KR20100001888A - Pos terminal for information security and recording medium - Google Patents

Abstract

The present invention relates to an information security POS terminal and a recording medium for the same. In the information security POS terminal according to the present invention, a card reader module for reading card information from a customer card and controlling the overall operation of a card payment is provided. A point of sales (POS) terminal having a payment control module and a communication module connected to a communication network and connecting and managing a communication channel with a bansa server for card payment by the payment control module is a payment approval request message. Identify a Bansa server to be transmitted, encrypt card information read through the card reader module with an encryption key decrypted by the Bansa server, and attach a Bansa identifier corresponding to the verified Bansa server to the encrypted card information. And an encryption unit for generating encrypted Bansa-specific card information, and the payment control module is provided before the payment approval request. The card information item included in the door includes the encrypted Bansa-specific card information, and generates a full payment approval request message including one or more unencrypted information items and a merchant number, wherein the communication module, the communication control module and Interface to read the Bansa identifier included in the encrypted Bansa-specific card information included in the payment approval request message generated by the payment control module to check the Bansa server to which the payment approval request message is transmitted, and the confirmed Send the full text of the payment approval request to the bansa server.

Description

POS terminal for information security and recording medium therefor {POS Terminal for Information Security and Recording Medium}

1 is a diagram illustrating a functional configuration of a POS terminal having an information security function for each bansa according to the first embodiment of the present invention.

FIG. 2 is a diagram illustrating a process of generating and transmitting a full payment approval request message at a POS terminal having information security for each bansa according to a first embodiment of the present invention.

FIG. 3 is a diagram illustrating a process of receiving and outputting a full payment approval result in a POS terminal having information security for each bansa according to a first embodiment of the present invention.

4 is a diagram illustrating a functional configuration of a POS terminal having an information security function for each bansa according to the second embodiment of the present invention.

FIG. 5 is a diagram illustrating a process of generating and transmitting a full payment approval request message at a POS terminal having an information security function for each bansa according to a second embodiment of the present invention.

FIG. 6 is a diagram illustrating a process of receiving and outputting a full payment approval result in a POS terminal having an information security function for each bansa according to a second embodiment of the present invention.

FIG. 7 is a diagram illustrating a functional configuration of a POS terminal having an information security function for each bansa according to a third embodiment of the present invention.

FIG. 8 is a diagram illustrating a process of generating and transmitting a full payment approval request message at a POS terminal having information security for each bansa according to a third embodiment of the present invention.

FIG. 9 is a diagram illustrating a process of receiving and outputting a full payment approval result in a POS terminal having an information security function for each bansa according to a third embodiment of the present invention.

FIG. 10 is a diagram illustrating a functional configuration of a POS terminal having an information security function for each bansa according to the fourth embodiment of the present invention.

FIG. 11 is a diagram illustrating a process of generating and transmitting a full payment approval request message at a POS terminal having information security for each bansa according to a fourth embodiment of the present invention.

FIG. 12 is a diagram illustrating a process of receiving and outputting a full payment approval result at a POS terminal having an information security function for each bansa according to a fourth embodiment of the present invention.

<Description of main parts of drawing>

100: POS terminal 105: payment control module

110: encryption unit 115: card reader module

120: digital signature section 125: key input section

130: power supply 135: communication module

140: point of sale management unit 145: communication processing unit

150: professional processing unit 153: memory unit

155: screen output unit 160: print output unit

163: security application module 165: information input unit

170: professional generation unit 173: professional transmission unit

175: professional receiving unit 180: professional output unit

The present invention provides a communication channel between a card reader module for reading card information from a customer card, a payment control module for controlling the overall operation of card payment, and a bansa server for card payment by the payment control module connected to a communication network. In a Point Of Sales (POS) terminal having a communication module for connecting and managing, a Bansa server for transmitting a full payment approval request message is identified, and card information read through the card reader module is decoded by the Bansa server. An encryption unit for encrypting through an encryption key and generating encrypted bansa-specific card information by attaching a bansa identifier corresponding to the verified bansa server to the encrypted card information, and the payment control module includes a payment approval request message. At least one unencrypted card information including the encrypted Bansa card information in a card information item included in the Generating a payment approval request message including an information item and a merchant number, wherein the communication module is interfaced with the payment control module and includes the encryption included in the payment approval request message generated by the payment control module; The present invention relates to a POS terminal for identifying a Bansa server to which the payment approval request message is transmitted by reading a Bansa identifier included in the Bansa-specific card information, and transmitting the payment approval request message to the confirmed Bansa server.

With the continuous development of information and communication technology, trust in information processing technology has been secured, offline stores have established a Point of Sales (POS) terminal that integrates the card payment function and the point-of-sale management function. Batch processing.

However, POS terminals incorporating point-of-sale management and card payment functions as described above have a higher risk of information exposure than conventional card terminals (eg, credit authorization terminals) connected to a closed platform and a closed communication network. It contains a high problem.

The most common solution to solve this problem is not to store the card payment history in the storage device provided in the POS terminal after the card payment in the POS terminal, or to block information access to the storage device, The solution causes another problem that hinders various information processing functions of the POS terminal.

For example, in the case of canceling the card payment, the card payment cancellation task is processed by a simple operation of inputting the document serial number presented by the customer into the POS terminal by storing the card payment history in the POS terminal, whereas the card payment history Is not stored in the storage device provided in the POS terminal, or if the information access to the storage device is blocked, the card payment cancellation process is very complicated (e.g., input all the information printed on the slip), The inconvenience of having to read the card of the customer once again is caused.

In particular, when one POS terminal processes a card payment through a plurality of bansa (for example, a large discount store, a department store, etc.), the card payment history is not stored in a storage device provided in the POS terminal, or the storage device In the case of blocking the access to the information, it is not possible to determine which bansa payment by the card itself, and by connecting the communication with a plurality of bansa server in the POS terminal card payment history inquiry through the card information and the document serial number Without the above, the card payment cancellation is impossible.

An object of the present invention for solving the above problems, the card reader module for reading card information from the customer card, the payment control module for controlling the overall operation of the card payment, and the card payment by the payment control module connected to the communication network In a POS (Point Of Sales) terminal having a communication module for connecting and managing a communication channel with a bansa server, for checking the bansa server to send the full payment approval request, and is read through the card reader module An encryption unit for encrypting card information through an encryption key decrypted by the bansa server, generating an encrypted bansa-specific card information by attaching a bansa identifier corresponding to the checked bansa server to the encrypted card information; The payment control module, the encrypted Bansa card information of the plurality of information items included in the full payment approval request message Process the included card information item as a blank, and generate a full payment approval request message including at least one information item and an affiliate store number, wherein the communication module is interfaced with the payment control module and the encryption unit, and the payment is made. Insert the encrypted bansa-specific card information generated by the encryption unit into the card information blank of the payment approval request specialist generated by the control module, and read the bansa identifier included in the encrypted bansa-specific card information. The present invention provides a POS terminal for identifying a Bansa server to which a full text of an authorization request is transmitted and transmitting a full text of a payment approval request to which the payment information is inserted to the checked Bansa server.

In the information security POS terminal according to the present invention, the card reader module for reading card information from the customer card, the payment control module for controlling the overall operation of the card payment, and the card payment by the payment control module connected to the communication network Point of Sales (POS) terminal having a communication module for connecting and managing a communication channel with a bansa server for, check the bansa server to send the full payment approval request, the card read through the card reader module And encrypting the information through an encryption key decrypted by the bansa server, and attaching a bansa identifier corresponding to the verified bansa server to the encrypted card information to generate encrypted bansa-specific card information. Characterized in that, the payment control module, the password in the card information item included in the full payment approval request request And generating a payment approval request message including at least one bansa-specific card information and including an unencrypted information item and a merchant number, wherein the communication module is interfaced with the payment control module and controls the payment control. Read the Bansa identifier included in the encrypted Bansa-specific card information included in the payment approval request text generated by the module to check the bansa server to which the payment approval request text is transmitted, and confirm the payment to the verified bansa server. Characterized in that the transmission of the full request.

On the other hand, in the POS terminal for information security according to the present invention, the card reader module for reading card information from the customer card, the payment control module for controlling the overall operation of the card payment, and connected to the communication network by the payment control module A POS terminal having a communication module for connecting and managing a communication channel with a bansa server for card payment, identifies a bansa server to transmit a full payment approval request and reads it through the card reader module. And an encryption unit for encrypting the card information to be encrypted using an encryption key decrypted by the bansa server, and generating an encrypted bansa-specific card information by attaching a bansa identifier corresponding to the checked bansa server to the encrypted card information. Characterized in that the payment control module, a plurality of information items included in the full payment approval request The card information items including the card information for each encrypted Bansa is processed as a blank, and the full payment approval request message including the unencrypted information item and the merchant number is generated. The communication module includes: Interface with a payment control module and an encryption unit, inserting the encrypted bansa-specific card information generated by the encryption unit in the card information blank of the payment approval request professional generated by the payment control module, and the encrypted bansa The bansa identifier included in the card information is read to check the bansa server to which the payment approval request text is transmitted, and the payment approval request message inserted with the payment information is characterized in that the bansa server is transmitted.

In the POS terminal for information security according to the present invention, the encryption unit generates encrypted payment amount information by encrypting payment amount information input through the information input unit, and the payment control module is the payment approval. Characterized in the payment information information of the request message, characterized in that for generating the payment approval request full text including the encrypted payment information.

In the POS terminal for information security according to the present invention, the encryption unit generates encrypted payment amount information by encrypting payment amount information input through the information input unit, and the payment control module is the payment approval. The payment amount information item including the encrypted payment amount information among the plurality of information items included in the request message is further processed to generate a payment approval request text by blanking the communication module. And inserting the encrypted payment amount information generated through the encryption unit into the payment amount information field of the payment approval request message generated by the encryption unit.

In the POS terminal for information security according to the present invention, the encryption unit encrypts the digital signature information input through the digital signature unit, and generates encrypted digital signature information, wherein the payment control module is the payment approval. Characterized in the digital signature information item of the request message, characterized in that for generating the payment approval request full text including the encrypted digital signature information.

In the POS terminal for information security according to the present invention, the encryption unit encrypts the digital signature information input through the digital signature unit, and generates encrypted digital signature information, wherein the payment control module is the payment approval. The digital signature information item including the encrypted digital signature information among the plurality of information items included in the request message is further processed to generate a payment approval request message by blanking the communication module. And inserting the encrypted digital signature information generated through the encryption unit into the digital signature information field of the payment approval request specialist generated by the processor.

In the POS terminal for information security according to the present invention, the encryption unit may be provided in the card reader module, or between the card reader module and the payment control module, or provided in the communication module.

On the other hand, it includes a computer-readable recording medium, characterized in that for recording the program for executing the above-mentioned information security force terminal.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be made based on the contents throughout the present invention.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or a system that is commonly provided in the art to which the present invention belongs The functional configuration is omitted as much as possible, and will be mainly described for the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

In addition, the following examples will be used to appropriately modify, integrate, or separate the terminology so that those skilled in the art to which the present invention pertains may clearly understand the present invention. The present invention is by no means limited thereto. In other words, each means constituting the present invention is a server (or terminal) provided on the system shown in the following embodiments, or a predetermined functional configuration provided in at least one or more servers (or terminals), or at least It may be an association of at least two or more functional components provided in one or more servers (or terminals). In addition, the server (or terminal) shown in the following embodiment is shown to include at least two or more functional components for achieving the technical features of the present invention for convenience, the functional component shown in the server (or terminal) Matched with the above-described means may be provided in two or more different servers (or terminals) according to the role and function of each functional component and the corresponding server (or terminal) operator (or operator), whereby the present invention is not limited No.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram illustrating a functional configuration of a POS terminal 100 having an information security function for each bansa according to the first embodiment of the present invention.

In more detail, Figure 1 shows a card reader module 115 for reading card information from a customer card, a payment control module 105 for controlling the overall operation of card payment, and a payment control module 105 connected to a communication network. In the POS terminal 100 having a communication module 135 for connecting and managing a communication channel with a bansa server for card payment by the card, the payment approval request from the encryption unit 110 when the card payment is made using the customer card. Identify a Bansa server to transmit the full text, encrypt card information read through the card reader module 115 through an encryption key decrypted by the Bansa server, and correspond to the verified Bansa server in the encrypted card information When the encrypted Bansa-specific card information is generated by attaching a Bansa identifier, the encrypted information is included in the card information item included in the full payment approval request in the payment control module 105. Generate a payment approval request full text including the individual card information, the unencrypted one or more information items and the merchant number, and the encrypted bansa included in the generated payment approval request full message in the communication module 135 Versa server information by reading the Bansa identifier included in the card information to check the Bansa server to be sent the payment approval request message, and transmits the payment approval request message to the verified Bansa server to process the card payment information for each Bansa FIG. 1 illustrates a functional configuration of the provided POS terminal 100, and a person having ordinary knowledge in the technical field to which the present invention pertains includes a POS having an information security function for each bansa by referring to and / or modifying FIG. Various implementation methods (for example, some components are omitted, subdivided, or combined) for the functional configuration of the terminal 100 may be used. Would be able, in the present invention are made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 1.

Hereinafter, in FIG. 1, a functional component that may operate in connection with one or more modules of the card reader module 115, the payment control module 105, and the communication module 135, or may be implemented as an internal component of each module. The technical features of the present invention will be described by referring to "parts" for convenience, and the functional elements named "parts" are the card reader module 115, the payment control module 105 and It will be apparent that it is possible to interwork with one or more of the modules of the communication module 135 or to be implemented in the form of internal components of each module.

Referring to FIG. 1, the POS terminal 100 having an information security function for each Bansa includes a card reader module 115 for reading card information from a customer card and an overall operation of card payment through the read card information. And a communication module 135 for controlling a payment control module 105 and a communication network connected to a communication network and connecting a communication channel with a bansa server required for card payment by the payment control module 105. The memory unit 153, the key input unit 125, the digital signature unit 120, and the screen output unit that operate in conjunction with at least one of the card reader module 115, the payment control module 105, and the communication module 135. 155 and a print output unit 160, a security application module (163) and a power supply unit 130 for supplying power to the POS terminal 100, according to the intention of the skilled person At least one terminal function It is possible to further comprises a (not shown).

The customer requesting payment through the POS terminal 100 includes a MS (Magnetic Stripe) card based on the ISO / IEC 7810 standard, and / or a contact IC card (or a wireless IC chip based on the ISO / IEC 7816 standard). And / or possesses (or owns) a customer card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, and the card reader module 115 stores the customer card. It characterized in that to provide an interface for reading at least one or more card information provided in.

According to the embodiment of the present invention, the card reader module 115 provides an interface between the MS reader unit for providing an interface between the MS card and the POS terminal 100 and the interface between the contact IC card and the POS terminal 100. Preferably, the contact IC reader includes one or more contactless IC readers that provide an interface between the contactless IC card and the POS terminal 100.

The MS reader unit is a card reader module 115 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil, and includes predetermined information (eg, magnetized binary). When the MS card on which (Binary) data is recorded moves in a predetermined direction in close contact with the magnetic head (or the magnetic head moves in close contact with an MS card in which predetermined information is recorded), a predetermined electrical signal is transmitted to the magnetic head. Reading card information (eg, credit card information, check card information, debit card information, cash card information, financial account information) from at least one track provided in the MS of the MS card by using It is characterized by.

The contact IC reader unit is a card reader module 115 based on ISO / IEC 7816, and includes at least one contact point that makes electrical contact with a chip on board (COB) provided in a contact IC card. It supplies the power to the IC chip of the IC card through the contact point, and the card information (for example, credit) from the IC chip through the half duplex transaction using an APDU (Application Protocol Data Unit) Card information, check card information, debit card information, cash card information, financial account information).

The non-contact IC reader unit is a card reader module 115 based on ISO / IEC 14443. The contactless IC reader unit may be formed at least in electrical contact with the non-contact IC card by using capacitive coupling and / or inductive coupling. It comprises one or more antennas, and supplies power to the IC chip of the IC card through the antenna, and card information (eg credit card) from the IC chip through the half-duplex transaction using the APDU Information, check card information, debit card information, cash card information, financial account information).

