[go: up one dir, main page]

WO2018169285A2 - Système et procédé de gestion de cartes utilisant un dispositif de sécurité - Google Patents

Système et procédé de gestion de cartes utilisant un dispositif de sécurité Download PDF

Info

Publication number
WO2018169285A2
WO2018169285A2 PCT/KR2018/002946 KR2018002946W WO2018169285A2 WO 2018169285 A2 WO2018169285 A2 WO 2018169285A2 KR 2018002946 W KR2018002946 W KR 2018002946W WO 2018169285 A2 WO2018169285 A2 WO 2018169285A2
Authority
WO
WIPO (PCT)
Prior art keywords
card
terminal
information
management server
payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2018/002946
Other languages
English (en)
Korean (ko)
Other versions
WO2018169285A3 (fr
Inventor
김승훈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020170030959A external-priority patent/KR101902990B1/ko
Priority claimed from KR1020170083225A external-priority patent/KR101850705B1/ko
Priority claimed from KR1020170084633A external-priority patent/KR101907960B1/ko
Priority claimed from KR1020170113796A external-priority patent/KR101902992B1/ko
Application filed by Individual filed Critical Individual
Publication of WO2018169285A2 publication Critical patent/WO2018169285A2/fr
Publication of WO2018169285A3 publication Critical patent/WO2018169285A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards

Definitions

  • the present invention relates to a card management system and method using a security device, and more particularly, to a card management system and method for managing payment, recharging, etc. of a traffic card using an online server.
  • the first generation transportation card is a form in which a predetermined amount of money is charged to a card or various types of physical media similar to the card.
  • Each transportation card has a card ID, and the card is charged, settled and settled based on the card ID. Charging and payment of the transportation card are made through the exchange of information between the transportation card and the payment terminal.
  • the exchange of information is done using signed data including the card and the terminal's unique key. Accordingly, in using the card, the unique key should never be exposed, and if the unique key is exposed, a specific amount may be charged to the card without the third party paying the money corresponding to the amount to be charged. Serious problems may arise that could manipulate the amount in the card.
  • the unique key of the card is embedded in the card along with the card ID.
  • the second generation traffic card is a type of so-called app card that is issued a virtual traffic card in the terminal, such as a smartphone, is charged and used. There is a huge advantage in that there is no physical card.
  • App cards are also operated using a unique key, the unique key is stored in the USIM in the smartphone. Since the unique key is stored in the USIM, it can be used without activating the screen of the smartphone.
  • the conventional app card also loses the USIM when the smartphone is lost, has a weak security problem, and has a structure in which the information is misused in the middle. Therefore, the conventional app card is operated in a form of minimizing the damage even if exposed by measures such as the daily usage limit is limited.
  • One embodiment of the present invention is to provide a card management system and method that can be reused in the conventional use of a traffic card without re-purchasing the traffic card, even if the traffic card is lost or the smartphone is changed. have.
  • One embodiment of the present invention is to provide a card management system and method that can be used without restrictions of USIM, smartphones, affiliates, high security of unique keys.
  • An embodiment of the present invention provides a card management system and method for allowing a user to select and use a card suitable for a situation even when a plurality of cards of the same type are generated, and to allow a payment or a charging to be performed using the selected card.
  • the purpose is to provide.
  • Another object of the present invention is to provide a card management system and method for providing a target advertisement to a specific user who wants to charge by using a transportation card, so as to generate revenue to the operator of the card management system. have.
  • an app including a security management module for storing the card management module and security data to manage the charging of the app card to enable the payment or charging using the terminal, and provides a specific terminal only advertisements
  • receiving a charge request signal including the identifier of the app card, the identifier of the terminal and the amount to be charged from the terminal to transmit to the security database, and whether or not to charge from the security database Receives and transmits to the terminal, the card management module for determining whether to provide the target advertising information to the terminal according to whether the identifier of the terminal belongs to a predetermined group and the app card identification using the identifier of the app card To charge the balance information in the app card.
  • It provides an app card charging and target advertising system, characterized in that it comprises a security database for charging the amount to be charged, and whether the charge to the card management module.
  • the card management module when the identifier of the terminal belongs to the predetermined group, the card management module to display the target advertisement information only when the amount to be charged exceeds the reference value. It characterized in that the transmission to.
  • the card management module when the identifier of the terminal belongs to the preset group, the card management module is to charge the balance information in the app card when the amount to be charged exceeds the reference value It is characterized by reflecting both the amount and the predetermined additional amount.
