서버(200)는 KSN을 사용하여 IPEK를 생성할 수 있다.16) In the IPEK generation step, the card issuer server 200 can generate IPEK using the KSN.
17) 암호화 단계에서, 카드사 서버(200)는 임의값으로부터 CMAC 등을 통해 암호화키, MAC키를 생성하여, KSN 및 IPEK를 암호화할 수 있으며, IPEK의 MAC값을 생성할 수 있다.17) In the encryption step, the card issuer server 200 can generate an encryption key and a MAC key from a random value through CMAC or the like, encrypt KSN and IPEK, and generate a MAC value of IPEK.
18) 키 전달 단계에서, 카드사 서버(200)는 암호값 및 MAC값을 포함하는 키를 가맹점 단말기(100)로 전송할 수 있다.18) In the key delivery step, the card issuer server 200 can transmit the key including the encryption value and the MAC value to the merchant terminal 100.
19) IPEK 복호화 단계에서, 가맹점 단말기(100)는 IPEK를 복호화할 수 있으며, 20) MAC 검증 단계에서, 가맹점 단말기(100)는 MAC값을 검증할 수 있다.19) In the IPEK decoding step, the merchant terminal 100 can decode IPEK, and 20) In the MAC verification step, the merchant terminal 100 can verify the MAC value.
21) Future Key 생성 단계에서, 가맹점 단말기(100)는 IPEK로 Future Key를 생성할 수 있으며, Future Key 생성 이후, IPEK를 삭제할 수 있다.21) In the Future Key generation step, the merchant terminal 100 can generate a Future Key using the IPEK and delete the IPEK after generating the Future Key.
본 발명의 일 실시예에 따르면, 5) 단계, 6) 단계, 7) 단계, 15) 단계, 16) 단계는 HSM Command를 통해 처리 가능할 수 있으며, 14) 단계, 17) 단계는 POS Protection Command를 통해 처리 가능할 수 있다.According to an embodiment of the present invention, steps 5), 6), 7), 15), and 16) may be handled through the HSM command, and steps 14) and 17) Lt; / RTI >
도 5는 본 발명의 일 실시예에 따른 카드 정보에 대한 암호화 및 복호화 과정을 도시한 도면이다5 is a diagram illustrating a process of encrypting and decrypting card information according to an embodiment of the present invention
먼저, 가맹점 단말기(100)는 카드 리더기를 통해 카드를 인식하자마자 카드 리더기에 주입된 Future Key에서 One Time Encrypt Key를 생성할 수 있으며, 생성된 One Time Encrypt Key를 사용하여 카드 정보를 암호화한 후, 거래 승인 요청 시 암호화된 카드 정보와 KSN을 함께 카드사 서버(200)로 전송할 수 있다.First, the merchant terminal 100 can generate a One Time Encrypt Key in the Future Key inserted into the card reader as soon as the card reader recognizes the card. After encrypting the card information using the generated One Time Encrypt Key, And may transmit the encrypted card information and the KSN to the card issuer server 200 together with the transaction approval request.
카드사 서버(200)는 BDK에서 KSN을 사용하여 IPEK를 생성할 수 있으며, IPEK에서 KSN을 사용하여 Future Key를 생성할 수 있다. Card issuer server 200 can generate IPEK using KSN in BDK and generate Future Key using KSN in IPEK.
카드사 서버(200)는 KSN 기반으로 Future Key 매칭을 통해 One Time Encrypt Key와 암호화된 카드 정보를 분리시킬 수 있으며, 암호화된 카드 정보를 복호화하여 카드 정보를 획득할 수 있다.The card issuer server 200 can separate the encrypted One Time Encrypt Key and the encrypted card information through Future Key matching based on KSN, and can acquire the card information by decrypting the encrypted card information.
이후, 카드사 서버(200)는 획득된 카드 정보를 이용하여 거래 승인을 수행할 수 있다.Thereafter, the card issuer server 200 can perform transaction approval using the acquired card information.
도 6은 본 발명의 일 실시예에 따른 가맹점 단말기(100)와 카드사 서버(200) 간의 직승인 처리를 위해, 종단 간 암호화(E2E)를 수행하는 과정을 도시한 도면이다.6 is a diagram illustrating a process of performing end-to-end encryption (E2E) for a direct authorization process between the merchant terminal 100 and the card issuer server 200 according to an embodiment of the present invention.
먼저, 가맹점에는 직승인이 가능한 결제 단말기인 가맹점 단말기(100)가 설치되어 있을 수 있으며, ① 결제키 요청 단계에서, 가맹점 단말기(100)는 결제키 요청을 카드사 서버(200)로 전송할 수 있다. 여기서, 결제키 요청은 거래 승인 시 민감한 정보를 암호화하기 위한 초기 결제키인 제1 결제키를 요청하는 것일 수 있다.The merchant terminal 100, which is a payment terminal capable of directly accepting payment, may be installed in the merchant terminal 100. The merchant terminal 100 may transmit a payment key request to the credit card company server 200 in the payment key requesting step. Here, the payment key request may be a request for a first payment key, which is an initial payment key for encrypting sensitive information when a transaction is approved.