The payment control module 105, when the card payment processing through the card information read through the card reader module 115, generates a full payment approval request for the card payment, and generates the full payment approval request The screen output unit transmits to the communication module 135, receives a payment approval result text corresponding to the payment approval request text message through the communication module 135, and displays the payment processing details included in the payment approval result text message. It is characterized by controlling the overall operation of the card payment through the screen output through the 155, or through the print output unit 160 to print out.

The communication module 135 is connected to a communication network to connect a communication channel with a Bansa server required for card payment by the payment control module 105, the communication processing unit 145 for connecting and managing the communication channel Characterized in that comprises a.

The communication processor 145 may be a wired communication network including at least one or more xDSL-based wired communication network, a public switched telephone network (PSTN), an intelligent network, an Ethernet, or the like, or code division multiple access (CDMA). / WCDMA (Wide-CDMA) based mobile communication network, HSDPA (High-Speed Downlink Packet Access) based wireless communication network, including at least one or more wireless communication network including IEEE 802.16x-based portable Internet to connect the communication channel with the bansa server It is characterized by.

According to the exemplary embodiment of the present invention, the communication module 135 may store sales point management information (eg, in addition to the communication processor 145 connecting the bansa server and the communication channel for payment of the card) in the memory unit 153. And a sales point manager 140 for processing point of sale management of the POS terminal 100 based on one or more product information, barcode information for each product (or RFID tag information), and sales price information for each product. It is characterized by.

When the point-of-sale manager 140 is provided in the communication module 135, the communication module 135 may include a barcode reader (or RFID reader) and one or more cable communication means (eg, RS-) for the point-of-sale management. 232c, the ability to connect cable communication sessions via USB (Universal Serial Bus), or Infrared Ray, RF (Radio Frequency), Bluetooth (BlueTooth), Wireless LAN, Wi-Fi (Wi- It is preferable that the at least one short-range wireless communication means including at least one of Fi) and at least one ultra wide band system (UWB) is further provided with a function of connecting the short-range communication session with the barcode reader (or RFID reader).

However, the point-of-sale manager 140 is not always implemented in the form of components in the communication module 135, and the point-of-sale manager 140 is a separate point-of-sale manager module (not shown) according to the intention of those skilled in the art. It is possible to be provided in the POS terminal 100 in the form, whereby the present invention is not limited.

In addition, those skilled in the art to which the present invention belongs, will be familiar with the technical features of the point of sale management unit 140 for processing the point of sale management through the point of sale management information, detailed description thereof Will be omitted for convenience.

The memory unit 153 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the POS terminal 100 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, the payment control module 105 is a predetermined program routine and program data required for controlling the overall operation of the card payment (for example, the program routine is input or to perform a predetermined function or Output data) is stored.

According to the exemplary embodiment of the present invention, the memory unit 153 may include an affiliate store number to be included in the payment approval request text generated by the payment control module 105, card information read through the card reader module, and the key input unit ( 125 is included in the full text of the payment approval request except for the payment amount information input through the key or externally through cable communication (or near field communication) and the digital signature information input through the digital signature unit 120. Preferably, one or more full text inclusion information (not shown) corresponding to one or more information items is stored.

According to the exemplary embodiment of the present invention, the memory unit 153 includes a payment processing history storage area for storing the payment processing details included in the payment approval result text received from the bansa server after the payment approval for the payment approval request text. The payment processing history storage area may be omitted according to the intention of the skilled person, and the present invention is not limited thereto.

According to an exemplary embodiment of the present invention, the memory unit 153 may store one or more product information managed by the POS terminal, barcode information for each product (or radio frequency identification (RFID) tag information), and sales price information for each product. Preferably, at least one point of sale management information is stored.

The key input unit 125 includes a key having at least one key button including at least one number key and / or a character key and / or a function key. Detecting a key input signal input from an input device, and providing the input key input signal to the payment control module 105 or the communication module 135, the card payment function through the payment control module 105 or the Characterized in that the key data for providing the point-of-sale management function through the communication module 135 is input processing.

According to an embodiment of the present invention, the key input unit 125 performs a function of a key input means (or information input means) for inputting payment amount information to be included in the payment approval request text generated by the payment control module 105. It is desirable to.

The digital signature unit 120 receives a customer's signature digitally through a touch screen with a digital input function including any one of a pressure method and an electromagnetic induction sensor board method in a card payment process through the payment control unit. By providing the input digital signature information of the customer to the payment control module 105, the digital signature information for providing a card payment function through the payment control module 105 is characterized in that the input processing.

The screen output unit 155 advances one or more information or data defined to be output on the screen in the process of performing a card payment function through the payment control module 105 or a point of sale management function through the communication module 135. It characterized in that the output of the defined interface screen to the screen output device (for example, LCD (Liquid Crystal Display)).

According to the exemplary embodiment of the present invention, the screen output unit 155 outputs a screen for outputting the payment processing details included in the full payment approval result received through the communication module 135 in response to the full payment approval request message. It is desirable to perform the function of the means.

The print output unit 160 is included in the payment approval result message received through the communication module 135 in response to the payment approval request message in the process of performing the card payment function through the payment control module 105. The payment processing details may be printed and output to a printing apparatus (eg, a receipt printer) according to a preset printing format.

According to the exemplary embodiment of the present invention, the print output unit 160 outputs a screen output of the payment processing details included in the full payment approval result received through the communication module 135 in response to the full payment approval request message. It is desirable to perform the function of the means.

The Secure Application Module (163) is a confidentiality and / or authentication required by the POS terminal 100 in the process of performing the electronic payment and / or electronic payment using the card. And / or safety devices for performing security requirements including integrity and / or nonrepudiation in a secure and reliable structure within the POS terminal 100 without using a server on a communication network. As an example, the POS terminal 100 encrypts or decrypts a predetermined message (information or data) that is processed in the course of performing a predetermined security request function (eg, an electronic payment and / or an electronic payment function). Adds an authenticator to prevent forgery (or tampering), or stores important information in the process of performing the security request function It is done.

In general, the security application module 163 is preferably composed of a predetermined security application module 163 inserter and the security application module 163 chip, the security application module 163 chip is a chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It is preferable to comprise a.

In addition, the security application module 163 is at least one or more security application data (eg, at least one identifier, version, expiration date, issue date, code value, etc.) required for the POS terminal 100 to perform a predetermined security request function ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocessing / cancellation command).

Referring to FIG. 1, the POS terminal 100 is connected to the card reader module, and when the card reader module reads card information from the customer card, the payment approval request message including the read card information is read. Check the transmitted Bansa server, verify the Bansa identifier and the Bansa encryption key for the verified Bansa server, encrypt the card information through the verified Bansa encryption key, and the Bansa to the encrypted card information It is characterized in that it comprises an encryption unit 110 for generating encrypted card information for each bansa attached to the identifier.

When card information is read from the customer card through the card reader module, the encryption unit 110 may identify a bansa server to which a full payment approval request message including the read card information is transmitted.

According to the exemplary embodiment of the present invention, the encryption unit 110 preferably checks the bansa server to which the payment approval request text is transmitted according to a plurality of bansa-specific distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 110 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 135 and approves the confirmed bansa server for the payment. It is desirable to check with the bansa server where the full request is sent.

According to another exemplary embodiment of the present invention, the encryption unit 110 preferably selects (or arbitrarily selects) a plurality of bansa to identify the bansa server to which the payment approval request text is transmitted.

When the Bansa server to which the payment approval request message is transmitted is identified, the encryption unit 110 may include a Bansa identifier (eg, a VAN_ID value) corresponding to the selected Bansa server and an bansa encryption key (eg, the encryption unit 110). ) An encryption key set to decrypt only the bansa, or an encryption key paired with the decryption key provided at the bansa.

According to the exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 110 in the program data (or the memory included in the encryption unit 110).

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 153, in which case the encryption unit 110 is the memory unit 153 It is preferable to check the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa server.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 163, in this case, the encryption unit 110 is the security application module 163 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

When the Bansa identifier and the Bansa encryption key corresponding to the Bansa server to which the payment approval request message is transmitted are confirmed, the encryption unit 110 is read from the card reader module 115 through the verified Bansa encryption key. And encrypting the card information, wherein the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is exposed in any case except the bansa server. It is characterized by not being.

When the card information read from the card reader module 115 is encrypted using the bansa encryption key, the encryption unit 110 attaches the checked bansa identifier to the card information encrypted through the bansa encryption key. It is characterized by generating the Bansa-encrypted card information.

According to another exemplary embodiment of the present invention, the encryption unit 110 may combine the card information and the bansa identifier, and then encrypt the bansa through the bansa's encryption key, whereby the present invention is not limited thereto.

Referring to FIG. 1 according to an embodiment of the present invention, the encryption unit 110 is illustrated as being provided between the card reader module 115 and the payment control module 105. However, the present invention is limited thereto. Never, the encryption unit 110 is provided in the form of an internal component of the card reader module 115, or in the form of an internal component of the payment control module 105, or the communication module 135 It is possible to be provided in the form of internal components, whereby the present invention is not limited.

Referring to FIG. 1, the bansa encrypted card information generated by being encrypted by the encryption unit 110 is provided to the payment control module 105.

Referring to FIG. 1, the payment control module 105 inputs and processes encrypted card information for each bansa through the encryption unit 110, and inputs payment amount information through the key input unit 125. An information input unit 165 for inputting and processing digital signature information of the customer through the digital signature unit 120, the encrypted card information, payment amount information, digital signature information, and stored in the memory unit 153 for each of the input bansa; A professional generation unit 170 for generating a payment approval request full text including a merchant number, and a specialized transmission unit for providing the generated payment approval request full text to the communication module 135 to be transmitted to a bansa server on a communication network ( 173, a specialized receiving unit 175 for receiving a payment approval result text corresponding to the payment approval request text message through the communication module 135, and a payment included in the received payment approval result text message. Specialized output unit 180 to check the processing history, and output the payment processing details in conjunction with the screen output unit 155, or print out the payment processing details in conjunction with the print output unit 160. It characterized by comprising a.

When the bansa-encrypted card information is generated by the encryption unit 110, the information input unit 165 converts the bansa-encrypted card information from the encryption unit 110 into card information to be included in the payment approval request. Characterized in that the input processing.

The information input unit 165 outputs a payment amount input interface screen through the screen output unit 155, and inputs and processes payment amount information to be included in the full payment approval request from the key input unit 125. do.

According to another exemplary embodiment of the present invention, the information input unit 165 may include the sum of the amount of the product sales amount generated in the sales point management process of the sales point manager 140 provided in the communication module 135, the payment amount information. It is preferable to process the input with.

In addition, the information input unit 165 outputs a digital signature interface screen through the digital signature unit 120, and inputs and processes digital signature information to be included in the full text of the payment approval request from the digital signature unit 120.

When the bansa encrypted card information, payment amount information and digital signature information are input through the information input unit 165, the full text generation unit 170 includes bansa encrypted card information, payment amount information and digital signature information. And one or more information items (eg, credit approval / cancellation cancellation information items, slip purchase information items, slip serial number items), including a merchant number stored in the memory unit 153, and predefined to be included in the full payment approval request. Etc.) to generate a full payment approval request.

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

When the payment approval request full text is generated by the full text generation unit 170, the full text transmission unit 173 provides the generated payment approval request full text to the communication module 135, thereby transmitting the communication module 135. Checks the bansa identifier included in the payment approval request message, and transmits the payment approval request message to the bansa server corresponding to the confirmed bansa identifier.

After the payment approval request message is transmitted to the bansa server, the specialized receiving unit 175 may receive a payment approval result message corresponding to the payment approval request message through the communication module 135.

Herein, the full payment approval result may include a payment processing history including a result of the payment approval of the payment amount through the card information read by decrypting the bansa encrypted card information. Is preferably made including any one of a payment approval result or a payment error result.

According to the exemplary embodiment of the present invention, the payment processing history included in the full payment approval result received through the specialized receiving unit 175 includes the bansa-encrypted card information generated by the encryption unit 110 as it is. It is preferable.

According to another exemplary embodiment of the present invention, the payment processing details included in the full payment approval result received through the full text receiving unit 175 may be obtained by decrypting the bansa encrypted card information generated by the encrypting unit 110. Preferably, the card information includes partial card information including a portion of the card information that has been erased (or processed into a blank), and the partial card information is transmitted to the bansa server or the communication module 135. It is preferable to process by.

According to another exemplary embodiment of the present invention, the payment processing details included in the full payment approval result received through the full text receiving unit 175 may be erased (or blank processed) from the entire card information item. The erasure (or blank processing) for the card information item is preferably processed by the bansa server or communication module 135.

When the full payment approval result is received through the full text receiver 175, the full text output unit 180 checks the details of payment processing included in the full text of the received payment approval result and associates with the screen output unit 155. It characterized in that the screen output the payment processing details.

In addition, the specialized output unit 180 checks whether the payment approval result is included in the payment processing history, and if the payment approval result is included in the payment processing history, the payment in connection with the print output unit 160. And print out the processing details.

Referring to FIG. 1, the communication module 135 checks the bansa identifier of the bansa encrypted card information included in the full payment approval request message provided through the specialized transmission unit 173 of the payment control module 105. And a specialized processing unit 150 for reading the checked bansa identifier to confirm a bansa server to which the payment approval request message is transmitted. The communication processing unit 145 communicates with the confirmed bansa server. A channel is connected, and the full text of the payment approval request is transmitted to the bansa server through the communication channel.

When the professional payment unit 173 of the payment control module 105 provides the generated payment approval request full text, the professional processing unit 150 displays the bansa identifier of the bansa encrypted card information included in the full payment approval result. And verify the bansa server to which the payment approval request message is transmitted by reading the checked bansa identifier, and the communication processing unit 145 connects a communication channel with the checked bansa server, and performs the communication. Characterized in that the transmission of the payment approval request message to the bansa server through a channel.

Subsequently, when the payment approval result message corresponding to the payment approval request message is received from the bansa server through the communication processor 145, the expert processing unit 150 transmits the received payment approval result message to the payment control module ( 105) characterized in that provided.

According to an exemplary embodiment of the present invention, the payment approval result may include the encrypted card information for each bansa as it is, or part of the card information for decrypting the encrypted card information for each bansa may be erased (or blank). The partial card information, or the entire card information item is erased (or blanked), the professional processing unit 150 retains the full payment approval result as it is. It is preferable to provide.

According to another exemplary embodiment of the present invention, when the payment approval result message includes card information obtained by decrypting the bansa-encrypted card information, the specialized processor 150 erases (or blanks) a part of the card information. Blank) to generate partial card information and update it to the full payment approval result, or erase the entire card information item (or process it as a blank), and then transfer the full payment approval result to the payment control module 105. It is preferable to provide.

2 is a diagram illustrating a process of generating and transmitting a full payment approval request in a POS terminal 100 having information security for each bansa according to a first embodiment of the present invention.

In more detail, Figure 2 confirms the Bansa server to transmit the full payment approval request in the encryption unit 110 provided in the POS terminal 100 shown in Figure 1, and is read through the card reader module 115 If the card information is encrypted using an encryption key decrypted by the bansa server, and the bansa identifier corresponding to the verified bansa server is attached to the encrypted card information to generate encrypted bansa card information, the payment control module ( In step 105), the card information item included in the payment approval request text includes the encrypted Bansa-specific card information, and generates a payment approval request text including at least one information item and an affiliate store number which are not encrypted, and the communication module ( In step 135), the Bansa identifier included in the encrypted Bansa-specific card information included in the generated payment approval request text is read and the payment is accepted. The process of identifying the Bansa server to which the request text is transmitted and transmitting the payment approval request text to the confirmed Bansa server, and if the person of ordinary skill in the art to which the present invention belongs, refer to FIG. And / or various implementation methods for generating and transmitting a payment approval request message in the POS terminal 100 having the information security function for each bansa (for example, some steps may be omitted or the order may be changed). Method) can be inferred, but the present invention includes all the inferred implementation methods, and the technical features are not limited to the implementation method shown in FIG.

For example, one of ordinary skill in the art to which the present invention belongs may infer an implementation method in which the process of inputting digital signature information and including a full text is omitted in the process illustrated in FIG. 2. It is characterized by including all the implementation method inferred.