  • the card management module is characterized in that for requesting the cost for the predetermined additional amount to the target advertisement information providing server or card company server.
  • the card management module determines to provide the terminal with target advertisement information to be provided to the preset group to the terminal. .
  • a security database that stores the card management module and security data to manage the charging of the app card to enable the payment or charging using the terminal and provides a specific database only advertisements
  • App method charging and a target advertising system that includes charging the app card, the method for providing the target advertisement, the charging request including the identifier of the app card, the identifier of the terminal and the amount to be charged from the terminal
  • the determining process when the identifier of the terminal belongs to a predetermined group, it is determined to transmit target advertisement information to be provided to the predetermined group to the card management module.
  • the target advertisement information is transferred to the card management module only when the amount to be charged exceeds a reference value. Determine to transmit.
  • the balance information in the app card to be charged is characterized by reflecting both the amount and the predetermined additional amount.
  • the reflecting process is characterized in that for requesting the cost for the predetermined additional amount to the target advertisement information providing server or card company server.
  • the traffic card used by the user can be used again without a traffic card repurchase.
  • the present invention can be used without restrictions of the USIM, smart phone, affiliate, and because the security of the unique key is improved, there is an advantage that can have a high security.
  • the user can select and use a card suitable for a situation, and there is an advantage that payment or charging can be performed using the selected card.
  • FIG. 1 is a diagram illustrating a card management system according to an embodiment of the present invention.
  • FIG. 2 is a diagram illustrating a configuration of a terminal according to an embodiment of the present invention.
  • FIG. 3 is a diagram showing the configuration of a card management server according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a configuration of a data security device according to an embodiment of the present invention.
  • FIG. 5 is a timing chart illustrating a process of issuing a card to a terminal in a card management system according to an embodiment of the present invention.
  • FIG. 6 is a timing chart illustrating a process of reissuing a card to a terminal in a card management system according to an embodiment of the present invention.
  • FIG. 7 is a timing chart illustrating a process of inquiring a state of a card in the card management system according to an exemplary embodiment of the present invention.
  • FIG. 8 is a timing chart illustrating a process of completing charging by a terminal in a card management system according to an embodiment of the present invention.
  • FIG. 9 is a timing chart illustrating a process of completing charging by a terminal in a card management system according to another embodiment of the present invention.
  • FIG. 10 is a timing chart illustrating a process of payment or charging to a terminal according to a request of a payment terminal or a charging terminal in a card management system according to an exemplary embodiment of the present invention.
  • FIG. 11 is a flowchart illustrating a process of issuing a card to the terminal by the card management server according to an embodiment of the present invention.
  • FIG. 12 is a flowchart illustrating a process of completing charging by a card management server according to a request of a terminal according to an embodiment of the present invention.
  • FIG. 13 is a flowchart illustrating a process in which a card management server performs a payment or charging to a terminal at the request of a payment terminal or a charging terminal according to an embodiment of the present invention.
  • FIG. 14 is a timing chart illustrating a process of selecting a card to be used in the terminal according to an embodiment of the present invention.
  • 15 is a timing chart illustrating a process of selecting a card to be used immediately before payment or charging in a terminal according to an embodiment of the present invention.
  • FIG. 16 is a flowchart illustrating a process of determining, by a card management server, a card to be used by receiving a card selection request from a terminal according to an embodiment of the present invention.
  • first, second, A, and B may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.
  • the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component.
  • FIG. 1 is a diagram illustrating a card management system according to an embodiment of the present invention.
  • the card management system 100 is a terminal 110, card management server 120, general database 130, security database 140 and card company server and data security Device 170.
  • the card management system 100 may further include a payment terminal 150 and a charging terminal 160.
  • the terminal 110 is connected to the card management server 120 by using wireless communication such as LTE, TCP / IP, and the like, issuing a card from the card management server 120 by requesting the card management server 120 to issue a card.
  • the device is used to make a payment using the issued card or to charge the balance in the issued card.
  • the card issued by the terminal 110 refers to a prepaid card that can distinguish users by using CI information or terminal ID, and can make a payment by charging a predetermined amount in advance. This is the case.
  • the terminal 110 is a CI (Connecting Information, personal identification information) for identifying the user of the terminal 110, for example, CI information or terminal for identifying each user, such as the user's email address, the date of birth of the user (110) ID, for example, a terminal ID for identifying each terminal, such as a unique number of the terminal 110 or a telephone number of the terminal, is transmitted to the card management server 120 and requests for issuance of a card. Only information that does not need encryption among card information is stored in the terminal.