가맹점 단말기(100)는 결제키 요청을 전송하면서, 단말기 인증 요청도 함께 카드사 서버(200)로 전송할 수 있다.The merchant terminal 100 may send the terminal authentication request to the card issuer server 200 while transmitting the payment key request.
② 단말기 인증 단계에서, 카드사 서버(200)는 가맹점 정보 등을 기초로, 가맹점 단말기(100)에 대한 인증을 수행할 수 있다.(2) In the terminal authentication step, the card issuer server 200 can perform authentication for the merchant terminal 100 based on merchant information or the like.
③ 제1 결제키 생성 단계에서, 카드사 서버(200)는 가맹점 단말기(100)에 대한 인증이 완료되면, 카드사 서버(200)와 가맹점 단말기(100)의 종단 간 암호화(E2E)를 위한 초기 결제키인 제1 결제키를 생성할 수 있다.(3) In the first payment key generation step, when the authentication of the merchant terminal 100 is completed, the card company server 200 transmits an initial payment key for the end-to-end encryption E2E of the card issuer server 200 and the merchant terminal 100 The first payment key can be generated.
④ 제1 결제키 전송 단계에서, 카드사 서버(200)는 생성된 제1 결제키를 가맹점 단말기(100)로 전송할 수 있다.(4) In the first payment key transmission step, the credit card company server 200 can transmit the generated first payment key to the merchant terminal 100.
⑤ 제2 결제키 생성 단계에서, 가맹점 단말기(100)는 카드사 서버(200)로부터 수신한 제1 결제키로 제2 결제키를 생성할 수 있다. 이 때, 가맹점 단말기(100)는 제2 결제키를 생성하면서, 제1 결제키는 삭제할 수 있다.(5) In the second payment key generation step, the merchant terminal 100 can generate the second payment key with the first payment key received from the card issuer server 200. [ At this time, the merchant terminal 100 can delete the first payment key while generating the second payment key.
⑥ 암호화키 세트 생성 단계에서, 가맹점 단말기(100)는 생성된 제2 결제키를 기반으로 암호화키 세트를 생성할 수 있다.(6) In the encryption key set generation step, the merchant terminal 100 may generate an encryption key set based on the generated second payment key.
본 발명의 일 실시예에 따르면, 암호화키 세트는 제2 결제키를 기본값으로 생성되는 복수의 키 집합으로, 초기 결제키와 대칭키를 조합하여 생성될 수 있으며, 각각 한 번만 사용 가능한 복수의 1회성 암호화키를 포함할 수 있다. According to an embodiment of the present invention, the encryption key set may be generated by combining a first payment key and a symmetric key with a plurality of key sets generated by default of a second payment key, Lt; RTI ID = 0.0 > encryption key.
가맹점 단말기(100)와 카드사 서버(200)에서 동일한 제2 결제키를 가진다면, 암호화키 세트는 가맹점 단말기(100)와 카드사 서버(200)에서 동일하게 생성될 수 있다.The encryption key set may be generated in the same way in the merchant terminal 100 and the card issuer server 200 if the merchant terminal 100 and the card issuer server 200 have the same second payment key.
⑦ 카드 정보 암호화 단계에서, 가맹점 단말기(100)는 암호화키 세트에서 어느 하나를 선택하여, 선택된 암호화키로 카드 정보를 암호화할 수 있다.(7) In the card information encryption step, the merchant terminal 100 can select any one of the encryption key sets and encrypt the card information with the selected encryption key.
⑧ 승인 요청 단계에서, 가맹점 단말기(100)는 암호화된 카드 정보 및 암호화 시에 선택된 암호화키의 시리얼 넘버, 결제 금액 정보, 가맹점 식별 정보 등을 포함하는 거래 승인 요청을 카드사 서버(200)로 전송할 수 있다.(8) In the approval requesting step, the merchant terminal 100 may transmit a transaction approval request including the encrypted card information and the serial number of the encryption key selected at the time of encryption, payment amount information, merchant store identification information, etc. to the card issuer server 200 have.
본 발명의 일 실시예에 따르면, 암호화키의 시리얼 넘버는 암호화키 세트 중 카드 정보를 암호화하는데 사용된 키 식별 정보, 가맹점 단말기(100)의 식별 정보 및 거래 횟수가 포함된 전문 데이터를 포함할 수 있다.According to one embodiment of the present invention, the serial number of the encryption key may include the key identification information used in encrypting the card information in the encryption key set, the identification information of the merchant terminal 100, and the professional data including the transaction count have.