Referring to FIG. 2, the card reader module 115 provided in the POS terminal 100 shown in FIG. 1 reads card information from the customer card 200 for card payment (200). If 205 is read successfully (205), the encryption unit 110 checks the Bansa server to which the payment approval request message including the read card information is transmitted, and the Bansa identifier (eg, VAN_ID value) corresponding to the Bansa server. Verify the bansa encryption key (for example, an encryption key set to decrypt only the bansa encrypted information by the encryption unit 110, or an encryption key paired with the decryption key provided on the bansa) (210) .

According to the exemplary embodiment of the present invention, the encryption unit 110 preferably checks the bansa server to which the payment approval request text is transmitted in accordance with a plurality of bansa professional distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 110 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 135 and approves the confirmed bansa server for the payment. It is desirable to check with the bansa server where the full request is sent.

According to another exemplary embodiment of the present invention, the encryption unit 110 preferably selects (or arbitrarily selects) a plurality of bansa to identify the bansa server to which the payment approval request text is transmitted.

According to the exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 110 in the program data (or the memory included in the encryption unit 110).

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 153, in which case the encryption unit 110 is the memory unit 153 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 163, in this case, the encryption unit 110 is the security application module 163 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

Thereafter, the encryption unit 110 encrypts the card information read through the card reader module 115 with the confirmed Bansa encryption key (215).

Here, the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is not exposed in any case except the bansa server.

In addition, the encryption unit 110 attaches the verified bansa identifier to the encrypted card information to generate bansa encrypted card information (220).

According to another exemplary embodiment of the present invention, the encryption unit 110 may combine the card information and the bansa identifier, and then encrypt the bansa through the bansa's encryption key, whereby the present invention is not limited thereto.

If the bansa encrypted card information is generated (225), the encryption unit 110 is the payment control module provided in the POS terminal 100 shown in FIG. 105).

The payment control module 105 inputs and processes payment amount information to be included in the payment approval request message from the key input unit 125 provided in the POS terminal 100, and is included in the payment approval request message from the digital signature unit 120. Input processing digital signature information (235).

According to another exemplary embodiment of the present invention, the payment control module 105 is the sum of the sum of the product sales amount generated in the sales point management process of the sales point management unit 140 provided in the communication module 135, the payment amount It is preferable to process the input with the information.

If the payment amount information and the digital signature information is input and processed (240), the payment control module 105 includes encrypted card information, payment amount information and digital signature information for each bansa, and the memory unit 153 Payment authorization request, including the merchant number stored in, and including one or more information items (eg, credit approval / cancellation information item, purchase purchase information item, document serial number item, etc.) that are predefined to be included in the full payment approval request. The full text is generated and provided to the communication module 135 provided in the POS terminal 100 illustrated in FIG. 1 (245).

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

The communication module 135 checks the bansa identifier of the encrypted card information for each bansa included in the payment approval result full text, reads the verified bansa identifier, checks the bansa server to which the payment approval request text is transmitted (250) In step 255, the bansa server connects the communication channel with the verified bansa server and transmits the full text of the payment approval request to the bansa server through the communication channel.

3 is a diagram illustrating a process of receiving and outputting a full payment approval result in a POS terminal 100 having information security for each bansa according to a first embodiment of the present invention.

In more detail, in Figure 3, the POS terminal 100 shown in FIG. 1 transmits a payment approval request message to a Bansa server through a payment approval request message transmission process shown in FIG. Regarding the process of receiving and outputting the full payment approval result corresponding to the request for approval, the person having ordinary knowledge in the technical field to which the present invention belongs, refer to and / or modify this drawing 3 and the information security for each bansa Various implementation methods (for example, some steps may be omitted or the order may be changed) may be inferred in the process of receiving and outputting a payment approval result full text in the POS terminal 100 having a function, but the present invention Is made including all the inferred implementation method, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 3, after transmitting the full payment approval request message to a Bansa server through the payment approval request message transmission process shown in FIG. 2, the POS terminal 100 shown in FIG. 1 is transmitted to the POS terminal 100. The provided communication module 135 checks whether the payment approval result message corresponding to the payment approval request message is received from the bansa server (300).

If the full payment approval result is received (305), the communication module 135 checks whether the encrypted card information is included in the payment processing details included in the full payment approval result (310).

If the payment approval result does not include encrypted card information in the preamble (315), the communication module 135 generates partial card information by deleting a portion of the card information (or treating it as a blank). The payment approval result is updated to the full text or the entire card information item is erased (or blanked) (320).

On the other hand, if the payment approval result contains encrypted card information in the preamble (315), the communication module 135 transmits the payment approval result preamble to the payment control module provided in the POS terminal 100 shown in FIG. 105) (325).

According to another exemplary embodiment of the present invention, in addition to the bansa-encrypted card information, the part of the card information that decrypts the bansa-encrypted card information is erased (or blanked) in the entire payment approval result. Or the entire card information item is erased (or blanked), the communication module 135 provides the full payment approval result to the payment control module 105 as it is. It is desirable to.

Thereafter, the payment control module 105 checks the payment processing details included in the received payment approval result full text, outputs the payment processing details, and if the payment processing details include the payment approval result, The payment processing history is printed out (330).

4 is a diagram illustrating a functional configuration of a POS terminal 400 having an information security function for each bansa according to the second embodiment of the present invention.

In more detail, Figure 4 shows a card reader module 415 for reading card information from a customer card, a payment control module 405 for controlling the overall operation of card payment, and a payment control module 405 connected to a communication network. In the POS terminal 400 having a communication module 435 for connecting and managing a communication channel with a bansa server for card payment by the card), the payment is approved by the encryption unit 410 when the card is paid using the customer card. Identify a bansa server to transmit the full request, encrypt card information read through the card reader module 415 through an encryption key decrypted by the bansa server, and correspond to the verified bansa server in the encrypted card information When generating the encrypted Bansa-specific card information by attaching a bansa identifier, the payment control module 405 to the encrypted card information item included in the payment approval request message is encrypted Generate a payment approval request full text including the individual card information, including one or more unencrypted information items and merchant numbers, and the encrypted bansa included in the generated payment approval request full text in the communication module 435 Read the bansa identifier included in the card information to check the bansa server to be sent the payment approval request message, and transmits the payment approval request message to the confirmed bansa server to process the card payment, the encryption unit 410 ) Further encrypts payment amount information to generate encrypted payment amount information, and / or further encrypts digital signature information to generate encrypted digital signature information, and the payment control module 405 completes the payment approval request message. The encrypted payment amount information is included in the payment amount information item of and / or the digital document of the request for payment approval request. A functional configuration of a POS terminal 400 having an information security function for each bansa having a function of including the encrypted digital signature information in an information item, and has a general knowledge in the technical field to which the present invention belongs. If so, various implementation methods (eg, some components are omitted, subdivided, or combined) of the functional configuration of the POS terminal 400 having the information security function for each bansa by referring to and / or modifying the drawing 4 Method) can be inferred, but the present invention includes all the inferred implementation methods, and the technical features are not limited to the implementation method shown in FIG.

For example, one of ordinary skill in the art to which the present invention belongs may infer an implementation method in which only one of the payment amount information and the digital signature information is encrypted and the other is not encrypted, and the present invention may It is clearly to be understood that this includes all inferred methods of implementation.

Hereinafter, in FIG. 4, a functional component that operates in connection with one or more modules of the card reader module 415, the payment control module 405, and the communication module 435, or may be implemented as an internal component of each module. The technical features of the present invention will be described by referring to "parts" for convenience, and the functional elements named "parts" are the card reader module 415, the payment control module 405 and It will be apparent that it is possible to interwork with one or more of the modules of the communication module 435 or be implemented in the form of internal components of each module.

Referring to FIG. 4, the POS terminal 400 having an information security function for each Bansa includes a card reader module 415 for reading card information from a customer card and an overall operation of card payment through the read card information. And a communication module 435 for controlling the payment control module 405 and a communication network connected to a communication network and connecting a communication channel with a bansa server required for card payment by the payment control module 405. The memory unit 453, the key input unit 425, the digital signature unit 420, and the screen output unit operating in association with at least one of the card reader module 415, the payment control module 405, and the communication module 435. 455, a print output unit 460, a security application module 463, and a power supply unit 430 for supplying power to the POS terminal 400. At least one terminal function It is possible to further comprises a (not shown).

The customer requesting payment through the POS terminal 400 may include an MS (Magnetic Stripe) card based on the ISO / IEC 7810 standard, and / or a contact IC card (or a wireless IC chip based on the ISO / IEC 7816 standard). And / or possesses (or owns) a customer card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, and the card reader module 415 has the customer card. It characterized in that to provide an interface for reading at least one or more card information provided in.

According to the exemplary embodiment of the present invention, the card reader module 415 may be configured to provide an interface between the MS card and the POS terminal 400, an interface between the contact IC card and the POS terminal 400. Preferably, the contact IC reader includes one or more contactless IC readers that provide an interface between the contactless IC card and the POS terminal 400.

The MS reader unit is a card reader module 415 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil, and includes predetermined information (eg, magnetized binary). When the MS card on which (Binary) data is recorded moves in a predetermined direction in close contact with the magnetic head (or the magnetic head moves in close contact with an MS card in which predetermined information is recorded), a predetermined electrical signal is transmitted to the magnetic head. Reading card information (eg, credit card information, check card information, debit card information, cash card information, financial account information) from at least one track provided in the MS of the MS card by using It is characterized by.

The contact IC reader unit is a card reader module 415 based on ISO / IEC 7816, and includes at least one contact point making electrical contact with a chip on board (COB) provided in a contact IC card. It supplies the power to the IC chip of the IC card through the contact point, and the card information (for example, credit) from the IC chip through the half duplex transaction using an APDU (Application Protocol Data Unit) Card information, check card information, debit card information, cash card information, financial account information).

The contactless IC reader unit is a card reader module 415 based on ISO / IEC 14443. The contactless IC reader unit uses at least an electrical contact with the contactless IC card by using capacitive coupling and / or inductive coupling. It comprises one or more antennas, and supplies power to the IC chip of the IC card through the antenna, and card information (eg credit card) from the IC chip through the half-duplex transaction using the APDU Information, check card information, debit card information, cash card information, financial account information).

The payment control module 405, when the card payment processing through the card information read through the card reader module 415, generates a full payment approval request for the card payment, and generates the full payment approval request The display module outputs the payment approval result text corresponding to the payment approval request text message through the communication module 435, and the payment processing details included in the payment approval result text message through the communication module 435. It is characterized by controlling the overall operation of the card payment through the screen output through the 455, or through the print output unit 460 to print out.

The communication module 435 is connected to a communication network and connects a communication channel with a bansa server required for card payment by the payment control module 405, the communication processing unit 445 for connecting and managing the communication channel Characterized in that comprises a.

The communication processing unit 445 may be a wired communication network including at least one or more xDSL-based wired communication network, public switched telephone network (PSTN), intelligent network, Ethernet, or the like, or code division multiple access (CDMA). / WCDMA (Wide-CDMA) based mobile communication network, HSDPA (High-Speed Downlink Packet Access) based wireless communication network, including at least one or more wireless communication network including IEEE 802.16x-based portable Internet to connect the communication channel with the bansa server It is characterized by.

According to the exemplary embodiment of the present invention, the communication module 435 may store sales point management information (eg, in addition to the communication processing unit 445 connecting the bansa server and the communication channel for payment of the card). And a sales point manager 440 which processes the sales point management of the POS terminal 400 based on one or more product information, barcode information for each product (or RFID tag information), and sales price information for each product. It is characterized by.

When the point of sale manager 440 is provided in the communication module 435, the communication module 435 may include a barcode reader (or RFID reader) and one or more cable communication means (eg, RS-) for the point of sale management. 232c, the ability to connect cable communication sessions via USB (Universal Serial Bus), or infrared ray communication, RF (Radio Frequency) communication, Bluetooth, Bluetooth, Wireless LAN, Wi-Fi It is preferable to further include a function of connecting the bar code reader (or RFID reader) and the short range communication session to at least one short range wireless communication means including at least one of a UWB and an ultra wide band system (UWB).

However, the point-of-sale manager 440 is not always implemented in the form of components in the communication module 435, and the point-of-sale manager 440 is a separate point-of-sale management module (not shown) according to the intention of those skilled in the art. It is possible to be provided in the POS terminal 400 in the form, whereby the present invention is not limited.

In addition, those skilled in the art to which the present invention belongs, will be familiar with the technical features of the point of sale management unit 440 to process the point of sale management through the point of sale management information, detailed description thereof Will be omitted for convenience.

The memory unit 453 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the POS terminal 400 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, the payment control module 405 is a predetermined program routine and program data required for controlling the overall operation of the card payment (for example, the program routine is input or to perform a predetermined function or Output data) is stored.

According to an embodiment of the present invention, the memory unit 453 may include an affiliate store number to be included in the payment approval request text generated by the payment control module 405, card information read through the card reader module, and the key input unit ( 425 is included in the full text of the payment approval request, except for payment amount information input from the outside through key communication or cable communication (or near field communication) and digital signature information input through the digital signature unit 420. Preferably, one or more full text inclusion information (not shown) corresponding to one or more information items is stored.

According to an embodiment of the present invention, the memory unit 453 includes a payment processing history storage area for storing the payment processing details included in the payment approval result text received from the bansa server after the payment approval for the payment approval request text. The payment processing history storage area may be omitted according to the intention of the skilled person, and the present invention is not limited thereto.

According to an exemplary embodiment of the present invention, the memory unit 453 may store one or more product information, bar code information (or RFID (tag) tag information) for each product managed by the POS terminal, and sales price information for each product. Preferably, at least one point of sale management information is stored.

The key input unit 425 includes a key having at least one key button including at least one numeric key and / or a character key and / or a function key. Detecting a key input signal input from an input device, and providing the input key input signal to the payment control module 405 or the communication module 435, the card payment function or the through the payment control module 405 Characterizing and inputting key data for providing a point-of-sale management function through the communication module 435.

According to an embodiment of the present invention, the key input unit 425 performs a function of a key input means (or information input means) for inputting payment amount information to be included in the payment approval request text generated by the payment control module 405. It is desirable to.

The digital signature unit 420 digitally receives a customer's signature through a touch screen with a digital input function including any one of a pressure method and an electromagnetic induction sensor board method in the card payment process through the payment control unit, By providing the input digital signature information of the customer to the payment control module 405, characterized in that for processing the digital signature information for providing a card payment function through the payment control module 405.

The screen output unit 455 previews one or more pieces of information or data defined to be output on the screen in the process of performing a card payment function through the payment control module 405 or a point of sale management function through the communication module 435. The interface screen may be configured to be output to a screen output device (eg, an LCD).

According to the exemplary embodiment of the present invention, the screen output unit 455 outputs a screen for outputting the payment processing details included in the full payment approval result received through the communication module 435 in response to the full payment approval request message. It is desirable to perform the function of the means.

The print output unit 460 is included in the payment approval result message received through the communication module 435 in response to the payment approval request message in the process of performing the card payment function through the payment control module 405. The payment processing details may be printed and output to a printing apparatus (eg, a receipt printer) according to a preset printing format.

According to the exemplary embodiment of the present invention, the print output unit 460 outputs a screen output of the payment processing details included in the payment approval result message received through the communication module 435 in response to the payment approval request message. It is desirable to perform the function of the means.

The Secure Application Module (463) is a confidentiality and / or authentication required by the POS terminal 400 in the process of performing electronic payment and / or electronic payment using the card. And / or safety devices for performing security requirements including integrity and / or nonrepudiation in a secure and reliable structure within the POS terminal 400 without using a server on a communication network. As an example, the POS terminal 400 encrypts or decrypts a predetermined message (information or data) that is processed in the course of performing a predetermined security request function (eg, an electronic payment and / or an electronic payment function). Adds an authenticator to prevent forgery (or tampering), or stores important information in the process of performing the security request function It is done.

In general, the security application module 463 is preferably composed of a predetermined security application module 463 inserter and security application module 463 chip, the security application module 463 chip is a chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or higher It is preferable to comprise a.

In addition, the security application module 463 is at least one or more security application data (eg, at least one identifier, version, expiration date, issue date, code value, etc.) required for the POS terminal 400 to perform a predetermined security request function. ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocessing / cancellation command).