  • CI Connecting Information, personal identification information
  • the terminal may be implemented with various communication devices such as a PC and a notebook, as well as various smart devices such as a smartphone, a tablet PC, a smart watch, and the like.
  • the card issued to the terminal may be implemented and stored as a card-specific application or program in the terminal, or may be implemented and stored as a module or service in a bank application or program.
  • the terminal is described as a smart phone, the issued card is implemented as one module in the bank application, but is not necessarily limited thereto.
  • the terminal 110 When the terminal 110 receives a card from the card management server 120, only the card ID for identifying each issued card is received from the card management server 120 and stored.
  • the card ID includes the ID and card number of the issuer who issued the card.
  • the card ID may be used to identify which card issued by which issuer is the card having the corresponding card ID. Since the cards have different algorithms for encrypting information that requires encryption among card issuers, it is possible to confirm which encryption algorithm is used by including the issuer ID in the card ID.
  • the terminal 110 may receive and store a plurality of cards of the same type. As in the above example, when the issued card is assumed to be a traffic card, a traffic card different from each other is used for each area. A user of the terminal 110 may receive a plurality of regional traffic cards and store them in the terminal 110 so as to use compatible traffic cards for each region.
  • the terminal 110 may transmit a card selection signal to the card management server 120 to select a card to be used.
  • the terminal 110 transmits a card selection signal to the card management server 120, so that the user of the terminal 110 may charge or pay in advance without having to determine a card to perform charging or payment troublesomely. Choose the card you wish to use for payment in advance.
  • the user of the terminal 110 may select any one card to be used for charging or payment. For example, when a user of the terminal 110 stays in a specific region, other cards do not need to be used except for cards compatible in the region. Therefore, the terminal 110 may select a card so that a specific card can be continuously used for charging or payment in the future.
  • the terminal 110 requests a payment using the issued card or requests the card management server 120 to charge the remaining balance in the issued card.
  • the terminal 110 requests payment or charges the remaining balance in the issued card to the card management server 120, and payment or charging is performed by the card management. This is done via the server 120.
  • the terminal 110 may request a payment or a charge and may transmit a card selection signal for selecting a card to be used. As described above, the terminal 110 may select a card to be used in advance by transmitting a card selection signal before proceeding with charging or payment. However, the terminal 110 may transmit a card selection signal for selecting a card to be used together with a payment or charging request signal when the charging or the charging process is to be performed immediately before or when the charging is performed. In particular, when the terminal 110 has received a plurality of cards of the same type, the terminal 110 requests a payment or charging of a card selection signal to select any one of the cards to be paid or charged. Can be sent with the signal.
  • the terminal 110 may transmit its current location information together.
  • the terminal 110 transmits its location information together with the card selection information to the card management server 120 so that the card management server 120 can determine whether the selected card is a compatible card in the region based on the location information. Can be.
  • the terminal 110 even if the user of the terminal 110 loses the card or changes the smart phone, the user can re-use the conventional traffic card used by the user without repurchasing the traffic card.
  • the conventional card management system has stored the unique key of the card necessary for security in the terminal, the USIM manufacturer, smart phone manufacturers and service partner's agreement is required for the storage, there was inconvenience.
  • the terminal 110 since the terminal 110 stores only the ID of the issued card, the terminal 110 according to an embodiment of the present invention has an advantage of providing a corresponding service (card management service) without the consent of the other manufacturer. A detailed description of the terminal 110 will be described with reference to FIG. 2.
  • the card management server 120 When the card management server 120 receives the card issuing request from the terminal 110, the card management server 120 issues a card and transmits certain information of the issued card to the terminal 110.
  • the issued card information includes the card ID, unique key, balance, whether the transportation card is for youth or general use, the issuing area, the area where the card is compatible, the card manufacturing information, and the card company's server information that manages payment or charging of the card. Various information is included.
  • the card management server 120 issues a card, the card management server 120 does not transmit all the information of the issued card to the terminal 110, but does not require encryption and information that does not require encryption for security among issued card information.
  • the information is classified and stored in a separate medium (general database 130 or security database 140) and does not require encryption, for example, card ID, issuing region, region where the card is compatible, card manufacturing information,
  • the card company server that manages payment or charging, and transmits various option information (use area, main use pattern, user age, etc.) to the terminal 110.
  • the card management server 120 may issue a plurality of cards of the same type and transmit certain information of each issued card to the terminal 110 at the request of the terminal 110. If necessary, the terminal 110 may request issuance of a plurality of cards of the same type (different), and the card management server 120 may issue each requested card.