본 발명의 일 실시예에 따르면, 암호화키의 시리얼 넘버가 카드사 서버(200)에서 관리되고 있는 경우, 가맹점 단말기(100)는 암호화키의 시리얼 넘버를 포함하지 않는 거래 승인 요청을 카드사 서버(200)로 전송할 수 있다.According to an embodiment of the present invention, when the serial number of the encryption key is managed by the card issuer server 200, the merchant terminal 100 transmits a transaction approval request not including the serial number of the encryption key to the card issuer server 200, Lt; / RTI >
⑨ 제2 결제키 생성 단계에서, 카드사 서버(200)는 암호화키의 시리얼 넘버를 통해 가맹점 단말기(100)를 구분하여, 가맹점 단말기(100)에 해당하는 제1 결제키를 구분할 수 있으며, 구분된 제1 결제키로 제2 결제키를 생성할 수 있다.(9) In the second payment key generation step, the card issuer server 200 can distinguish the merchant terminal 100 through the serial number of the encryption key, distinguish the first payment key corresponding to the merchant terminal 100, And generate a second payment key with the first payment key.
⑩ 암호화키 세트 생성 단계에서, 카드사 서버(200)는 생성된 제2 결제키를 기반으로 암호화키 세트를 생성할 수 있다.(10) In the encryption key set generation step, the card issuer server 200 may generate an encryption key set based on the generated second payment key.
⑪ 카드 정보 복호화 단계에서, 카드사 서버(200)는 암호화키의 시리얼 넘버를 이용하여, 암호화키 세트 중 암호화하는데 사용된 암호화키를 획득할 수 있으며, 획득된 암호화키로 거래 승인 요청에 포함된 암호화된 카드 정보를 복호화할 수 있다.(11) In the card information decryption step, the card issuer server 200 can acquire the encryption key used for encryption among the encryption key set using the serial number of the encryption key, and obtains the encrypted The card information can be decoded.
⑫ 거래 승인 단계에서, 카드사 서버(200)는 복호화된 카드 정보를 이용하여 거래 승인을 수행할 수 있다.(12) At the transaction approval stage, the card issuer server 200 can perform transaction approval using the decrypted card information.
⑬ 거래 승인 결과 전송 단계에서, 카드사 서버(200)는 거래 승인 결과를 가맹점 단말기(100)로 전송할 수 있다.In the transaction approval result transmission step, the card issuer server 200 can transmit the transaction approval result to the affiliate shop terminal 100.
⑭ 승인 완료 단계에서, 가맹점 단말기(100)는 수신된 거래 승인 결과를 통해 요청된 승인이 완료된 것을 확인할 수 있으며, 매출표, 영수증 등을 출력하여 고객에게 제공할 수 있다.(14) In the approval completion stage, the merchant terminal 100 can confirm that the approval requested through the received transaction approval result is completed, and can output the sales table, the receipt, and the like to the customer.
이와 같이, 본 발명의 일 실시예에 따르면, 가맹점 단말기(100)와 카드사 서버(200) 간에 직승인 처리를 통해, VAN사 없이 결제 승인 절차가 수행될 수 있으므로, VAN사에 지급되는 거래 수수료를 절감할 수 있다.As described above, according to the embodiment of the present invention, since the payment approval process can be performed without the VAN company through the direct approval process between the franchisee terminal 100 and the card issuer server 200, the transaction fee paid to the VAN company Can be saved.
또한, 본 발명의 일 실시예에 따르면, 가맹점 단말기(100)와 카드사 서버(200)의 종단 간 암호화(E2E)를 수행하여, 직승인을 통한 거래 승인 시 보안성을 확보할 수 있다.Also, according to an embodiment of the present invention, end-to-end encryption (E2E) of the merchant terminal 100 and the card issuer server 200 can be performed to secure security in transaction approval through direct approval.
전술한 본 발명의 설명은 예시를 위한 것이며, 본 발명이 속하는 기술분야의 통상의 지식을 가진 자는 본 발명의 기술적 사상이나 필수적인 특징을 변경하지 않고서 다른 구체적인 형태로 쉽게 변형이 가능하다는 것을 이해할 수 있을 것이다. 그러므로 이상에서 기술한 실시예들은 모든 면에서 예시적인 것이며 한정적이 아닌 것으로 이해해야만 한다. 예를 들어, 단일형으로 설명되어 있는 각 구성 요소는 분산되어 실시될 수도 있으며, 마찬가지로 분산된 것으로 설명되어 있는 구성 요소들도 결합된 형태로 실시될 수 있다.It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.
본 발명의 범위는 후술하는 특허청구범위에 의하여 나타내어지며, 특허청구범위의 의미 및 범위 그리고 그 균등 개념으로부터 도출되는 모든 변경 또는 변형된 형태가 본 발명의 범위에 포함되는 것으로 해석되어야 한다.The scope of the present invention is defined by the appended claims, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included within the scope of the present invention.
100 : 가맹점 단말기100: Merchant terminal
200 : 카드사 서버200: card company server
210 : 키 생성부210:
220 : 키 전송부220:
230 : 승인 요청 수신부230: authorization request receiver
240 : 복호화부240:
250 : 거래 승인부 250: Transaction Approval Department