Referring to FIG. 4, the POS terminal 400 is connected to the card reader module, and when the card reader module reads card information from the customer card, the payment approval request message including the read card information is read. Check the transmitted Bansa server, verify the Bansa identifier and the Bansa encryption key for the verified Bansa server, encrypt the card information through the verified Bansa encryption key, and the Bansa to the encrypted card information And an encryption unit 410 for generating encrypted card information for each bansa by attaching an identifier. The encryption unit 410 may further encrypt payment amount information to generate encrypted payment amount information. And / or further encrypt the digital signature information to generate encrypted digital signature information.

When card information is read from the customer card through the card reader module, the encryption unit 410 may identify a Bansa server to which a full payment approval request message including the read card information is transmitted.

According to an exemplary embodiment of the present invention, the encryption unit 410 preferably checks the bansa server to which the payment approval request text is transmitted according to a plurality of bansa-specific distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 410 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 435, and approves the confirmed bansa server for the payment. It is desirable to check with the bansa server where the full request is sent.

According to another exemplary embodiment of the present invention, the encryption unit 410 may sequentially select (or randomly select) a plurality of bansa to check the bansa server to which the full payment approval request is transmitted.

When the bansa server to which the payment approval request message is transmitted is identified, the encryption unit 410 is a bansa identifier (eg, VAN_ID value) corresponding to the selected bansa server and the bansa encryption key (eg, the encryption unit 410 ) An encryption key set to decrypt only the bansa, or an encryption key paired with the decryption key included in the bansa.

According to the exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 410 in the program data (or the memory included in the encryption unit 410).

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 453, in which case the encryption unit 410 is the memory unit 453 It is preferable to check the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa server.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 463, in which case the encryption unit 410 is the security application module 463 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

When the Bansa identifier and the Bansa encryption key corresponding to the Bansa server to which the payment approval request message is transmitted are confirmed, the encryption unit 410 is read from the card reader module 415 through the verified Bansa encryption key. And encrypting the card information, wherein the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is exposed in any case except the bansa server. It is characterized by not being.

If the card information read from the card reader module 415 is encrypted using the Bansa encryption key, the encryption unit 410 attaches the verified Bansa identifier to the card information encrypted through the Bansa encryption key. It is characterized by generating the Bansa-encrypted card information.

According to another exemplary embodiment of the present invention, the encryption unit 410 may combine the card information and the bansa identifier and then encrypt the bansa through an encryption key of the bansa, thereby not limiting the present invention.

Also, the encryption unit 410 outputs a payment amount input interface screen through the screen output unit 455, and inputs and processes payment amount information to be included in the full payment approval request message from the key input unit 425. And encrypting the input payment amount information to generate encrypted payment amount information.

According to another exemplary embodiment of the present invention, the encryption unit 410 may calculate the sum amount of the product sales amount generated in the sales point management process of the sales point manager 440 included in the communication module 435, the payment amount information. It is preferable to process the input with.

In addition, the encryption unit 410 outputs a digital signature interface screen through the digital signature unit 420, and inputs the digital signature information to be included in the full text of the payment approval request from the digital signature unit 420, And encrypting the input digital signature information to generate encrypted digital signature information.

Referring to FIG. 4 according to an embodiment of the present invention, the encryption unit 410 is illustrated as being provided between the card reader module 415 and the payment control module 405, but the present invention is limited thereto. Never, the encryption unit 410 is provided in the form of an internal component of the card reader module 415, or in the form of an internal component of the payment control module 405, or the communication module 435 It is possible to be provided in the form of internal components, whereby the present invention is not limited.

Referring to FIG. 4, the bansa-encrypted card information, the encrypted payment information, and the encrypted digital signature information generated by the encryption unit 410 are provided to the payment control module 405. It is done.

Referring to FIG. 4, the payment control module 405 may include an information input unit configured to input and process encrypted card information for each bansa, encrypted payment amount information, and encrypted digital signature information through the encryption unit 410. 465, a full text generation unit for generating a full text of the payment approval request including the bansa encrypted card information, encrypted payment amount information, encrypted digital signature information and the merchant number stored in the memory 453 ( 470 and a specialized transmission unit 473 for providing the generated payment approval request message to the communication module 435 to be transmitted to a bansa server on a communication network, and the payment approval request through the communication module 435. The professional receiving unit 475 which receives the payment approval result text corresponding to the full text, checks the details of payment processing included in the received payment approval result text, and connects with the screen output unit 455. Screen output of the payment processing details, or in conjunction with the print output unit 460 characterized in that it comprises a specialized output unit 480 for printing out the payment processing details.

When the bansa encrypted card information, the encrypted payment amount information, and the encrypted digital signature information are generated by the encryption unit 410, the information input unit 465 is encrypted by the bansa by the encryption unit 410. Input and process card information as card information to be included in a payment approval request text, input and process the encrypted payment amount information as payment amount information to be included in a payment approval request message, and include the encrypted digital signature information in a payment approval request message. Characterized by the digital signature information input processing.

When the bansa-encrypted card information, the encrypted payment amount information, and the encrypted digital signature information are input through the information input unit 465, the full text generation unit 470 generates the bansa-encrypted card information and encrypted payment amount information. And one or more information items (eg, credit approval / cancellation information items, slips) including encrypted digital signature information, including a merchant number stored in the memory unit 453, and predefined to be included in a payment approval request text. Characterized in that the full payment approval request including the purchase information item, the document serial number item, etc.).

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

When the payment approval request message is generated by the message generation unit 470, the message transmission unit 473 provides the generated payment approval request message to the communication module 435, thereby providing the communication module 435. Checks the bansa identifier included in the payment approval request message, and transmits the payment approval request message to the bansa server corresponding to the confirmed bansa identifier.

After the payment approval request message is transmitted to the bansa server, the text receiving unit 475 may receive a payment approval result message corresponding to the payment approval request text message through the communication module 435.

Here, the full text of the payment approval result includes a payment processing history including a result of the payment approval of the payment amount read by decrypting the encrypted payment amount information through the card information read by decrypting the bansa encrypted card information. Preferably, the payment processing details include any one of a payment approval result or a payment error result.

According to the exemplary embodiment of the present invention, the payment processing history included in the payment approval result received through the full text receiving unit 475 includes the bansa encrypted card information generated by the encrypting unit 410 as it is. It is preferable.

According to another exemplary embodiment of the present invention, the payment processing details included in the full payment approval result received through the full text receiving unit 475 may be obtained by decrypting the bansa encrypted card information generated by the encrypting unit 410. Preferably, the card information includes partial card information including a portion of the card information erased (or blanked), and the partial card information is stored in the bansa server or the communication module 435. It is preferable to process by.

According to another exemplary embodiment of the present invention, the payment processing details included in the full payment approval result received through the full text receiving unit 475 may be erased (or blank processed) from the entire card information item. The erasure (or blank processing) for the card information item is preferably processed by the bansa server or communication module 435.

When the full payment approval result is received through the full text receiver 475, the full text output unit 480 checks the details of payment processing included in the full text of the received payment approval result, and associates with the screen output unit 455. It characterized in that the screen output the payment processing details.

In addition, the specialized output unit 480 checks whether a payment approval result is included in the payment processing history, and if the payment approval result is included in the payment processing history, the payment is linked with the print output unit 460. And print out the processing details.

Referring to FIG. 4, the communication module 435 verifies the bansa identifier of the bansa-encrypted card information included in the full payment approval request message provided through the specialized transmission unit 473 of the payment control module 405. And a specialized processing unit 450 which reads the identified bansa identifier and confirms a bansa server to which the payment approval request message is transmitted. The communication processing unit 445 communicates with the confirmed bansa server. A channel is connected, and the full text of the payment approval request is transmitted to the bansa server through the communication channel.

When providing the generated payment approval request full text in the professional transmission unit 473 of the payment control module 405, the professional processing unit 450 is a bansa identifier of the bansa encrypted card information included in the full payment approval result And verify the bansa server to which the payment approval request message is transmitted by reading the verified bansa identifier, and the communication processing unit 445 connects a communication channel with the verified bansa server, and performs the communication. Characterized in that the transmission of the payment approval request message to the bansa server through a channel.

Subsequently, when a payment approval result message corresponding to the payment approval request message is received from the bansa server through the communication processor 445, the expert processing unit 450 transmits the received payment approval result message to the payment control module ( 405) characterized in that provided.

According to an exemplary embodiment of the present invention, the payment approval result may include the encrypted card information for each bansa as it is, or part of the card information for decrypting the encrypted card information for each bansa may be erased (or blank). Or partial card information, or the entire card information item is erased (or blanked), the professional processing unit 450 keeps the payment approval result text as it is. It is preferable to provide.

According to another exemplary embodiment of the present invention, when the payment approval result message includes card information obtained by decrypting the bansa-encrypted card information, the specialized processor 450 erases (or blanks) a part of the card information. Blank) to generate the partial card information and update it to the full payment approval result, or erase the entire card information item (or process it as a blank) and display the full payment approval result message in the payment control module 405. It is preferable to provide.

FIG. 5 is a diagram illustrating a process of generating and transmitting a full payment approval request in a POS terminal 400 having information security for each bansa according to a second embodiment of the present invention.

In more detail, Figure 5 confirms the Bansa server to send the full payment approval request from the encryption unit 410 provided in the POS terminal 400 shown in Figure 4, and reading through the card reader module 415 If the card information is encrypted using an encryption key decrypted by the bansa server, and generates encrypted bansa-specific card information by attaching the bansa identifier corresponding to the confirmed bansa server to the encrypted card information, the payment control module In step 405, the card information item included in the payment approval request text includes the encrypted Bansa-specific card information, and generates a payment approval request text including at least one information item and an affiliate store number that are not encrypted, and the communication module In step 435, the payment request is made by reading a Bansa identifier included in the encrypted Bansa-specific card information included in the generated payment approval request text. Check the Bansa server to be sent to the full request request, and transmits the payment approval request full text to the confirmed Bansa server, processing, but the encryption unit 410 further encrypted payment amount information to encrypt the payment amount information Generate and / or further encrypt digital signature information to generate encrypted digital signature information, and the payment control module 405 includes the encrypted payment amount information in the payment amount information item of the payment approval request message; And / or the process of including the encrypted digital signature information in the digital signature information item of the payment approval request specialist, and the person skilled in the art may refer to FIG. And / or a process for generating and transmitting a full payment approval request message in the POS terminal 400 having the information security function for each bansa. Various implementation methods (e.g., implementation steps in which some steps have been omitted or changed order) may be inferred, but the present invention includes all the implementation methods inferred from the above, and the implementation method shown in FIG. The technical features are not limited only.

For example, one of ordinary skill in the art to which the present invention belongs may infer an implementation method in which the process of inputting digital signature information and including a full text is omitted in the process illustrated in FIG. 5. It is characterized by including all the implementation method inferred.

In addition, if one of ordinary skill in the art to which the present invention belongs, only one of the payment amount information and digital signature information is encrypted, the other one can be inferred the implementation method is not encrypted, the present invention is It is clearly to be understood that this includes all inferred methods of implementation.

Referring to FIG. 5, the card reader module 415 included in the POS terminal 400 illustrated in FIG. 4 reads card information from the customer card for card payment (500), and if the card information is from the customer card. If is normally read (505), the encryption unit 410 checks the bansa server to be sent to the payment authorization request message containing the read card information, and the bansa identifier (for example, VAN_ID value) corresponding to the bansa server Verify the bansa encryption key (for example, an encryption key set to decrypt only the bansa encrypted information by the encryption unit 410, or an encryption key paired with the decryption key provided in the bansa) (510) .

According to an exemplary embodiment of the present invention, the encryption unit 410 preferably checks the bansa server to which the payment approval request text is transmitted according to a plurality of bansa-specific distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 410 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 435, and approves the confirmed bansa server for the payment. It is desirable to check with the bansa server where the full request is sent.

According to another exemplary embodiment of the present invention, the encryption unit 410 may sequentially select (or randomly select) a plurality of bansa to check the bansa server to which the full payment approval request is transmitted.

According to the exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 410 in the program data (or the memory included in the encryption unit 410).

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 453, in which case the encryption unit 410 is the memory unit 453 It is preferable to check the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa server.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 463, in which case the encryption unit 410 is the security application module 463 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

Thereafter, the encryption unit 410 encrypts the card information read through the card reader module 415 with the verified Bansa encryption key (515).

Here, the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is not exposed in any case except the bansa server.

In addition, the encryption unit 410 generates the encrypted card information for each bansa by attaching the verified bansa identifier to the encrypted card information (520).

According to another exemplary embodiment of the present invention, the encryption unit 410 may combine the card information and the bansa identifier, and then encrypt the bansa through the encryption key of the bansa, thereby not limiting the present invention.

If the Bansa-encrypted card information is generated (525), the encryption unit 410 inputs the payment amount information to be included in the payment approval request text from the key input unit 425 provided in the POS terminal 400 and The digital signature unit 420 inputs and processes digital signature information to be included in the full payment approval request (530).

According to another exemplary embodiment of the present invention, the payment control module 405 is a payment amount of the sum of the merchandise sales amount generated in the sales point management process of the sales point management unit 440 provided in the communication module 435 It is preferable to process the input with the information.

If the payment amount information and digital signature information are input and processed (535), the encryption unit 410 encrypts the payment amount information with the bansa encryption key to generate encrypted payment amount information, and the digital signature information The encrypted digital signature information is generated by encrypting with the bansa encryption key (540).

Thereafter, the encryption unit 410 includes the generated Bansa-encrypted card information, encrypted payment amount information, and encrypted digital signature information in the POS terminal 400 illustrated in FIG. 4. (545).

The payment control module 405 includes Bansa-encrypted card information, encrypted payment amount information, and encrypted digital signature information, includes an affiliate store number stored in the memory unit 453, and includes the payment approval request in its entirety. POS terminal 400 illustrated in FIG. 4 by generating a full payment approval request message including one or more information items (for example, credit approval / cancellation information item, purchase information item, and document serial number item) that are defined as possible. Provided to the communication module 435 provided in the) (550).

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

The communication module 435 confirms the bansa identifier of the bansa encrypted card information included in the payment approval result full text, reads the verified bansa identifier and checks the bansa server to which the payment approval request message is transmitted (555). In step 560, the communication server connects the identified bansa server with the communication channel and transmits the full text of the payment approval request to the bansa server through the communication channel.

6 is a diagram illustrating a process of receiving and outputting a full payment approval result in a POS terminal 400 having information security for each bansa according to a second embodiment of the present invention.

In more detail, FIG. 6 illustrates a payment approval request message transmitted from the POS terminal 400 shown in FIG. 4 to the bansa server through the payment approval request message transmission process shown in FIG. 5, and then the payment from the bansa server. The process of receiving and outputting a payment approval result text corresponding to a full text of a request for approval, and a person having ordinary knowledge in the technical field to which the present invention pertains, refers to and / or modifys the present FIG. In the POS terminal 400 having a function, various implementation methods (for example, some steps may be omitted or the order may be changed) may be inferred in the process of receiving and outputting the full payment approval result. Is made including all the inferred implementation method, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 6, the POS terminal 400 shown in FIG. 4 transmits the full payment approval request message to the Bansa server through the full payment approval request transmission process shown in FIG. The provided communication module 435 checks whether a payment approval result text corresponding to the payment approval request text message is received from the bansa server (600).

If the full payment approval result is received (605), the communication module 435 checks whether the encrypted card information is included in the payment processing details included in the full payment approval result (610).

If the payment approval result does not include encrypted card information in the preamble (615), the communication module 435 generates partial card information by deleting a portion of the card information (or treating it as a blank). The payment approval result is updated to the full text or the entire card information item is erased (or blanked) (620).

On the other hand, if the payment approval result contains encrypted card information in the preamble (615), the communication module 435 is a payment control module provided in the POS terminal 400 shown in FIG. 405, 625.

According to another exemplary embodiment of the present invention, in addition to the bansa-encrypted card information, the part of the card information that decrypts the bansa-encrypted card information is erased (or blanked) in the entire payment approval result. Even when partial card information is included or the entire card information item is erased (or blanked), the communication module 435 provides the full payment approval result to the payment control module 405 as it is. It is desirable to.