  • the card management server 120 classifies the information of each issued card and stores the information in a separate medium, and transmits only the information that does not require encryption of each card to the terminal 110.
  • the card management server 120 determines the validity of the corresponding card, determines whether to operate as the corresponding card, and transmits the card selection result to the terminal 110.
  • the terminal 110 may transmit a card selection signal to select a card to be used for later payment or charging before transmitting the payment request or the charging request (before the payment or charging).
  • the card management server 120 determines the validity of the selected card. Since payment or charging is in progress, the card management server 120 mainly determines whether the corresponding card is validly issued in determining the validity of the selected card. For example, there may be a case where the card selected by the terminal 110 is a card that has not been issued yet.
  • the card management server 120 determines the validity of the card including whether the selected card is validly issued. The card management server 120 determines whether to select a corresponding card according to whether the selected card is valid, and transmits the card selection result to the terminal 110. If the selected card is valid, the card management server 120 transmits to the terminal 110 that the corresponding card is selected because the corresponding card is valid and stores the ID of the selected card, and later, the charging or payment request signal from the terminal 110. When receiving the card to operate with the selected card. On the contrary, if the selected card is not valid due to not yet issued, the card management server 120 transmits an error message to the terminal 110 so as to know that the selected card is not valid.
  • the card management server 120 can continuously determine the validity of the card to be used (for charging or payment) and select the corresponding card according to the determination result, so that the terminal 110, in particular, a plurality of cards of the same type If you receive a card, you do not have to select a card to use each time.
  • the card management server 120 transmits the payment request or the charging request to the security database 140 so that payment or charging is performed. At this time, the card management server 120 to determine the terminal 110 in the charging process, to determine whether the terminal 110 belongs to a predetermined group. If the terminal 110 belongs to a preset group, the card management server 120 may transmit the target advertisement information provided to the terminal 110 to the terminal 110. In this case, the card management server 120 may transmit the target advertisement information only when the terminal 110 attempts to charge an amount greater than or equal to the reference value. In this case, the terminal 110 sends an additional amount preset to the amount that the terminal intends to charge. In addition, it can be charged.
  • the card management server 120 may request a target advertisement information providing server or a card company server for the preset additional amount. Accordingly, the operator of the card management server 120 may derive additional revenue through the provision of the target advertisement information. A detailed description of the card management server 120 will be described with reference to FIG. 3.
  • the card management server 120 includes a module for encrypting or decrypting the signature value, and decrypts the electronic signature received from the payment terminal 150 or the charging terminal 160.
  • the content of the information that can be decrypted by the card management server 120 is not able to decrypt all the electronically signed content, it can only decrypt information that does not require encryption, and decrypts the information that does not require encryption, Etc. can be judged.
  • the card management server 120 may receive a card selection signal from the terminal 110 together with a payment request or a charging request.
  • the terminal 110 may transmit a card selection signal for selecting a card to be used for payment or charging together with a payment request or a charging request.
  • the card management server 120 determines whether to operate as the selected card by determining whether the selected card is valid before processing according to the payment or charging request.
  • the card management server 120 determines whether the card selected by the terminal 110 is valid.
  • the card management server 120 not only checks whether the card selected by the terminal 110 has been validly issued, but also finally the charging terminal 150 or the charging terminal 160 in which the corresponding card transmits a payment or charging request or charging or payment.
  • the validity of the card is determined by determining whether the card is compatible with the card company server and the data security device 170 to be processed.
  • the card management server 120 checks whether there is an ID of the selected card among the data stored in the general database 130, and information of the selected card (issuing area, region where the card is compatible, and card company server information managing payment or charging of the card). And the compatibility of the payment terminal 150, the charging terminal 160 or the card company server and the data security device 170 to determine the validity of the selected card.
  • the card management server 120 directly compares the information of the selected card with the type of the payment terminal 150, the charging terminal 160 or the card company server and the data security device 170 in determining the validity, in particular, compatibility.
  • information on the selected card may be transmitted to the card company server and the data security device 170 to receive the determination result of the card company server and the data security device 170.
  • the card management server 120 uses the location information of the terminal and the information of the selected card, the payment terminal 150 and the charging terminal 160. ) Or more accurately determine whether the card company server and the data security device 170 is compatible.
  • the card management server 120 determines whether to operate by selecting a corresponding card according to whether the selected card is valid, and transmits the card selection result to the terminal 110.