Claims (14)

  1. 카드사 서버에서, 거래 승인을 처리하는 방법에 있어서,In the card issuer server, in the method of processing transaction approval,
    (a) 가맹점 단말기에 대한 인증이 완료되면, 제1 결제키를 생성하여 상기 가맹점 단말기로 전송하는 단계;(a) generating a first payment key when the authentication of the merchant terminal is completed, and transmitting the generated first payment key to the merchant terminal;
    (b) 상기 가맹점 단말기로부터, 상기 제1 결제키를 기반으로 생성된 암호화키 세트 중 선택된 어느 하나의 암호화키로 암호화된 카드 정보를 포함하는 거래 승인 요청을 수신하는 단계;(b) receiving, from the merchant terminal, a transaction approval request including card information encrypted with any one of the encryption keys selected from among the encryption key sets generated based on the first payment key;
    (c) 상기 제1 결제키를 기반으로 상기 암호화키 세트를 생성하고, 상기 생성된 암호화키 세트 중 상기 선택된 암호화키의 시리얼 넘버에 대응하는 암호화키를 획득하고, 상기 획득된 암호화키로 상기 암호화된 카드 정보를 복호화하는 단계; 및(c) generating the encryption key set based on the first payment key, obtaining an encryption key corresponding to the serial number of the selected encryption key in the generated encryption key set, and transmitting the encrypted Decrypting the card information; And
    (d) 상기 복호화된 카드 정보를 이용하여 거래 승인을 수행하고, 거래 승인 결과를 상기 가맹점 단말기로 전송하는 단계를 포함하는, 거래 승인 처리 방법.(d) performing transaction approval using the decrypted card information, and transmitting a transaction approval result to the merchant terminal.
  2. 제1항에 있어서,The method according to claim 1,
    상기 (c) 단계는,The step (c)
    상기 제1 결제키로 제2 결제키를 생성하여, 상기 생성된 제2 결제키를 기반으로 상기 암호화키 세트를 생성하는 단계를 포함하는, 거래 승인 처리 방법.Generating a second payment key with the first payment key, and generating the encryption key set based on the generated second payment key.
  3. 제2항에 있어서,3. The method of claim 2,
    상기 암호화키 세트는, 상기 카드사 서버 및 상기 가맹점 단말기에서 상기 제2 결제키를 기반으로 동일하게 생성되는 것을 특징으로 하는, 거래 승인 처리 방법.Wherein the encryption key set is generated on the basis of the second payment key in the card company server and the merchant terminal.
  4. 제2항에 있어서,3. The method of claim 2,
    상기 제1 결제키는, 상기 제2 결제키가 생성되면 삭제되는 것을 특징으로 하는, 거래 승인 처리 방법.Wherein the first payment key is deleted when the second payment key is generated.
  5. 제1항에 있어서,The method according to claim 1,
    상기 암호화키 세트는, 각각 한 번만 사용 가능한 복수의 1회성 암호화키를 포함하는 것을 특징으로 하는, 거래 승인 처리 방법.Wherein the encryption key set includes a plurality of one-time encryption keys each of which can be used only once.
  6. 제1항에 있어서,The method according to claim 1,
    상기 암호화된 카드 정보는, 상기 가맹점 단말기에서 카드를 인식하는 시점부터 상기 카드사 서버로 전송되는 구간까지 암호화되는 것을 특징으로 하는, 거래 승인 처리 방법.Wherein the encrypted card information is encrypted from a time point at which the card is recognized by the merchant terminal to an interval transmitted to the card issuer server.
  7. 제1항에 있어서,The method according to claim 1,
    상기 암호화키의 시리얼 넘버는, 암호화하는데 사용된 키 식별 정보, 상기 가맹점 단말기의 식별 정보 및 거래 횟수가 포함된 전문 데이터를 포함하는, 거래 승인 처리 방법.Wherein the serial number of the encryption key includes special data including key identification information used for encryption, identification information of the merchant terminal, and transaction count.
  8. 거래 승인을 처리하는 카드사 서버에 있어서,A card issuer server for processing transaction approval,
    가맹점 단말기에 대한 인증이 완료되면, 제1 결제키를 생성하고, 상기 제1 결제키를 기반으로 암호화키 세트를 생성하는 키 생성부;A key generation unit for generating a first payment key when the authentication for the merchant terminal is completed and generating an encryption key set based on the first payment key;
    상기 생성된 제1 결제키를 상기 가맹점 단말기로 전송하는 키 전송부;A key transmission unit for transmitting the generated first payment key to the merchant terminal;
    상기 가맹점 단말기로부터, 상기 제1 결제키를 기반으로 생성된 암호화키 세트 중 선택된 어느 하나의 암호화키로 암호화된 카드 정보를 포함하는 거래 승인 요청을 수신하는 승인 요청 수신부;An approval request receiver for receiving a transaction approval request from the merchant terminal including card information encrypted with any one of the encryption keys selected from among the encryption key sets generated based on the first payment key;
    상기 생성된 암호화키 세트 중 상기 선택된 암호화키의 시리얼 넘버에 대응하는 암호화키를 획득하고, 상기 획득된 암호화키로 상기 암호화된 카드 정보를 복호화하는 복호화부; 및A decryption unit that obtains an encryption key corresponding to a serial number of the selected encryption key among the generated encryption key sets and decrypts the encrypted card information with the obtained encryption key; And
    상기 복호화된 카드 정보를 이용하여 거래 승인을 수행하고, 거래 승인 결과를 상기 가맹점 단말기로 전송하는 거래 승인부를 포함하는, 카드사 서버.And a transaction approval unit that performs transaction approval using the decrypted card information and transmits a transaction approval result to the merchant terminal.
  9. 제8항에 있어서,9. The method of claim 8,
    상기 키 생성부는, The key generation unit may generate,
    상기 제1 결제키로 제2 결제키를 생성하여, 상기 생성된 제2 결제키를 기반으로 상기 암호화키 세트를 생성하는, 카드사 서버.Generates a second payment key with the first payment key, and generates the encryption key set based on the generated second payment key.
  10. 제9항에 있어서,10. The method of claim 9,
    상기 암호화키 세트는, 상기 키 생성부 및 상기 가맹점 단말기에서 상기 제2 결제키를 기반으로 동일하게 생성되는 것을 특징으로 하는, 카드사 서버.Wherein the encryption key set is generated on the basis of the second payment key in the key generation unit and the merchant terminal.
  11. 제9항에 있어서,10. The method of claim 9,
    상기 제1 결제키는, 상기 제2 결제키가 생성되면 삭제되는 것을 특징으로 하는, 카드사 서버.Wherein the first payment key is deleted when the second payment key is generated.
  12. 제8항에 있어서,9. The method of claim 8,
    상기 암호화키 세트는, 각각 한 번만 사용 가능한 복수의 1회성 암호화키를 포함하는 것을 특징으로 하는, 카드사 서버.Wherein the encryption key set includes a plurality of one-time encryption keys each of which can be used only once.
  13. 제8항에 있어서,9. The method of claim 8,
    상기 암호화된 카드 정보는, 상기 가맹점 단말기에서 카드를 인식하는 시점부터 상기 카드사 서버로 전송되는 구간까지 암호화되는 것을 특징으로 하는, 카드사 서버.Wherein the encrypted card information is encrypted from a time point when the card is recognized by the merchant terminal to an interval that is transmitted to the card issuer server.
  14. 제8항에 있어서,9. The method of claim 8,
    상기 암호화키의 시리얼 넘버는, 암호화하는데 사용된 키 식별 정보, 상기 가맹점 단말기의 식별 정보 및 거래 횟수가 포함된 전문 데이터를 포함하는, 카드사 서버.Wherein the serial number of the encryption key includes special data including key identification information used for encryption, identification information of the merchant terminal, and transaction count.
PCT/KR2017/004984 2016-06-20 2017-05-12 Method for processing transaction approval and card issuer server WO2017222183A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20160076800 2016-06-20
KR10-2016-0076800 2016-06-20
KR1020160138569A KR101766598B1 (en) 2016-06-20 2016-10-24 Method and card company server for processing authorization of transaction
KR10-2016-0138569 2016-10-24