Thereafter, the payment control module 405 checks the payment processing history included in the received payment approval result full text, outputs the payment processing history, and if the payment processing history includes the payment approval result, The payment processing history is printed out (630).

7 is a diagram illustrating a functional configuration of a POS terminal 700 having an information security function for each bansa according to the third embodiment of the present invention.

In more detail, Figure 7 shows a card reader module 715 for reading card information from a customer card, a payment control module 705 for controlling the overall operation of card payment, and a payment control module 705 connected to a communication network. A POS terminal 700 having a communication module 735 for connecting and managing a communication channel with a bansa server for card payment by a bansa server, comprising: a bansa server for transmitting a full payment approval request message when paying a card using the customer card; The card information read through the card reader module 715 is encrypted using an encryption key decrypted by the bansa server, and the bansa identifier corresponding to the checked bansa server is attached to the encrypted card information. When the generated Bansa-specific card information is generated, the encrypted Bansa-specific card information among a plurality of information items included in the payment approval request text in the payment control module 705. Process the card information item including a blank and generate a payment approval request text including at least one information item and an affiliate store number which are not encrypted, and the generated payment approval request information card information in the communication module 735. Insert the encrypted bansa-specific card information generated by the encryption unit 710 in the blank, read the bansa identifier included in the encrypted bansa-specific card information to identify the bansa server to which the payment approval request text is transmitted. The function configuration of the POS terminal 700 having an information security function for each bansa to process the card payment by transmitting the payment approval request message inserted with the payment information to the verified bansa server, the present invention Those skilled in the art, the POS terminal 70 having the information security function for each bansa by referring to and / or modifying the Figure 7 While various implementation methods (e.g., implementation methods in which some components are omitted, subdivided, or combined) for the functional configuration of 0) may be inferred, the present invention includes all the implementation methods inferred above, The technical features are not limited only to the implementation method shown in FIG.

Hereinafter, in FIG. 7, a functional component that operates in connection with one or more modules of the card reader module 715, the payment control module 705, and the communication module 735 or may be implemented as an internal component of each module. The technical features of the present invention will be described by referring to "parts" for convenience, and the functional elements named "parts" are the card reader module 715, the payment control module 705 and It will be apparent that it is possible to interwork with one or more modules of one or more of the communication modules 735 or be implemented in the form of internal components of each module.

Referring to FIG. 7, the POS terminal 700 having an information security function for each Bansa includes a card reader module 715 for reading card information from a customer card, and an overall operation of card payment through the read card information. And a communication module 735 for controlling the payment control module 705 and a communication network connected to a communication network and connecting a communication channel with a bansa server required for card payment by the payment control module 705. The memory unit 753, the key input unit 725, the digital signature unit 720, and the screen output unit operating in association with at least one of the card reader module 715, the payment control module 705, and the communication module 735. 755, a print output unit 760, a security application module 763, and a power supply unit 730 for supplying power to the POS terminal 700. At least one terminal function It is possible to further comprises a (not shown).

The customer requesting payment through the POS terminal 700 includes a MS (Magnetic Stripe) card based on the ISO / IEC 7810 standard, and / or a contact IC card (or a wireless IC chip based on the ISO / IEC 7816 standard). And / or possesses (or owns) a customer card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, and the card reader module 715 stores the customer card. It characterized in that to provide an interface for reading at least one or more card information provided in.

According to the embodiment of the present invention, the card reader module 715 may be configured to provide an interface between the MS card and the POS terminal 700, an interface between the contact IC card and the POS terminal 700. Preferably, the contact IC reader includes one or more contactless IC readers that provide an interface between the contactless IC card and the POS terminal 700.

The MS reader unit is a card reader module 715 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil, and includes predetermined information (eg, magnetized binary). When the MS card on which (Binary) data is recorded moves in a predetermined direction in close contact with the magnetic head (or the magnetic head moves in close contact with an MS card in which predetermined information is recorded), a predetermined electrical signal is transmitted to the magnetic head. Reading card information (eg, credit card information, check card information, debit card information, cash card information, financial account information) from at least one track provided in the MS of the MS card by using It is characterized by.

The contact IC reader unit is a card reader module 715 based on ISO / IEC 7816, and includes at least one contact point that makes electrical contact with a chip on board (COB) provided in the contact IC card. It supplies the power to the IC chip of the IC card through the contact point, and the card information (for example, credit) from the IC chip through the half duplex transaction using an APDU (Application Protocol Data Unit) Card information, check card information, debit card information, cash card information, financial account information).

The contactless IC reader is a card reader module 715 based on ISO / IEC 14443. The contactless IC reader is a non-contact type electrical contact with the contactless IC card by using capacitive coupling and / or inductive coupling. It comprises at least one antenna, and supplies power to the IC chip of the IC card through the antenna, and the card information (for example, credit) from the IC chip through the half-duplex transaction using the APDU Card information, check card information, debit card information, cash card information, financial account information).

The payment control module 705, when the card payment processing through the card information read through the card reader module 715, generates a full payment approval request for the card payment, and generates the full payment approval request The display module outputs the payment approval result text corresponding to the payment approval request text message through the communication module 735 and the payment processing details included in the payment approval result text message through the communication module 735. It is characterized by controlling the overall operation of the card payment through the screen output through the 755, or the print output through the print output unit 760.

The communication module 735 is connected to a communication network to connect a communication channel with a bansa server required for card payment by the payment control module 705, the communication processing unit 745 for connecting and managing the communication channel Characterized in that comprises a.

The communication processing unit 745 may be a wired communication network including at least one or more xDSL-based wired communication network, public switched telephone network (PSTN), intelligent network, Ethernet, or the like, or code division multiple access (CDMA). / WCDMA (Wide-CDMA) based mobile communication network, HSDPA (High-Speed Downlink Packet Access) based wireless communication network, including at least one or more wireless communication network including IEEE 802.16x-based portable Internet to connect the communication channel with the bansa server It is characterized by.

According to an exemplary embodiment of the present invention, the communication module 735 may store point-of-sale management information stored in the memory unit 753 in addition to the communication processing unit 745 that connects a communication channel with a Bansa server for payment of the card. And a sales point manager 740 for processing point of sale management of the POS terminal 700 based on one or more product information, bar code information for each product (or RFID tag information), and sales price information for each product. It is characterized by.

When the point-of-sale manager 740 is provided in the communication module 735, the communication module 735 may include a barcode reader (or RFID reader) and one or more cable communication means (eg, RS-) for the point-of-sale management. 232c, the ability to connect cable communication sessions via USB (Universal Serial Bus), or Infrared Ray, RF (Radio Frequency), Bluetooth (BlueTooth), Wireless LAN, Wi-Fi (Wi- It is preferable that the at least one short range wireless communication means including at least one of Fi) and at least one ultra wide band system (UWB) is further provided with a function of connecting a short range communication session with the barcode reader (or RFID reader).

However, the point-of-sale manager 740 is not always implemented in the form of components in the communication module 735, and the point-of-sale manager 740 is a separate point-of-sale management module (not shown) according to the intention of those skilled in the art. It is possible to be provided in the POS terminal 700 in the form, by which the present invention is not limited.

In addition, those skilled in the art to which the present invention belongs, will be familiar with the technical features of the point of sale management unit 740 for processing point of sale management through the point of sale management information, detailed description thereof Will be omitted for convenience.

The memory unit 753 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the POS terminal 700 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the storage means described above, the payment control module 705 inputs a predetermined program routine and program data (for example, the program routine to be required to control the overall operation of the card payment to perform a predetermined function). Or output data).

According to an embodiment of the present invention, the memory unit 753 may include an affiliate store number to be included in the payment approval request text generated by the payment control module 705, card information read through the card reader module, and the key input unit ( 725 is included in the full text of the payment approval request, except for payment amount information input from the outside through a key communication or cable communication (or near field communication) and digital signature information input through the digital signature unit 720. Preferably, one or more full text inclusion information (not shown) corresponding to one or more information items is stored.

According to an embodiment of the present invention, the memory unit 753 includes a payment processing history storage area for storing payment processing details included in a payment approval result text received from a bansa server after approval of the payment approval request text. The payment processing history storage area may be omitted according to the intention of the skilled person, and the present invention is not limited thereto.

According to an embodiment of the present invention, the memory unit 753 may store one or more product information, bar code information (or RFID (tag) tag information) for each product managed by the POS terminal, and sales price information for each product. Preferably, at least one point of sale management information is stored.

The key input unit 725 includes a key having at least one or more key buttons including at least one numeric key and / or a character key and / or a function key. Detecting a key input signal input from an input device, and providing the input key input signal to the payment control module 705 or the communication module 735, the card payment function or the through the payment control module 705 Key data for providing a point-of-sale management function through the communication module 735 is input.

According to an embodiment of the present invention, the key input unit 725 performs a function of a key input means (or information input means) for inputting payment amount information to be included in the payment approval request text generated by the payment control module 705. It is desirable to.

The digital signature unit 720 receives a customer's signature digitally through a touch screen having a digital input function including any one of a pressure method and an electromagnetic induction sensor board method in the card payment process through the payment control unit, By providing the input digital signature information of the customer to the payment control module 705, the digital signature information for providing a card payment function through the payment control module 705 is characterized in that the input processing.

The screen output unit 755 previews one or more information or data defined to be output on the screen in the process of performing a card payment function through the payment control module 705 or a point of sale management function through the communication module 735. It characterized in that the output of the defined interface screen to the screen output device (for example, LCD (Liquid Crystal Display)).

According to the exemplary embodiment of the present invention, the screen output unit 755 outputs a screen for outputting the payment processing details included in the payment approval result message received through the communication module 735 in response to the payment approval request message. It is desirable to perform the function of the means.

The print output unit 760 is included in the payment approval result message received through the communication module 735 in response to the payment approval request message in the process of performing a card payment function through the payment control module 705. The payment processing details may be printed and output to a printing apparatus (eg, a receipt printer) according to a preset printing format.

According to the exemplary embodiment of the present invention, the print output unit 760 outputs a screen for outputting a payment processing history included in the full payment approval result received through the communication module 735 in response to the full payment approval request message. It is desirable to perform the function of the means.

The Secure Application Module (763) is a confidentiality and / or authentication required by the POS terminal 700 to perform electronic payment and / or electronic payment using the card. And / or safety devices for performing security requirements including integrity and / or nonrepudiation in a secure and reliable structure within the POS terminal 700 without using a server on a communication network. As an example, the POS terminal 700 encrypts or decrypts a predetermined message (information or data) that is processed in the process of performing a predetermined security request function (for example, an electronic payment and / or an electronic payment function). Adds an authenticator to prevent forgery (or tampering), or stores important information in the process of performing the security request function It is done.

In general, the security application module 763 is preferably composed of a predetermined security application module 763 inserter and a security application module 763 chip, the security application module 763 chip is a chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It is preferable to comprise a.

In addition, the security application module 763 is at least one or more security application data (eg, at least one identifier, version, expiration date, issue date, code value, etc.) required for the POS terminal 700 to perform a predetermined security request function ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocessing / cancellation command).

Referring to FIG. 7, the POS terminal 700 is connected to the card reader module, and when the card reader module reads card information from the customer card, the payment approval request message including the read card information is read. Check the transmitted Bansa server, verify the Bansa identifier and the Bansa encryption key for the verified Bansa server, encrypt the card information through the verified Bansa encryption key, and the Bansa to the encrypted card information It is characterized in that it comprises an encryption unit 710 for generating encrypted card information for each bansa attached to the identifier.

When card information is read from the customer card through the card reader module, the encryption unit 710 may identify a bansa server to which a full payment approval request message including the read card information is transmitted.

According to an exemplary embodiment of the present invention, the encryption unit 710 may identify a bansa server to which the payment approval request text is transmitted according to a plurality of bansa-specific distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 710 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 735 and approves the confirmed bansa server for the payment. It is desirable to check with the bansa server where the full request is sent.

According to another exemplary embodiment of the present invention, the encryption unit 710 may sequentially select (or arbitrarily select) a plurality of bansa to identify a bansa server to which the payment approval request text is transmitted.

When the bansa server to which the payment approval request message is transmitted is identified, the encryption unit 710 may include a bansa identifier (eg, a VAN_ID value) corresponding to the selected bansa server and an bansa encryption key (eg, the encryption unit 710). ) An encryption key set to decrypt only the bansa, or an encryption key paired with the decryption key included in the bansa.

According to an exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 710 in the program data (or a memory included in the encryption unit 710).

According to another exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 753, in which case the encryption unit 710 is the memory unit 753. It is preferable to check the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa server.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 763, in this case, the encryption unit 710 is the security application module 763 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

When the Bansa identifier and the Bansa encryption key corresponding to the Bansa server to which the payment approval request message is transmitted are confirmed, the encryption unit 710 is read from the card reader module 715 through the verified Bansa encryption key. And encrypting the card information, wherein the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is exposed in any case except the bansa server. It is characterized by not being.

When the card information read from the card reader module 715 is encrypted using the bansa encryption key, the encryption unit 710 attaches the checked bansa identifier to the card information encrypted through the bansa encryption key. It is characterized by generating the Bansa-encrypted card information.

According to another exemplary embodiment of the present invention, the encryption unit 710 may combine the card information and the bansa identifier, and then encrypt the bansa through the bansa's encryption key, whereby the present invention is not limited thereto.

Referring to FIG. 7 according to an embodiment of the present invention, the encryption unit 710 is illustrated as being provided between the card reader module 715 and the payment control module 705. However, the present invention is limited thereto. Never, the encryption unit 710 may be provided in the form of an internal component of the card reader module 715 or in the form of an internal component of the communication module 735, whereby the present invention It is not limited.

Referring to FIG. 7, the bansa encrypted card information generated by being encrypted by the encryption unit 710 is provided to the communication module 735.

Referring to FIG. 7, the payment control module 705 inputs and processes payment amount information through the key input unit 725 and inputs and processes digital signature information of a customer through the digital signature unit 720. 765 and a card information item including the encrypted Bansa card information among a plurality of information items constituting the full payment approval request in a blank space, and inputs the input payment amount information, digital signature information, and the memory unit. A professional generation unit 770 for generating a payment approval request message including an affiliate store number stored in 753 and the generated payment approval request message to the communication module 735 to be transmitted to a bansa server on a communication network. A specialized transmission unit 773 for receiving a payment approval result message corresponding to the full payment approval request message through the communication module 773 and the communication module 735, and the received Confirm the payment processing details included in the entire approval result, and output the payment processing details in connection with the screen output unit 755, or print the payment processing details in connection with the print output unit 760. Characterized in that it comprises a specialized output unit 780 to output.

The information input unit 765 outputs a payment amount input interface screen through the screen output unit 755, and inputs and processes payment amount information to be included in the full payment approval request from the key input unit 725.

According to another exemplary embodiment of the present invention, the information input unit 765 may add the sum of the product sales amount generated in the sales point management process of the sales point manager 740 included in the communication module 735 to the payment amount information. It is preferable to process the input with.

In addition, the information input unit 765 outputs a digital signature interface screen through the digital signature unit 720, and inputs and processes digital signature information to be included in the full payment approval request from the digital signature unit 720.

When the payment amount information and the digital signature information are input through the information input unit 765, the full text generation unit 770 includes a card containing the encrypted bansa-specific card information among a plurality of information items constituting the full text of the payment approval request. One or more information items (e.g., including information about the payment amount information and the digital signature information, including the merchant number stored in the memory unit 753), and pre-defined to be included in the full text of the payment approval request. , Credit approval / deauthorization information item, a document purchase information item, a document serial number item, etc.) is characterized in that for generating the full payment approval request.

When the payment approval request full text is generated by the full text generation unit 770, the full text transmission unit 773 provides the generated payment approval request full text to the communication module 735, thereby transmitting the communication module 735. Checks the bansa identifier included in the full payment approval request, and transmits the payment approval request message to the bansa server corresponding to the confirmed bansa identifier.

After the payment approval request message is transmitted to the bansa server, the specialized receiving unit 775 may receive a payment approval result message corresponding to the payment approval request message through the communication module 735.

Herein, the full payment approval result may include a payment processing history including a result of the payment approval of the payment amount through the card information read by decrypting the bansa encrypted card information. Is preferably made including any one of a payment approval result or a payment error result.