  • the card management server 120 transmits to the terminal 110 that the corresponding card is selected and the card is selected, and proceeds to the corresponding process (charge or payment) requested by the terminal 110. On the contrary, if the selected card is not valid due to not yet issued, the card management server 120 transmits an error message to the terminal 110 so as to know that the selected card is not valid.
  • the card management server 120 may receive a card selection signal before receiving a payment or charging request (regardless), or may receive a card selection signal together with a payment request or a charging request.
  • the card management server 120 performs a request of the terminal 110 based on the selected card unless the card selection signal is received again. Accordingly, even though the user of the terminal 110 has been issued a plurality of cards of the same type, the user of the terminal 110 does not have any inconvenience in selecting each time in the process of payment or charging.
  • the general database 130 receives and stores information from the card management server 120 that does not require encryption among card information issued by the card management server 120. As the general database 130 stores information that does not require encryption, when the terminal 110 tries to charge or pay using the issued card, the general database 130 determines the validity of the card. The general database 130 stores information that does not require encryption of the issued card, so that the card management server 120 can determine the validity of the selected card.
  • the general database 130 stores the information of the selected card including the card ID from the card management server 120 in correspondence with the ID of the terminal 110 selecting the corresponding card. Accordingly, when the terminal 110 requests payment or charging without selecting a separate card, payment or charging may be performed using a previously selected card.
  • the general database 130 may receive and store a black list (BL) or a positive list (PL) for the card in advance from the card company server and the data security device 170.
  • the general database 130 may determine the validity of the card to be used by the terminal, and first determine whether the card corresponds to the black list or the positive list, and block the transaction.
  • the general database 130 receives the charging or payment facts from the card company server and the data security device 170 or the security database 140 and stores the transaction details.
  • the transaction history is a term used to refer to the details of charging or payment using a card, and includes transaction time, transaction location, transaction amount, and balance information after transaction.
  • the card company server and data security device 170 notifies the fact to the general database 130 after charging or paying a certain amount on a specific card or after reflecting the amount or amount of payment in the balance information stored in the security database 140. And, the general database 130 receives this fact and stores it as a transaction.
  • the security database 140 stores and modifies information that requires encryption among card information issued by the card management server 120.
  • the general database 130 or the security database 140 may be implemented in the form of a card or a module, and may be implemented in the form of a USB in the card management server 120, or a card by wired communication or wireless communication such as LTE, TCP / IP, or the like. It may be connected to the management server 120. Since the security database 140 needs to store information that needs to be encrypted, except for the supervisor, a worker cannot see the information that needs to be encrypted and can not be manipulated.
  • the security database 140 may be implemented as a hardware security module (HSM).
  • HSM hardware security module
  • the security database 140 decrypts the information requiring encryption received from the card management server 120 to grasp the information, and may modify the stored information according to the grasped information.
  • Information that requires encryption includes unique keys, card passwords, balance information, and the like.
  • the security database 140 stores the stored balance information in the balance information of the transaction history most recently reflected among the stored transactions in the general database, the balance information of the card company server and the corresponding card stored in the data security device 170, and at predetermined intervals. Or by comparing each request, the balance information in the card can be verified.
  • the security database 140 determines the authenticity of the electronically signed authentication key, and electronically signs and transmits information to be transmitted to the card management server 120. A detailed description of the security database 140 will be described with reference to FIG. 4.
  • the payment terminal 150 is a terminal for requesting a predetermined amount of payment to the card management server 120 via the terminal 110.
  • the payment terminal 150 checks whether the card to be used by the terminal 110 is a normal card without forgery by receiving the electronically signed authentication result from the terminal 110. If it is determined that the terminal is using a normal card, the payment terminal 150 transmits the electronic signature payment start signal to the terminal 110, so that payment for the payment amount is made.
  • the payment terminal 150 is given by the issuer ID of the card that can be paid by itself, the ID of the payment terminal 150 owned by the card management server 120 and the card company server and the data security device 170.
  • the unique key for payment is stored, and the digital signature is verified using the stored information, thereby verifying the validity of the payment terminal 150 itself.
  • the payment terminal 150 transmits the electronic signature to the terminal 110 after the electronic signature using the ID and the unique key for payment, thereby proving its validity.
  • the charging terminal 160 is a terminal for requesting a certain amount of charge to the card management server 120 via the terminal 110. Like the payment terminal 150, the charging terminal 160 receives the electronically signed authentication result from the terminal 110 to check whether the card to be used by the terminal 110 is a normal card that is not forged. If it is determined that the terminal is using a normal card, the charging terminal 150 transmits the electronic signature charging start signal to the terminal 110, so that the amount of money is charged.