Publications (1)

Publication Number Publication Date
WO2017222183A1 true WO2017222183A1 (en) 2017-12-28

Family

ID=59280515

Family Applications (8)

Application Number Title Priority Date Filing Date
PCT/KR2016/014604 WO2017222128A1 (en) 2016-06-20 2016-12-13 Method and server for providing card service in place of card issuing company
PCT/KR2017/004914 WO2017222177A1 (en) 2016-06-20 2017-05-11 Method for providing card company integrated approval proxy service, and card company server performing same
PCT/KR2017/004904 WO2017222169A1 (en) 2016-06-20 2017-05-11 Method for approving payment made using smart card, card company server executing same, and smart card
PCT/KR2017/004915 WO2017222178A1 (en) 2016-06-20 2017-05-11 Method for providing continuous financial transaction approval service through proxy approval, and card company server for performing same
PCT/KR2017/004912 WO2017222175A1 (en) 2016-06-20 2017-05-11 Method for providing partial sales processing service, and payment relay server
PCT/KR2017/004905 WO2017222170A1 (en) 2016-06-20 2017-05-11 Method and card company server for processing payment by verifying verification value, method for supporting payment by using verification value, and smart card
PCT/KR2017/004909 WO2017222172A1 (en) 2016-06-20 2017-05-11 Method and server for providing mobile coupon service according to card transaction history
PCT/KR2017/004984 WO2017222183A1 (en) 2016-06-20 2017-05-12 Method for processing transaction approval and card issuer server

Family Applications Before (7)

Application Number Title Priority Date Filing Date
PCT/KR2016/014604 WO2017222128A1 (en) 2016-06-20 2016-12-13 Method and server for providing card service in place of card issuing company
PCT/KR2017/004914 WO2017222177A1 (en) 2016-06-20 2017-05-11 Method for providing card company integrated approval proxy service, and card company server performing same
PCT/KR2017/004904 WO2017222169A1 (en) 2016-06-20 2017-05-11 Method for approving payment made using smart card, card company server executing same, and smart card
PCT/KR2017/004915 WO2017222178A1 (en) 2016-06-20 2017-05-11 Method for providing continuous financial transaction approval service through proxy approval, and card company server for performing same
PCT/KR2017/004912 WO2017222175A1 (en) 2016-06-20 2017-05-11 Method for providing partial sales processing service, and payment relay server
PCT/KR2017/004905 WO2017222170A1 (en) 2016-06-20 2017-05-11 Method and card company server for processing payment by verifying verification value, method for supporting payment by using verification value, and smart card
PCT/KR2017/004909 WO2017222172A1 (en) 2016-06-20 2017-05-11 Method and server for providing mobile coupon service according to card transaction history

Country Status (2)

Country Link
KR (19) KR101857067B1 (en)
WO (8) WO2017222128A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583592A (en) * 2020-12-29 2021-03-30 湖南万慧通科技有限公司 Working method of encryption system