According to the exemplary embodiment of the present invention, the payment processing details included in the payment approval result received in the full text receiving unit 775 may include the encrypted card information for each bansa generated by the encrypting unit 710 as it is. It is preferable.

According to another exemplary embodiment of the present invention, the payment processing history included in the full payment approval result received through the full text receiving unit 775 may decrypt the bansa encrypted card information generated by the encrypting unit 710. Preferably, the card information includes card information, wherein a part of the card information is erased (or blanked), and the partial card information is included in the bansa server or the communication module 735. Is preferably treated by).

According to another exemplary embodiment of the present invention, the payment processing details included in the full text of the payment approval result received through the full text receiving unit 775 may be erased (or blank processed) from the entire card information item. The erasure (or blank processing) for the card information item is preferably processed by the bansa server or communication module 735.

When the full payment approval result is received through the full text receiver 775, the full text output unit 780 checks the details of payment processing included in the full text of the received payment approval result, and links with the screen output unit 755. It characterized in that the screen output the payment processing details.

In addition, the specialized output unit 780 checks whether the payment approval result is included in the payment processing history, and if the payment approval result is included in the payment processing history, the payment is linked with the print output unit 760. And print out the processing details.

Referring to FIG. 7, the communication module 735 receives the full payment approval request message in which a card information item is blanked from the text transmission unit 773 of the payment control module 705, and the encryption unit 710. Receiving the bansa-encrypted card information for each bansa, inserting the encrypted bansa-specific card information generated by the encryption unit 710 into the card information blank of the payment approval request specialist, and the bansa-encrypted card. And a specialized processor 750 for identifying a bansa identifier of the information and reading the identified bansa identifier to identify a bansa server to which the payment approval request message is transmitted, wherein the communication processor 745 includes: It is characterized by connecting the communication channel and the confirmed Bansa server, and transmits the full text of the payment approval request to the Bansa server through the communication channel.

When the professional payment unit 773 of the payment control module 705 provides the full payment approval request message, the specialty processing unit 750 adds a card information item from the specialty transmission unit 773 of the payment control module 705. Characterized in that it is provided with the full payment approval request processed in the blank, it is also characterized in that receiving the encrypted card information for each bansa from the encryption unit 710.

If the payment approval request is provided from the payment control module 705 is provided with a blank payment processing request information, and the encrypted card information for each bansa from the encryption unit 710, the specialized processing unit 750 is the Insert the encrypted Bansa-specific card information provided from the encryption unit 710 in the card approval space of the payment approval request specialist, characterized in that the complete payment approval request to be transmitted to the Bansa server.

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

In addition, the specialized processing unit 750 checks the bansa identifier included in the encrypted Bansa-specific card information provided from the encryption unit 710, reads the confirmed bansa identifier transmitted by the completed payment approval request telegram Characterized in that the check the Bansa server, the communication processing unit 745 is characterized in that for connecting the communication channel and the confirmed Bansa server, and transmits the full payment approval request message to the Bansa server through the communication channel. do.

Subsequently, when a payment approval result message corresponding to the payment approval request message is received from the bansa server through the communication processor 745, the expert processing unit 750 transmits the received payment approval result message to the payment control module ( 705).

According to an embodiment of the present invention, the payment approval result may include the encrypted card information for each bansa as it is, or part of the card information for decrypting the encrypted card information for each bansa may be erased (or blank) If partial card information (processed as blank) is included or the entire card information item is erased (or blanked), the specialty processing unit 750 retains the full payment approval result as it is. Is preferably provided.

According to another embodiment of the present invention, when the payment approval result message includes card information obtained by decrypting the bansa-encrypted card information, the specialized processor 750 erases (or blanks) a part of the card information. Blank) to generate the partial card information and update it to the full payment approval result, or erase the entire card information item (or process it as a blank) and display the full payment approval result message in the payment control module 705. It is preferable to provide.

FIG. 8 is a diagram illustrating a process of generating and transmitting a full payment approval request in a POS terminal 700 having information security for each bansa according to a third embodiment of the present invention.

In more detail, Figure 8 confirms the Bansa server to send the full payment approval request in the encryption unit 710 provided in the POS terminal 700 shown in Figure 7, and is read through the card reader module 715 If the card information is encrypted using an encryption key decrypted by the bansa server, and the bansa identifier corresponding to the verified bansa server is attached to the encrypted card information to generate encrypted bansa card information, the payment control module ( In step 705, the card information item including the encrypted Bansa card information among the plurality of information items included in the full payment approval request is processed as a blank, and the payment approval request including one or more information items and an affiliate store number which are not encrypted. Generates a full text message, generated by the encryption unit 710 in the card information blank of the generated payment approval request text message in the communication module 735. Inserts the encrypted Bansa-specific card information, reads the Bansa identifier included in the encrypted Bansa-specific card information, identifies a Bansa server to which the payment approval request text is transmitted, and checks the payment information to the verified Bansa server. Regarding the process of transmitting the inserted payment approval request text, a person having ordinary knowledge in the technical field to which the present invention pertains refers to the POS terminal having the information security function for each bansa by referring to and / or modifying the drawing 8. In operation 700, various implementation methods (for example, some steps may be omitted or the order may be changed) may be inferred in the process of generating and transmitting the full payment approval request. It is made, including the method, the technical features are not limited only to the implementation method shown in FIG.

For example, one of ordinary skill in the art to which the present invention belongs may infer an implementation method in which the process of inputting digital signature information and including a full text is omitted in the process illustrated in FIG. 8. It is characterized by including all the implementation method inferred.

Referring to FIG. 8, the card reader module 715 included in the POS terminal 700 illustrated in FIG. 7 reads card information from the customer card for card payment (800), and if the card information is from the customer card. If is read normally (805), the encryption unit 710 checks the Bansa server to which the payment authorization request message including the read card information is transmitted, and the Bansa identifier (for example, VAN_ID value) corresponding to the Bansa server and Verify the bansa encryption key (for example, an encryption key set to decrypt only the bansa encrypted information by the encryption unit 710, or an encryption key paired with the decryption key provided in the bansa) (810) .

According to an exemplary embodiment of the present invention, the encryption unit 710 may identify a bansa server to which the payment approval request text is transmitted according to a plurality of bansa-specific distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 710 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 735 and approves the confirmed bansa server for the payment. It is desirable to check with the bansa server where the full request is sent.

According to another exemplary embodiment of the present invention, the encryption unit 710 may sequentially select (or arbitrarily select) a plurality of bansa to identify a bansa server to which the payment approval request text is transmitted.

According to an exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 710 in the program data (or a memory included in the encryption unit 710).

According to another exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 753, in which case the encryption unit 710 is the memory unit 753. It is preferable to check the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa server.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 763, in this case, the encryption unit 710 is the security application module 763 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

Thereafter, the encryption unit 710 encrypts the card information read through the card reader module 715 with the verified Bansa encryption key (815).

Here, the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is not exposed in any case except the bansa server.

In addition, the encryption unit 710 attaches the verified bansa identifier to the encrypted card information to generate bansa encrypted card information (820).

According to another exemplary embodiment of the present invention, the encryption unit 710 may combine the card information and the bansa identifier, and then encrypt the bansa through the bansa's encryption key, whereby the present invention is not limited thereto.

If the bansa-encrypted card information is generated (825), the encryption unit 710 transmits the generated bansa-encrypted card information to the communication module 735 provided in the POS terminal 700 shown in FIG. (830).

In addition, the payment control module 705 provided in the POS terminal 700 shown in FIG. 7 is provided in the POS terminal 700 for card payment through the card information read through the card reader module 715. Input processing of the payment amount information to be included in the full payment approval request from the key input unit 725, and inputs the digital signature information to be included in the full payment approval request from the digital signature unit 720 (835).

According to another exemplary embodiment of the present invention, the payment control module 705 may calculate the sum of the sum of the merchandise sales amount generated in the sales point management process of the sales point manager 740 of the communication module 735. It is preferable to process the input with the information.

If the payment amount information and the digital signature information are input and processed (840), the payment control module 705 includes card information including the encrypted Bansa-specific card information among a plurality of information items constituting the full payment approval request. One or more information items (e.g., including the payment amount information and the digital signature information, including the affiliate store number stored in the memory unit 753), and predefined to be included in the full text of the payment approval request. Generate a payment approval request message including credit approval / disapproval information item, document purchase information item, document serial number item, etc.) and provide it to the communication module 735 provided in the POS terminal 700 shown in FIG. (845).

The communication module 735 included in the POS terminal 700 illustrated in FIG. 7 inserts the encrypted bansa-specific card information provided from the encryption unit 710 into the card approval space of the payment approval request specialist, thereby providing the bansa. Complete the full payment approval request to be sent to the server (850).

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

Further, after checking the bansa identifier of the encrypted card information for each bansa included in the completed payment approval result full text, and reading the checked bansa identifier to confirm the bansa server to which the payment approval request text is transmitted (855), A communication channel is connected with the checked bansa server and the full text of the payment approval request is transmitted to the bansa server through the communication channel (860).

FIG. 9 is a diagram illustrating a process of receiving and outputting a full payment approval result from a POS terminal 700 having information security for each bansa according to a third embodiment of the present invention.

In more detail, FIG. 9 transmits the payment approval request message to the Bansa server through the payment approval request message transmission process shown in FIG. 8 from the POS terminal 700 shown in FIG. The process of receiving and outputting a payment approval result text corresponding to a full text of a request for approval, and a person having ordinary knowledge in the technical field to which the present invention belongs, refer to and / or modify this drawing 9 to provide information on each bansa Various implementation methods (for example, some steps may be omitted or the order may be changed) may be inferred in the process of receiving and outputting the payment approval result full text in the POS terminal 700 having the safety function. The invention includes all the inferred implementation methods, and the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 9, after transmitting the full payment approval request message to the Bansa server through the payment approval request message transmission process illustrated in FIG. 8, the POS terminal 700 illustrated in FIG. 7 is transmitted to the POS terminal 700. The provided communication module 735 checks whether the payment approval result text corresponding to the payment approval request text message is received from the bansa server (900).

If the full payment approval result is received (905), the communication module 735 checks whether the encrypted card information is included in the payment processing details included in the full payment approval result (910).

If the payment approval result does not include the encrypted card information in the preamble (915), the communication module 735 generates partial card information by deleting a part of the card information (or treating it as a blank). The payment approval result is updated to the full text or the entire card information item is erased (or blanked) (920).

On the other hand, if the payment approval result contains encrypted card information in the preamble (915), the communication module 735 is a payment control module provided in the POS terminal 700 shown in FIG. 705).

According to another exemplary embodiment of the present invention, in addition to the bansa-encrypted card information, the part of the card information that decrypts the bansa-encrypted card information is erased (or blanked) in the entire payment approval result. Even if partial card information is included or the entire card information item is erased (or blanked), the communication module 735 provides the full payment approval result to the payment control module 705 as it is. It is desirable to.

Thereafter, the payment control module 705 checks the payment processing history included in the received payment approval result full text, outputs the payment processing history, and if the payment processing history includes the payment approval result, The payment processing history is printed out (930).

FIG. 10 is a diagram illustrating a functional configuration of a POS terminal 1000 having an information security function for each bansa according to a fourth embodiment of the present invention.

In more detail, FIG. 10 illustrates a card reader module 1015 for reading card information from a customer card, a payment control module 1005 for controlling the overall operation of card payment, and a payment control module 1005 connected to a communication network. In a POS terminal 1000 having a communication module 1035 for connecting and managing a communication channel with a bansa server for card payment by a bansa, the bansa server for transmitting a full payment approval request message when paying a card using the customer card. Confirming, encrypting the card information read through the card reader module 1015 through an encryption key decrypted by the bansa server, and attaching a bansa identifier corresponding to the checked bansa server to the encrypted card information. When the encrypted Bansa-specific card information is generated, the encrypted Bansa stars among the plurality of information items included in the payment approval request text in the payment control module 1005. The card information item including the card information is processed as a blank, a payment approval request message including one or more information items and an affiliate store number which are not encrypted is generated, and the payment approval request specialist generated by the communication module 1035 is generated. Insert the encrypted bansa-specific card information generated by the encryption unit 1010 in the card information blank, read the bansa identifier included in the encrypted bansa-specific card information and the Bansa server to which the full payment approval request message is transmitted. Check and transmit the payment approval request message inserted with the payment information to the verified Bansa server to process the card payment, the encryption unit 1010 further encrypts the payment amount information to generate encrypted payment amount information or And / or further encrypt the digital signature information to generate encrypted digital signature information, and the payment control module 1005 The payment amount information item of the authorized approval request specialist is further processed to be blank, and / or the digital approval information item of the payment approval request specialist is further processed to be blank, and the communication module 1035 performs the payment approval request specialist's payment. The encrypted payment amount information generated through the encryption unit 1010 is inserted in the amount information space, and / or the encrypted digital generated through the encryption unit 1010 in the digital signature information space of the payment approval request message. FIG. 10 illustrates a functional configuration of a POS terminal 1000 having an information security function for each bansa having a function of inserting signature information, and a person having ordinary knowledge in the technical field to which the present invention pertains may refer to FIG. 10. And / or various modifications to the functional configuration of the POS terminal 1000 having the information security function for each bansa (eg, some components may be omitted or three). Differentiated or combined implementation methods) may be inferred, but the present invention includes all the implementation methods inferred above, and the technical features are not limited to the implementation method shown in FIG.

For example, one of ordinary skill in the art to which the present invention belongs may infer an implementation method in which only one of the payment amount information and the digital signature information is encrypted and the other is not encrypted, and the present invention may It is clearly to be understood that this includes all inferred methods of implementation.

Hereinafter, in FIG. 10, a functional component that operates in connection with one or more modules of the card reader module 1015, the payment control module 1005, and the communication module 1035, or may be implemented as an internal component of each module. For convenience, the technical features of the present invention will be described by referring to "parts", and the functional elements named "parts" are the card reader module 1015, the payment control module 1005, and the intention of those skilled in the art. It will be apparent that it is possible to interwork with one or more of the modules of the communication module 1035 or to be implemented in the form of internal components of each module.

Referring to FIG. 10, the POS terminal 1000 having an information security function for each Bansa includes a card reader module 1015 for reading card information from a customer card, and an overall operation of card payment through the read card information. And a communication module 1035 for controlling a payment control module 1005 and a communication network connected to a communication network to connect a communication channel with a bansa server required for card payment by the payment control module 1005. A memory unit 1053, a key input unit 1205, a digital signature unit 1020, and a screen output unit that operate in conjunction with at least one of the card reader module 1015, the payment control module 1005, and the communication module 1035. 1055 and a print output unit 1060, a security application module 1063 (Security Application Module (SAM)) and a power supply unit 1030 for supplying power to the POS terminal 1000, according to the intention of the skilled person At least one It is possible to further comprise a terminal function unit (not shown).

Customers requesting payment through the POS terminal 1000 may include an MS (Magnetic Stripe) card based on ISO / IEC 7810 standard and / or a contact IC card (or wireless IC chip based on ISO / IEC 7816 standard). And / or possesses (or owns) a customer card including at least one contactless IC card (or wireless IC chip) based on the ISO / IEC 14443 standard, and the card reader module 1015 stores the customer card. It characterized in that to provide an interface for reading at least one or more card information provided in.

According to the exemplary embodiment of the present invention, the card reader module 1015 may include an MS reader unit providing an interface between the MS card and the POS terminal 1000, and an interface between the contact IC card and the POS terminal 1000. Preferably, the contact IC reader includes one or more contactless IC readers that provide an interface between the contactless IC card and the POS terminal 1000.

The MS reader unit is a card reader module 1015 based on ISO / IEC 7810, and includes at least one magnetic head including a predetermined coil, and includes predetermined information (eg, magnetized binary). When the MS card on which (Binary) data is recorded moves in a predetermined direction in close contact with the magnetic head (or the magnetic head moves in close contact with an MS card in which predetermined information is recorded), a predetermined electrical signal is transmitted to the magnetic head. Reading card information (eg, credit card information, check card information, debit card information, cash card information, financial account information) from at least one track provided in the MS of the MS card by using It is characterized by.