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101952216B1 (en) * 2017-03-30 2019-02-26 비씨카드(주) Method for managing quality of financial transaction and financial company server performing the same
KR20190044355A (en) * 2017-10-20 2019-04-30 정혜진 Card issuing and payment system and method using mobile device
KR20200012814A (en) 2018-07-27 2020-02-05 박기원 Separate calculating system for acquiring accurate revenue and method thereof
KR102181317B1 (en) * 2018-10-26 2020-11-20 한국정보통신주식회사 Method for providing settlement service for payment amount and payment gateway server thereof
KR102273891B1 (en) * 2018-11-01 2021-07-05 한국정보통신주식회사 Method for providing settlement service for payment amount and payment gateway server thereof
KR102220210B1 (en) * 2018-11-02 2021-02-24 한국정보통신주식회사 Method for providing settlement service for payment charge difference and payment gateway server thereof
CN113196324A (en) * 2018-12-21 2021-07-30 维萨国际服务协会 Method of processing via conditional authorization
KR20200012706A (en) 2019-02-18 2020-02-05 박기원 Separate calculating system for acquiring accurate revenue and method thereof
KR102275173B1 (en) * 2019-04-24 2021-07-09 농협은행(주) Apparatus and method for monitoring self abnormal financial transaction
JP7474609B2 (en) * 2020-03-09 2024-04-25 東芝テック株式会社 Server, program, and payment terminal management system
KR102432359B1 (en) 2020-08-13 2022-08-16 네이버파이낸셜 주식회사 Method, apparatus, system and coumputer program for online card issuing and reward providing
CN112255939A (en) * 2020-09-22 2021-01-22 中国电子科技集团公司第五十二研究所 Independent monitoring device and method for MXM display unit
KR102318557B1 (en) * 2021-01-20 2021-10-28 이수진 Credit card payment system and method
KR102326541B1 (en) * 2021-02-05 2021-11-16 쿠팡 주식회사 Electronic apparatus for processing item sales information and method thereof
KR102483487B1 (en) * 2021-02-09 2022-12-30 박주인 Method for providing a service of coupon based on a message
KR102340807B1 (en) 2021-03-30 2021-12-20 쿠팡 주식회사 Operating method for electronic apparatus for offering item information and electronic apparatus supporting thereof
KR102333572B1 (en) 2021-04-26 2021-12-02 쿠팡 주식회사 Operating method for electronic apparatus for offering item information and electronic apparatus supporting thereof
KR102419610B1 (en) * 2021-06-14 2022-07-11 주식회사 차이코퍼레이션 Service and method for providing card benefit based on mobile application
KR102397249B1 (en) 2021-07-30 2022-05-13 쿠팡 주식회사 Operating method for providing information related to service and electronic apparatus supporting thereof
WO2023128400A1 (en) * 2022-01-03 2023-07-06 주식회사 하렉스인포텍 Automatic payment system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070109544A (en) * 2006-05-11 2007-11-15 주식회사 신한은행 System and method for processing information and recording medium
KR20100104056A (en) * 2009-03-16 2010-09-29 주식회사 신세계아이앤씨 Billing system for encryption and the method thereof
KR20140008027A (en) * 2012-07-10 2014-01-21 (주)이니시스 Method and system for operating independent payment for various web platform
KR101468626B1 (en) * 2012-09-21 2014-12-04 주식회사 유아이디에스 System for paying card of smart phone using key exchange with van server
KR20160031681A (en) * 2014-09-12 2016-03-23 에스케이텔레콤 주식회사 Method and Apparatus for Providing Electronic Payment By Using Electronic Card