The contact IC reader unit is a card reader module 1015 based on ISO / IEC 7816, and includes at least one contact point making electrical contact with a chip on board (COB) provided in a contact IC card. It supplies the power to the IC chip of the IC card through the contact point, and the card information (for example, from the IC chip through the half-duplex transaction using the APDU (Application Protocol Data Unit)) Credit card information, check card information, debit card information, cash card information, financial account information).

The contactless IC reader unit is a card reader module 1015 based on ISO / IEC 14443. The contactless IC reader unit uses at least an electrical contact with the contactless IC card by using capacitive coupling and / or inductive coupling. It comprises one or more antennas, and supplies power to the IC chip of the IC card through the antenna, and card information (eg credit card) from the IC chip through the half-duplex transaction using the APDU Information, check card information, debit card information, cash card information, financial account information).

The payment control module 1005, when the card payment processing through the card information read through the card reader module 1015, generates a full payment approval request for the card payment, and generates the full payment approval request The display module outputs the payment approval result text corresponding to the payment approval request text message through the communication module 1035, and transmits the payment processing details included in the payment approval result text message through the communication module 1035. It is characterized by controlling the overall operation of the card payment through the screen output through the 1055, or the print output through the print output unit 1060.

The communication module 1035 is connected to a communication network and connects a communication channel with a bansa server required for card payment by the payment control module 1005, and the communication processing unit 1045 for connecting and managing the communication channel. Characterized in that comprises a.

The communication processing unit 1045 may be a wired communication network including at least one or more xDSL-based wired communication network, public switched telephone network (PSTN), intelligent network, Ethernet, or the like, or code division multiple access (CDMA). / WCDMA (Wide-CDMA) based mobile communication network, HSDPA (High-Speed Downlink Packet Access) based wireless communication network, including at least one or more wireless communication network including IEEE 802.16x-based portable Internet to connect the communication channel with the bansa server It is characterized by.

According to an exemplary embodiment of the present invention, the communication module 1035 may store sales point management information (for example, stored in the memory unit 1053) in addition to the communication processor 1045 for connecting a communication channel with a bansa server for card payment. And a sales point manager 1040 which processes the sales point management of the POS terminal 1000 based on one or more product information, bar code information for each product (or RFID tag information), and sales price information for each product. It is characterized by.

When the point-of-sale manager 1040 is provided in the communication module 1035, the communication module 1035 may include a barcode reader (or RFID reader) and one or more cable communication means (eg, RS-) for the point-of-sale management. 232c, the ability to connect cable communication sessions via USB (Universal Serial Bus), or Infrared Ray, RF (Radio Frequency), Bluetooth (BlueTooth), Wireless LAN, Wi-Fi (Wi- It is preferable that the at least one short-range wireless communication means including at least one of Fi) and at least one ultra wide band system (UWB) is further provided with a function of connecting the short-range communication session with the barcode reader (or RFID reader).

However, the point-of-sale manager 1040 is not implemented in the form of components only in the communication module 1035, and the point-of-sale manager 1040 is a separate point-of-sale management module (not shown) according to the intention of those skilled in the art. It is possible to be provided in the POS terminal 1000 in the form, whereby the present invention is not limited.

In addition, those skilled in the art to which the present invention belongs, will be familiar with the technical features of the point-of-sale management unit 1040 for processing point-of-sale management through the point-of-sale management information, detailed description thereof Will be omitted for convenience.

The memory unit 1053 is input and output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the POS terminal 1000 is performed. General term of non-volatile memory for storing information or data), at least one of which includes EEPROM (Electrically Erasable and Programmable Read Only Memory) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD) in hardware. It includes the above storage means, and the predetermined program routine and program data (for example, the program routine is required for the payment control module 1005 to control the overall operation of the card payment input or to perform a predetermined function or Output data) is stored.

According to the exemplary embodiment of the present invention, the memory unit 1053 may include an affiliate store number to be included in the payment approval request text generated by the payment control module 1005, card information read through the card reader module, and the key input unit ( 1205 is included in the full text of the payment approval request, except for the payment amount information input through the key or from the outside through cable communication (or near field communication) and the digital signature information input through the digital signature unit 1020. Preferably, one or more full text inclusion information (not shown) corresponding to one or more information items is stored.

According to an embodiment of the present invention, the memory unit 1053 includes a payment processing history storage area for storing payment processing details included in the payment approval result text received from the bansa server after payment approval for the payment approval request text. The payment processing history storage area may be omitted according to the intention of the skilled person, and the present invention is not limited thereto.

According to an embodiment of the present invention, the memory unit 1053 may store one or more product information managed by the POS terminal, bar code information for each product (or radio frequency identification (RFID) tag information), and sales price information for each product. Preferably, at least one point of sale management information is stored.

The key input unit 1205 includes a key having at least one key button including at least one numeric key and / or a character key and / or a function key. Detecting a key input signal input from an input device, and providing the input key input signal to the payment control module 1005 or the communication module 1035, the card payment function or the through the payment control module 1005 Key data for providing a point-of-sale management function through the communication module 1035 is input.

According to an embodiment of the present invention, the key input unit 1205 performs a function of a key input means (or information input means) for inputting payment amount information to be included in a payment approval request message generated by the payment control module 1005. It is desirable to.

The digital signature unit 1020 digitally receives the customer's signature through a touch screen with a digital input function including any one of a pressure method and an electromagnetic induction sensor board method in the card payment process through the payment control unit, By providing the input digital signature information of the customer to the payment control module 1005, characterized in that for processing the digital signature information for providing a card payment function through the payment control module 1005.

The screen output unit 1055 presets one or more information or data defined to be output on the screen in the process of performing a card payment function through the payment control module 1005 or a point of sale management function through the communication module 1035. It characterized in that the output of the defined interface screen to the screen output device (for example, LCD (Liquid Crystal Display)).

According to the exemplary embodiment of the present invention, the screen output unit 1055 outputs a screen for outputting the payment processing details included in the full payment approval result received through the communication module 1035 in response to the full payment approval request message. It is desirable to perform the function of the means.

The print output unit 1060 may be included in the payment approval result message received through the communication module 1035 in response to the payment approval request message in the process of performing a card payment function through the payment control module 1005. The payment processing details may be printed and output to a printing apparatus (eg, a receipt printer) according to a preset printing format.

According to the exemplary embodiment of the present invention, the print output unit 1060 outputs a screen for outputting the payment processing details included in the payment approval result message received through the communication module 1035 in response to the payment approval request message. It is desirable to perform the function of the means.

The secure application module (1063) is a confidentiality and / or authentication required by the POS terminal 1000 in the process of performing electronic payment and / or electronic payment using the card. And / or safety devices for performing security requirements including integrity and / or nonrepudiation in a secure and reliable structure within the POS terminal 1000 without using a server on a communication network. As an example, the POS terminal 1000 encrypts or decrypts a predetermined message (information or data) that is processed in the course of performing a predetermined security request function (eg, an electronic payment and / or an electronic payment function). Adding an authenticator that prevents forgery (or tampering), or performing the function of storing sensitive key information in the course of performing the security request function. And a gong.

In general, the security application module 1063 is preferably composed of a predetermined security application module 1063 inserter and the security application module 1063 chip, the security application module 1063 is a chip containing at least 8-bit CPU Application Specific Integrated Circuit (ASIC) chips (eg, PLCC 44-pin chips) and / or IC chips (eg, IC cards in the form of subscriber identity modules (SIMs)) with performance of 2 MIPS (Million Instructions Per Second) or more. It is preferable to comprise a.

In addition, the security application module 1063 may include at least one or more security application data (eg, at least one or more identifier, version, expiration date, issue date, code value, etc.) required for the POS terminal 1000 to perform a predetermined security request function. ) And / or keys (e.g., one master key and at least one application key) and / or protocols (e.g., trading protocols, re-transaction protocols, previous transaction cancellation protocols, collection protocols, SAM issuance protocols, (e-money company / card company) Registration protocol, authorization protocol, mode switching protocol, key download protocol, SAM revocation protocol) and / or commands (e.g., at least one read / authentication / transmission / registration / setting / mode switching / collection / deletion / disposal / initialization) / Reprocessing / cancellation command).

Referring to FIG. 10, the POS terminal 1000 is connected to the card reader module, and when the card reader module reads card information from the customer card, the payment approval request message including the read card information is read. Check the transmitted Bansa server, verify the Bansa identifier and the Bansa encryption key for the verified Bansa server, encrypt the card information through the verified Bansa encryption key, and the Bansa to the encrypted card information And an encryption unit 1010 for generating encrypted card information for each bansa by attaching an identifier, wherein the encryption unit 1010 further encrypts the payment amount information to generate encrypted payment amount information, or And / or further encrypt the digital signature information to generate encrypted digital signature information.

When card information is read from the customer card through the card reader module, the encryption unit 1010 may identify a bansa server to which a full payment approval request message including the read card information is transmitted.

According to the exemplary embodiment of the present invention, the encryption unit 1010 preferably checks the bansa server to which the payment approval request message is transmitted according to a plurality of bansa-specific distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 1010 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 1035, and approves the confirmed bansa server for the payment. It is advisable to check with the bansa server to which the full request will be sent.

According to another exemplary embodiment of the present invention, the encryption unit 1010 preferably selects (or arbitrarily selects) a plurality of bansa to check the bansa server to which the full payment approval request is transmitted.

When the Bansa server to which the full payment approval request message is transmitted is identified, the encryption unit 1010 may include a Bansa identifier (eg, a VAN_ID value) corresponding to the selected Bansa server and an bansa encryption key (eg, the encryption unit 1010). ) An encryption key set to decrypt only the bansa, or an encryption key paired with the decryption key included in the bansa.

According to the exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 1010 in program data (or a memory included in the encryption unit 1010).

According to another exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 1053. In this case, the encryption unit 1010 is the memory unit 1053. It is preferable to check the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa server.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 1063, in this case, the encryption unit 1010 is the security application module 1063 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

When the Bansa identifier and the Bansa encryption key corresponding to the Bansa server to which the payment approval request message is transmitted are confirmed, the encryption unit 1010 is read from the card reader module 1015 through the verified Bansa encryption key. And encrypting the card information, wherein the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is exposed in any case except the bansa server. It is characterized by not being.

When the card information read from the card reader module 1015 is encrypted using the Bansa encryption key, the encryption unit 1010 attaches the verified Bansa identifier to the card information encrypted through the Bansa encryption key. It is characterized by generating the Bansa-encrypted card information.

According to another exemplary embodiment of the present invention, the encryption unit 1010 may combine the card information and the bansa identifier and then encrypt the bansa through the bansa's encryption key, whereby the present invention is not limited thereto.

Referring to FIG. 10 according to an embodiment of the present invention, the encryption unit 1010 is illustrated as being provided between the card reader module 1015 and the payment control module 1005, but the present invention is limited thereto. Never, the encryption unit 1010 may be provided in the form of an internal component of the card reader module 1015 or in the form of an internal component of the communication module 1035, whereby the present invention It is not limited.

The encryption unit 1010 may output a payment amount input interface screen through the screen output unit 1055 and input and process payment amount information to be included in the full payment approval request from the key input unit 1205. And encrypting the input payment amount information to generate encrypted payment amount information.

According to another exemplary embodiment of the present invention, the encryption unit 1010 may calculate the sum amount of the product sales amount generated in the sales point management process of the sales point management unit 1040 included in the communication module 1035, the payment amount information. It is preferable to process the input with.

In addition, the encryption unit 1010 outputs a digital signature interface screen through the digital signature unit 1020, and inputs the digital signature information to be included in the full text of the payment approval request from the digital signature unit 1020, And encrypting the input digital signature information to generate encrypted digital signature information.

Referring to FIG. 10, the bansa encrypted card information, the encrypted payment amount information, and the encrypted digital signature information generated by the encryption unit 1010 are provided to the communication module 1035. do.

Referring to FIG. 10, the payment control module 1005 may include a card information item including the encrypted Bansa card information and an encrypted payment amount information among a plurality of information items constituting the full payment approval request. A full text generation unit 1070 for processing the digital signature information item including the amount information item and the digital signature information in a blank area and generating a full text of the payment approval request including the affiliate store number stored in the memory unit 1053; A specialized transmission unit 1073 for providing the received payment approval request message to the communication module 1035 to be transmitted to a bansa server on a communication network, and the payment approval corresponding to the payment approval request message through the communication module 1035. A professional receiving unit 1075 for receiving a result full text, checks the details of payment processing included in the received payment approval result full text, and associates with the screen output unit 1055. It is characterized in that it comprises a specialized output unit (1080) for outputting the payment processing details or print out the payment processing details in conjunction with the print output unit (1060).

The full text generation unit 1070 may include a card information item including the encrypted Bansa card information and a payment amount information item and digital signature information among a plurality of information items constituting the full payment approval request. Processes the digital signature information item including a blank, including the payment amount information and digital signature information, including the merchant number stored in the memory unit 1053, and pre-defined to be included in the full payment approval request Characterized in that the full payment approval request including the above information items (for example, credit approval / deauthorization information items, purchase information information items, document serial number items, etc.).

When the payment approval request full text is generated by the full text generation unit 1070, the full text transmission unit 1073 provides the generated payment approval request full text to the communication module 1035, thereby providing the communication module 1035. Checks the bansa identifier included in the payment approval request message, and transmits the payment approval request message to the bansa server corresponding to the confirmed bansa identifier.

After the payment approval request message is transmitted to the bansa server, the specialized receiving unit 1075 may receive a payment approval result message corresponding to the payment approval request message through the communication module 1035.

Here, the full text of the payment approval result includes a payment processing history including a result of the payment approval of the payment amount read by decrypting the encrypted payment amount information through the card information read by decrypting the bansa encrypted card information. Preferably, the payment processing details include any one of a payment approval result or a payment error result.

According to the exemplary embodiment of the present invention, the payment processing history included in the full payment approval result received through the specialized receiving unit 1075 includes the bansa-encrypted card information generated by the encryption unit 1010 as it is. It is preferable.

According to another exemplary embodiment of the present invention, the payment processing details included in the full payment approval result received through the specialized receiving unit 1075 may be obtained by decrypting the bansa encrypted card information generated by the encryption unit 1010. Preferably, the card information includes partial card information including a portion of the card information that has been erased (or processed into a blank), and the partial card information is stored in the bansa server or the communication module 1035. It is preferable to process by.

According to another exemplary embodiment of the present invention, the payment processing details included in the full payment approval result received through the full text receiving unit 1075 may be erased (or blanked) from the entire card information item. The erasure (or blank processing) for the card information item is preferably processed by the bansa server or communication module 1035.

When the payment approval result full text is received through the full text receiver 1075, the full text output unit 1080 checks the details of payment processing included in the full text of the received payment approval result and associates with the screen output unit 1055. It characterized in that the screen output the payment processing details.

In addition, the specialized output unit 1080 checks whether a payment approval result is included in the payment processing history, and if the payment approval result is included in the payment processing history, the payment is linked with the print output unit 1060. And print out the processing details.

Referring to FIG. 10, the communication module 1035 receives a full payment approval request message in which a card information item is processed from a full text transmission unit 1073 of the payment control module 1005, and the encryption unit 1010. Receiving the encrypted card information, the encrypted payment amount information, and the encrypted digital signature information for each bansa, and the encrypted bansa stars generated by the encryption unit 1010 in the card information field of the payment approval request specialist. Insert card information, insert the encrypted payment amount information generated by the encryption unit 1010 into the payment amount information field of the payment approval request text message, and / or the digital signature information space of the payment approval request text message Inserting the encrypted digital signature information generated by the encryption unit 1010, checking the bansa identifier of the encrypted card information for each bansa, and checking the bansa equation And a specialized processor 1050 for identifying a bansa server to which the payment approval request message is transmitted by reading an asterisk, and the communication processor 1045 connects a communication channel with the checked bansa server. Characterized in that the transmission of the payment approval request message to the bansa server through the communication channel.

When the professional payment unit 1073 of the payment control module 1005 provides the full payment approval request message, the specialty processing unit 1050 may add card information items from the specialty transmission unit 1073 of the payment control module 1005. Characterized in that it is provided with the full payment approval request processed in the blank, it is also characterized in that receiving the encrypted card information for each bansa from the encryption unit 1010.