Family Cites Families (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001084460A1 (en) * 2000-05-03 2001-11-08 Woori Technology Inc. Authentication and payment card for automatically updating user numbers, and authentication payment system and method using the card
KR20010109377A (en) * 2000-05-30 2001-12-10 서동석 Approval system of credit card using an internet and method thereof
US20020138625A1 (en) * 2001-03-21 2002-09-26 David Bruner Method and apparatus for inflight electronic commerce
JP2003108903A (en) * 2001-09-27 2003-04-11 Le Tekku:Kk Magnetic card payment system with high security
KR20030085201A (en) * 2002-04-29 2003-11-05 (주)와이솔루션즈 Service system and the method for customer's satisfaction using e-specification
KR20030086647A (en) * 2002-05-06 2003-11-12 주식회사 에스원 On-line payment system using intellectual type card and method of the same
EP1573663B1 (en) * 2002-12-12 2007-04-04 Koninklijke Philips Electronics N.V. Smart card with non-volatile display using temperature-sensitive electronic ink
JP2004252751A (en) * 2003-02-20 2004-09-09 Toyota Motor Corp Electronic settlement system
KR20040075156A (en) * 2003-02-20 2004-08-27 주식회사 비즈모델라인 System and Method for a Reservation Settlement
KR20050049569A (en) * 2003-11-21 2005-05-27 나이스정보통신주식회사 Credit card payment sign-on system using card type recorded media included certificate and application method of the system
US8918900B2 (en) * 2004-04-26 2014-12-23 Ivi Holdings Ltd. Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
KR100685387B1 (en) * 2004-08-26 2007-02-27 주식회사 하렉스인포텍 IC Chip card issue/service method and system for support of multi-issuance
KR20050055657A (en) * 2005-05-17 2005-06-13 주식회사이엠피네트웍스 Method for adjusting of failure e-mail address after procedure of mass e-mail campaign and system therefor
KR100708804B1 (en) * 2005-07-25 2007-04-17 (주)스타로지스아이앤디 A credit card distribute system and a method thereof using a PDA
KR20070028721A (en) * 2005-09-07 2007-03-13 주식회사 이페이젠 Credit card terminal including black list file therein and method for credit card settlement in the aircraft using the same
KR101228073B1 (en) * 2006-03-07 2013-01-30 주식회사 비즈모델라인 Method for Processing Admission of Check Card Payment
KR20080044553A (en) * 2006-11-16 2008-05-21 엘지전자 주식회사 Smart card capable of limiting rf settlement function and method thereof
KR100896007B1 (en) * 2006-11-16 2009-05-07 한국정보통신서비스 주식회사 Method for Payment Approval
KR20070020101A (en) * 2007-01-22 2007-02-16 김유정 System for managing purchaser specified a merchandise in union
US7904354B2 (en) * 2007-05-04 2011-03-08 Validas, Llc Web based auto bill analysis method
KR20080030593A (en) * 2008-03-10 2008-04-04 주식회사 비즈모델라인 System for executing payment as proxy
KR20090132119A (en) * 2008-06-20 2009-12-30 하모니테크주식회사 Intergrated management system for black lists
KR20100005635A (en) * 2008-07-07 2010-01-15 김순동 System and method for processing affiliated store's payment approval cancel and program recording medium
KR101007375B1 (en) * 2008-07-29 2011-01-13 주식회사 케이티 Apparatus and method for managing certificate in smart card
KR101184685B1 (en) * 2009-06-19 2012-09-20 비씨카드(주) Method and System for Tax Refund for Foreign Tourist
KR101165250B1 (en) * 2010-02-04 2012-07-16 한국정보통신주식회사 Method and apparatus for informing troubleshooting in a credit settlement system
US20140181903A1 (en) * 2011-01-21 2014-06-26 Mi Group B.V. Secure Mobile Information System
KR20120100549A (en) * 2011-03-04 2012-09-12 주식회사 인센트릭 Security method for financial transaction
KR20130007208A (en) * 2011-06-30 2013-01-18 한국정보통신주식회사 Apparatus and method for managing credit card payment
KR101458593B1 (en) * 2011-11-17 2014-11-07 주식회사 케이티 System and method for verifying online deal
KR101489403B1 (en) * 2012-04-30 2015-02-04 이민재 Settlement relay server, method thereof, and settlement terminal
KR20140021323A (en) * 2012-08-10 2014-02-20 하나에스케이카드 주식회사 Coupon providing system and method using electronic tag
KR20140048447A (en) * 2012-10-15 2014-04-24 주식회사 우리카드 Method of providing card service and apparatus performing the same
KR20140091183A (en) * 2013-01-10 2014-07-21 주식회사 우리금융경영연구소 Method and System for The additional service that used a mobile credit card
KR20140104524A (en) * 2013-02-18 2014-08-29 (주)하이컨셉카드랩 Method for Issuing Credit Card through Online Network
KR20140108473A (en) * 2013-02-28 2014-09-11 비씨카드(주) Method and server for providing mobile stamp
KR20140141284A (en) * 2013-05-31 2014-12-10 한국정보통신주식회사 Tax refund processing divese and method
KR20150001509A (en) * 2013-06-27 2015-01-06 주식회사 우리은행 Method and aparatus for providing safe suspending service of electronic banking
KR20150007791A (en) 2013-07-12 2015-01-21 케이아이에스정보통신 주식회사 Discount settlement system for affiliated card being able to protect privacy
KR20150015128A (en) * 2013-07-31 2015-02-10 김형기 Message and management system of personal financial transactions
KR20150016649A (en) * 2013-08-05 2015-02-13 권형석 NFC (security card) Tag GPS assured payment service using the contact method
KR20150033208A (en) * 2013-09-23 2015-04-01 삼성전자주식회사 Electronic wallet server, payment cancellation and repayment system and method using an electronic wallet, and computer readable recording medium
KR20150040424A (en) * 2013-10-07 2015-04-15 에스케이씨앤씨 주식회사 Method and System for Group Payment based on Mobile Terminal Cooperative Work
WO2015064784A1 (en) * 2013-10-31 2015-05-07 주식회사 케이티스 Urban center refund service providing method for foreigner
KR101612597B1 (en) * 2014-01-13 2016-04-15 김승원 Card service system and method
KR20150093093A (en) * 2014-02-05 2015-08-17 주식회사 케이티엠하우스 System and method for providing Coupon service
KR102243680B1 (en) * 2014-04-07 2021-04-23 엘지전자 주식회사 Flexible glass display apparatus and method for controling the same
KR20150125031A (en) 2014-04-29 2015-11-09 주식회사 리턴트루 Certifiate registration and acquisition method
KR20150134155A (en) * 2014-05-21 2015-12-01 주식회사 케이티 Apparatus and system for integratedly managing user's private information and method thereof
KR20160002430A (en) * 2014-06-30 2016-01-08 한국정보통신주식회사 Payment agency server, card terminal and accounting system for card payment, and method for processing payment information thereof
KR101512001B1 (en) * 2014-10-08 2015-04-14 주식회사 한국엔에프씨 System and method for user authentication by using a physical financial card and mobile communication terminal
KR101753455B1 (en) * 2014-10-27 2017-07-19 비씨카드(주) Method and server for providing smart consent form
US20170364906A1 (en) * 2014-11-20 2017-12-21 Brilliantts Co., Ltd Smart multi card, and method for issuing card data for smart multi card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070109544A (en) * 2006-05-11 2007-11-15 주식회사 신한은행 System and method for processing information and recording medium
KR20100104056A (en) * 2009-03-16 2010-09-29 주식회사 신세계아이앤씨 Billing system for encryption and the method thereof
KR20140008027A (en) * 2012-07-10 2014-01-21 (주)이니시스 Method and system for operating independent payment for various web platform
KR101468626B1 (en) * 2012-09-21 2014-12-04 주식회사 유아이디에스 System for paying card of smart phone using key exchange with van server
KR20160031681A (en) * 2014-09-12 2016-03-23 에스케이텔레콤 주식회사 Method and Apparatus for Providing Electronic Payment By Using Electronic Card

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583592A (en) * 2020-12-29 2021-03-30 湖南万慧通科技有限公司 Working method of encryption system

Also Published As

Publication number Publication date
KR101896455B1 (en) 2018-09-10
KR101872278B1 (en) 2018-06-29
KR101872279B1 (en) 2018-06-29
KR101766597B1 (en) 2017-08-09
KR20170142829A (en) 2017-12-28
WO2017222178A1 (en) 2017-12-28
KR20170142830A (en) 2017-12-28
KR20170142831A (en) 2017-12-28
KR20170142822A (en) 2017-12-28
WO2017222177A1 (en) 2017-12-28
WO2017222170A1 (en) 2017-12-28
KR101766599B1 (en) 2017-08-09
WO2017222172A1 (en) 2017-12-28
KR101857067B1 (en) 2018-05-11
KR101756594B1 (en) 2017-07-11
KR101756598B1 (en) 2017-07-11
KR101766598B1 (en) 2017-08-09
KR101757125B1 (en) 2017-07-12
KR20170142821A (en) 2017-12-28
WO2017222175A1 (en) 2017-12-28
KR20170142817A (en) 2017-12-28
KR101852016B1 (en) 2018-04-26
KR101852017B1 (en) 2018-04-26
KR101910915B1 (en) 2018-10-24
KR101836328B1 (en) 2018-03-09
KR20170142825A (en) 2017-12-28
KR20170142823A (en) 2017-12-28
KR101760622B1 (en) 2017-07-21
WO2017222169A1 (en) 2017-12-28
KR20170142827A (en) 2017-12-28
WO2017222128A1 (en) 2017-12-28
KR20170142818A (en) 2017-12-28
KR101757126B1 (en) 2017-07-12
KR101752102B1 (en) 2017-06-28
KR101857073B1 (en) 2018-05-11

Similar Documents

Publication Publication Date Title
WO2017222183A1 (en) Method for processing transaction approval and card issuer server
WO2014139343A1 (en) Key downloading method, management method, downloading management method, apparatus and system
WO2017119564A1 (en) Secure information transmitting system and method for personal identity authentication
WO2020062642A1 (en) Blockchain-based method, device, and equipment for electronic contract signing, and storage medium
CN106656488B (en) Key downloading method and device for POS terminal
WO2014175538A1 (en) Apparatus for providing puf-based hardware otp and method for authenticating 2-factor using same
WO2016122035A1 (en) Card payment system and payment method for enabling pre-transaction confirmation
WO2016171295A1 (en) Authentication in ubiquitous environment
WO2014139341A1 (en) Key management method and system
WO2013100413A1 (en) Smartphone credit card payment system using an earphone jack, and method for same
WO2017176051A1 (en) Method and system for authenticating internet of things device by using mobile device
WO2016056853A1 (en) System for convenient person authentication using mobile communication terminal and actual financial card and method therefor
WO2015037887A1 (en) Server and method for authenticating smart chip
US20070074027A1 (en) Methods of verifying, signing, encrypting, and decrypting data and file
WO2015068904A1 (en) Card reader, terminal, and payment information processing method using same
WO2016206530A1 (en) Highly secure mobile payment method, apparatus, and system
WO2016137291A1 (en) Pg server system using time stamp-based security code and driving method there of
WO2020034527A1 (en) User personal information encryption and authorisation method, apparatus, and device, and readable storage medium
WO2011034244A1 (en) Key card for compatible transportation card and operating method of key card for transportation card
WO2020111499A1 (en) Method, apparatus, and system for transmitting and receiving information by using qr code
WO2015163740A1 (en) Mobile card service method utilizing hce, and mobile terminal applying same
WO2020032351A1 (en) Method for establishing anonymous digital identity
WO2015069028A1 (en) Multi-channel authentication, and financial transfer method and system using mobile communication terminal
WO2013039304A1 (en) Method of registering a membership for an electronic payment, system for same, and apparatus and terminal thereof
WO2014084606A1 (en) Digital wallet system and method with dual authentication for digital wallet service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17815596

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17815596

Country of ref document: EP

Kind code of ref document: A1