If the payment approval request is provided from the payment control module (1005) the entire payment approval request is provided in the blank, and the encrypted card information for each bansa provided from the encryption unit 1010, the specialized processing unit 1050 is the Insert the encrypted Bansa-specific card information provided from the encryption unit 1010 into the card information blank of the payment approval request specialist and encrypt the payment amount information blank of the payment approval request specialist. Insert the payment amount information, and / or insert the encrypted digital signature information generated by the encryption unit 1010 into the digital signature information space of the payment approval request specialist and transmit the payment approval request text to the bansa server. It is characterized by completing.

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

In addition, the specialized processing unit 1050 checks the bansa identifier included in the encrypted Bansa-specific card information provided from the encryption unit 1010, reads the verified bansa identifier and transmits the completed payment approval request message. Characterized in that the check the Bansa server, the communication processing unit 1045 is characterized in that for connecting the communication channel and the confirmed Bansa server, and transmits the full payment approval request message to the Bansa server through the communication channel. do.

Subsequently, when the payment approval result message corresponding to the payment approval request message is received from the bansa server through the communication processor 1045, the expert processing unit 1050 transmits the received payment approval result message to the payment control module ( 1005) characterized in that provided.

According to an exemplary embodiment of the present invention, the payment approval result may include the encrypted card information for each bansa as it is, or part of the card information for decrypting the encrypted card information for each bansa may be erased (or blank). Or the entire card information item is erased (or blanked), the professional processing unit 1050 retains the full payment approval result as it is. It is preferable to provide.

According to another embodiment of the present invention, when the payment approval result message includes card information obtained by decrypting the bansa-encrypted card information, the specialized processing unit 1050 erases (or blanks) a part of the card information. Blank) to generate the partial card information and update it to the full payment approval result, or erase the entire card information item (or process it as a blank), and then write the full payment approval result message to the payment control module 1005. It is preferable to provide.

FIG. 11 is a diagram illustrating a process of generating and transmitting a full payment approval request in a POS terminal 1000 having information security for each bansa according to a fourth embodiment of the present invention.

In more detail, Figure 11 confirms the Bansa server to send the full payment approval request in the encryption unit 1010 provided in the POS terminal 1000 shown in Figure 10, and is read through the card reader module 1015 If the card information is encrypted using an encryption key decrypted by the bansa server, and the bansa identifier corresponding to the verified bansa server is attached to the encrypted card information to generate encrypted bansa card information, the payment control module ( In step 1005, the card information item including the encrypted Bansa card information among the plurality of information items included in the full payment approval request is processed as a blank, and the payment approval request including one or more information items and an affiliate store number which are not encrypted. Generating the full text, generated by the encryption unit 1010 in the card information blank of the payment approval request professional generated in the communication module 1035. Insert the encrypted bansa-specific card information, read the bansa identifier included in the encrypted bansa-specific card information to confirm the bansa server to which the payment approval request text is transmitted, and the payment information to the verified bansa server Transmits the payment approval request message inserted therein, but the encryption unit 1010 further encrypts the payment amount information to generate encrypted payment amount information, and / or further encrypts the digital signature information to encrypt the encrypted digital signature information. Generating, the payment control module 1005 further processes the payment amount information item of the payment approval request text in a blank space, and / or processes the digital signature information item of the payment approval request text in a blank space, and performs the communication. The module 1035 is an encrypted payment amount generated by the encryption unit 1010 in the payment amount information space of the payment approval request message. Inserting the information, and / or the process of inserting the encrypted digital signature information generated by the encryption unit 1010 in the digital signature information blank of the payment approval request specialist, the general knowledge in the technical field to which the present invention belongs If there is a person with, various implementation methods (for example, some steps) for the process of generating and transmitting the full payment approval request in the POS terminal 1000 having the information security function for each bansa by referring to and / or modified in this figure 11 May be omitted or the order may be changed), but the present invention includes all the inferred implementation methods, and the technical features are not limited to the implementation method illustrated in FIG.

For example, one of ordinary skill in the art to which the present invention belongs may infer an implementation method in which the process of inputting digital signature information and including a full text is omitted in the process illustrated in FIG. 11. It is characterized by including all the implementation method inferred.

In addition, if one of ordinary skill in the art to which the present invention belongs, only one of the payment amount information and digital signature information is encrypted, the other one can be inferred the implementation method is not encrypted, the present invention is It is clearly to be understood that this includes all inferred methods of implementation.

Referring to FIG. 11, the card reader module 1015 of the POS terminal 1000 illustrated in FIG. 10 reads card information from a customer card for card payment (1100), and if the card information is from the customer card. When 1105 is normally read (1105), the encryption unit 1010 checks the bansa server to which the payment approval request message including the read card information is transmitted, and a bansa identifier (eg, a VAN_ID value) corresponding to the bansa server. Verify the bansa encryption key (eg, an encryption key set to decrypt only the bansa encrypted information by the encryption unit 1010, or an encryption key paired with the decryption key provided in the bansa) (1110) .

According to the exemplary embodiment of the present invention, the encryption unit 1010 preferably checks the bansa server to which the payment approval request message is transmitted according to a plurality of bansa-specific distribution policies (not shown).

According to another exemplary embodiment of the present invention, the encryption unit 1010 checks a bansa server having a good communication channel connection among a plurality of bansa in connection with the communication module 1035, and approves the confirmed bansa server for the payment. It is desirable to check with the bansa server where the full request is sent.

According to another exemplary embodiment of the present invention, the encryption unit 1010 preferably selects (or arbitrarily selects) a plurality of bansa to check the bansa server to which the full payment approval request is transmitted.

According to the exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the encryption unit 1010 in program data (or a memory included in the encryption unit 1010).

According to another exemplary embodiment of the present invention, the bansa identifier and the bansa encryption key are preferably stored in the secure area of the memory unit 1053. In this case, the encryption unit 1010 is the memory unit 1053. It is preferable to check the bansa identifier and the bansa encryption key corresponding to the checked bansa server from the security area of the bansa server.

According to another embodiment of the present invention, the bansa identifier and the bansa encryption key is preferably stored in the security application module 1063, in this case, the encryption unit 1010 is the security application module 1063 It is preferable to confirm the bansa identifier and the bansa encryption key corresponding to the verified bansa server from the.

Thereafter, the encryption unit 1010 encrypts the card information read through the card reader module 1015 with the verified Bansa encryption key (1115).

Here, the encrypted card information is decrypted only through a decryption key provided in the bansa server corresponding to the bansa identifier, and the card information is not exposed in any case except the bansa server.

In addition, the encryption unit 1010 generates the encrypted card information for each bansa by attaching the verified bansa identifier to the encrypted card information (1120).

According to another exemplary embodiment of the present invention, the encryption unit 1010 may combine the card information and the bansa identifier and encrypt the bansa through the bansa's encryption key, thereby not limiting the present invention.

If the Bansa-encrypted card information is generated (1125), the encryption unit 1010 inputs the payment amount information to be included in the full payment approval request from the key input unit 1205 provided in the POS terminal 1000 and The digital signature unit 1020 processes the digital signature information to be included in the payment approval request message in full (1130).

According to another exemplary embodiment of the present invention, the payment control module 1005 may include the sum of the sum of the merchandise sales amount generated in the sales point management process of the sales point management unit 1040 included in the communication module 1035, the settlement amount. It is preferable to process the input with the information.

If the payment amount information and digital signature information are input and processed (1135), the encryption unit 1010 encrypts the payment amount information with the Bansa encryption key to generate encrypted payment amount information, and the digital signature information The encrypted digital signature information is generated by encrypting with the bansa encryption key (1140).

Thereafter, the encryption unit 1010 includes the communication module 1035 provided in the POS terminal 1000 illustrated in FIG. 4 with the generated Bansa-encrypted card information, encrypted payment amount information, and encrypted digital signature information. Provided by (1145).

In addition, the payment control module 1005 of the POS terminal 1000 illustrated in FIG. 10 is provided in the POS terminal 1000 for card payment through the card information read through the card reader module 1015. The input key processing unit 1205 inputs and processes payment amount information to be included in the payment approval request text, and inputs and processes digital signature information to be included in the payment approval request text from the digital signature unit 1020 (1150).

According to another exemplary embodiment of the present invention, the payment control module 1005 may include the sum of the sum of the merchandise sales amount generated in the sales point management process of the sales point management unit 1040 included in the communication module 1035, the settlement amount. It is preferable to process the input with the information.

If the payment amount information and digital signature information are input and processed (1155), the payment control module 1005 includes card information including the encrypted Bansa-specific card information among a plurality of information items constituting the full payment approval request. Processing the item and the payment amount information item including the encrypted payment amount information and the digital signature information item including the digital signature information into blanks, including the payment amount information and digital signature information, and the memory unit 1053. Payment authorization request, including the merchant number stored in, and including one or more information items (eg, credit approval / cancellation information item, purchase purchase information item, document serial number item, etc.) that are predefined to be included in the full payment approval request. The full text is generated and provided to the communication module 1035 provided in the POS terminal 1000 illustrated in FIG. 10 (1160).

The communication module 1035 included in the POS terminal 1000 illustrated in FIG. 10 inserts the encrypted bansa-specific card information provided from the encryption unit 1010 into the card information blank of the payment approval request specialist, and Insert the encrypted payment amount information generated by the encryption unit 1010 in the payment amount information space of the payment approval request text, and / or by the encryption unit 1010 in the digital signature information space of the payment approval request text. Inserting the generated encrypted digital signature information to complete the full payment approval request to be sent to the bansa server (1165).

According to another exemplary embodiment of the present invention, the encrypted card information and the bansa identifier in the bansa-encrypted card information may be included in different information items according to the full-text structure of the payment approval request message. It is clear that this is not a limitation.

In addition, after checking the bansa identifier of the encrypted card information for each bansa included in the completed payment approval result full text, and read the confirmed bansa identifier to check the bansa server to which the payment approval request text is transmitted (1170). A communication channel is connected with the checked bansa server, and the full text of the payment approval request is transmitted to the bansa server through the communication channel (1175).

FIG. 12 is a diagram illustrating a process of receiving and outputting a full payment approval result in a POS terminal 1000 having an information security function for each bansa according to a fourth embodiment of the present invention.

In detail, FIG. 12 shows the payment approval request message transmitted to the bansa server from the POS terminal 1000 shown in FIG. 10 to the bansa server through the full payment approval request message shown in FIG. 11, and then the payment from the bansa server. The process of receiving and outputting a payment approval result text corresponding to a full text of a request for approval, and a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or modify the drawing 12 and the information security for each bansa. Various implementation methods (for example, some steps may be omitted or the order may be changed) may be inferred in the process of receiving and outputting a payment approval result full text in the POS terminal 1000 having a function, but the present invention Is made including all the inferred implementation method, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 12, the POS terminal 1000 shown in FIG. 10 transmits the full payment approval request message to the bansa server through the payment approval request message transmission process shown in FIG. The provided communication module 1035 checks whether the payment approval result text corresponding to the payment approval request text message is received from the bansa server (1200).

If the full payment approval result is received (1205), the communication module 1035 checks whether the encrypted card information is included in the payment processing details included in the full payment approval result (1210).

If the payment approval result does not include encrypted card information in the preamble (1215), the communication module 1035 generates partial card information by deleting a portion of the card information (or processing it as a blank). The payment approval result is updated to the full text or the entire card information item is erased (or blanked) (1220).

On the other hand, if the payment approval result includes the encrypted card information in the full text (1215), the communication module 1035 is a payment control module provided in the POS terminal 1000 shown in FIG. 1005) (1225).

According to another exemplary embodiment of the present invention, in addition to the encrypted card information for each van company, a part of the card information for decrypting the encrypted vane-specific card information is erased (or blank) in the payment approval result. Even if the processed partial card information is included or the entire card information item is erased (or blanked), the communication module 1035 transfers the entire payment approval result to the payment control module 1005 as it is. It is desirable to provide.

According to the present invention, in the card payment process through the POS terminal, the POS terminal by confirming the bansa to be transmitted the payment approval request full text of the plurality of bansa, and selectively encrypting through an encryption key decrypted only by the bansa, There is an advantage in that the card information is blocked from being exposed, regardless of storing the card information in the storage device provided in the.

According to the present invention, in the card payment process through the POS terminal, check the bansa to transmit the payment approval request full text of the plurality of bansa, and selectively encrypts through the encryption key decrypted only by the bansa payment processing, By storing the encrypted card information (or card information in which part (or all) of the card information has been erased) in the POS terminal, the exposure of the card information is blocked at the source without impairing the information processing performance of the POS terminal. There is an advantage of keeping it as it is.

Claims (8)

Connect and manage a communication channel with a card reader module for reading card information from a customer card, a payment control module for controlling the overall operation of card payment, and a bansa server for card payment by the payment control module connected to a communication network. In a POS (Point Of Sales) terminal having a communication module, Identifying the Bansa server to send the full payment approval request, and encrypts the card information read through the card reader module through the encryption key decrypted by the Bansa server, and corresponds to the verified Bansa server in the encrypted card information And an encryption unit for generating encrypted bansa-specific card information by attaching a bansa identifier. The payment control module, Characterized in that the card information items included in the payment approval request full text includes the encrypted Bansa card information, characterized in that for generating a payment approval request full text containing one or more information items and the merchant number is not encrypted, The communication module, The Bansa server to interface with the payment control module and read the Bansa identifier included in the encrypted Bansa-specific card information included in the payment approval request message generated by the payment control module to check the Bansa server to which the payment approval request message is transmitted. And transmitting the full payment approval request message to the confirmed bansa server. Connect and manage a communication channel with a card reader module for reading card information from a customer card, a payment control module for controlling the overall operation of card payment, and a bansa server for card payment by the payment control module connected to a communication network. In a POS (Point Of Sales) terminal having a communication module, Identifying the Bansa server to send the full payment approval request, and encrypts the card information read through the card reader module through the encryption key decrypted by the Bansa server, and corresponds to the verified Bansa server in the encrypted card information And an encryption unit for generating encrypted bansa-specific card information by attaching a bansa identifier. The payment control module, Of the plurality of information items included in the payment approval request, the card information item including the encrypted Bansa-specific card information is processed as a blank, and a payment approval request message including one or more unencrypted information items and a merchant number is generated. Characterized in that, The communication module, Interface with the payment control module and the encryption unit, inserting the encrypted bansa-specific card information generated by the encryption unit in the card information blank of the payment approval request message generated by the payment control module, the encrypted bansa Information security, characterized in that to read the Bansa identifier included in the card information to check the Bansa server to be sent the payment approval request full text, and transmit the payment approval request text inserted with the payment information to the verified Bansa server Force terminal for. The method of claim 1, The encryption unit, And encrypting the payment amount information input through the information input unit to generate encrypted payment amount information. The payment control module, And a payment approval request message including the encrypted payment amount information in the payment amount information item of the payment approval request message. The method of claim 2, The encryption unit, And encrypting the payment amount information input through the information input unit to generate encrypted payment amount information. The payment control module, Characterized in that the payment amount information item containing the encrypted payment amount information of the plurality of information items included in the full payment approval request further processing by blank spaces, characterized in that for generating a full payment approval request, The communication module, And an encrypted payment amount information generated by the encryption unit in the payment amount information field of the payment approval request message generated by the payment control module. The method of claim 1, The encryption unit, And encrypting the digital signature information input through the digital signature unit to generate encrypted digital signature information. The payment control module, And a payment approval request text message including the encrypted digital signature information in the digital signature information item of the payment approval request text message. The method of claim 2, The encryption unit, And encrypting the digital signature information input through the digital signature unit to generate encrypted digital signature information. The payment control module, Characterized in that the digital signature information item including the encrypted digital signature information of the plurality of information items included in the full text of the payment approval request to process the blank further characterized in that to generate a full text of the payment approval request, The communication module, And the digital signature information generated by the encryption unit is inserted into the digital signature information field of the payment approval request specialist generated by the payment control module. The method of claim 1 or 2, wherein the encryption unit, It is provided in the card reader module, or It is provided between the card reader module and the payment control module, or Force terminal for information security, characterized in that provided in the communication module. A computer-readable recording medium having recorded thereon a program for executing the function of the component of claim 1.

Images