  • the charging terminal 160 is received from the card issuer ID, the card company server and the data security device 170 of the charging terminal 160 owned by the card management server 120, the issuer ID of the card that can be charged By using the unique key for charging the electronic signature and then delivered to the terminal 110, it is possible to prove their validity.
  • the card company server and data security device 170 finally approves the charging or payment of the card, and reflects this.
  • the card company server and the data security device 170 finally approves the request so that the balance in the card is charged or paid in the balance.
  • the card company server and the data security device 170 receive the signed charge amount information or the payment amount information from the security database 140, approve it, reflect it to the balance in the card, and notify the security database 140 to notify the security database 140. 140) to reflect the stored balance information.
  • the card company server and the data security device 170 receive the corresponding transaction details from the card management server. Approves that the recharge or payment amount will be finally reflected in the card.
  • the card management system 100 may also include a plastic card (not shown) of the terminal 110.
  • the plastic card communicates wirelessly with the terminal 110 and requests the synchronization to the terminal 110 or is a device that is synchronized with the terminal 110.
  • the plastic card is provided with a memory and a communication unit therein, and may store a balance in the memory, its own ID and a unique key for charging, and the terminal 110 through wireless communication (mainly NFC) using the communication unit. Information can be sent and received.
  • the charging terminal 160 When the charging terminal 160 is implemented as a plastic card, the charging terminal 160 may transfer the balance stored therein to the terminal 110 as a charging amount for synchronization, and provides the charging amount information on its ID and charge.
  • the electronic signature may be delivered to the terminal 110 using an authentication key including a unique key.
  • the plastic card may request synchronization with the plastic card, and the plastic card receives the balance information from the terminal 110 and stores the balance information. Synchronize with the balance information of.
  • the general database 130 and the security database 140 are shown as separate devices, the present invention is not limited thereto, and the general database 130 and the security database 140 may be implemented as one device with the operating area separated.
  • FIG. 2 is a diagram illustrating a configuration of a terminal according to an embodiment of the present invention.
  • the terminal 110 includes a communication module 210, a registration card management module 220, a memory unit 230, and an application 240.
  • the communication module 210 transmits a card issuing request to the card management server 120 and receives information that does not require encryption from the card management server 120.
  • the communication module 210 transmits a card issuing request to the card management server 120 and transmits a CI, a terminal ID, and various option information (use area, main use pattern, user age, etc.), and the card management server 120. From the card, information such as card ID that does not require encryption is received.
  • the communication module 210 may transmit a request for issuing a plurality of cards of the same type in requesting a card issuance.
  • the communication module 210 may transmit a card state request signal for confirming the state of the card to the card management server 120 and receives card state information from the card management server 120.
  • the communication module 210 transmits a charge request signal to the card management server 120 together with a card ID for determining the validity of the card.
  • the charging completion information is received through the card management server 120 indicating that the amount of money electronically signed by the security database 140 has been charged. Accordingly, the user of the terminal 110 may confirm that the amount desired by the terminal 110 is charged into the card.
  • the communication module 210 may provide an electronic signature from the payment terminal 150 or the charging terminal 160. Receives the start signal or the charge start signal and delivers to the card management server (120). Before receiving the payment start signal or the charging start signal, the communication module 210 determines the type of the card that the payment terminal 150 or the charging terminal 160 wants to use for the terminal 110. The card ID request signal may be received from the payment terminal 150 or the charging terminal 160 to transmit the card ID.
  • the communication module 210 transmits a card selection signal to the card management server 120 that selects a card to be used before proceeding with payment or charging (regardless) or simultaneously with the payment or charging.
  • the communication module 210 may transmit the location information of the terminal 110 itself to the card management server 120 together with the card selection signal. Thereafter, the communication module 210 receives the card selection result from the card management server 120.
  • the card selection result includes a message indicating that the card is selected and an error message indicating that the card is not valid.
  • the payment terminal 150 or the charging terminal 160 may transmit a card balance inquiry request signal to check how much is left in the card.
  • the communication module 210 receives the card balance inquiry request signal and transmits it to the card management server 120, and receives the card balance information from the card management western unit 120 and transmits it to the payment terminal 150 or the charging terminal 160. do.
  • the communication module 210 receives the electronic signature of the terminal from the payment terminal 150 or the charging terminal 160 and transmits the card ID to the card management server 120 together with the received electronic signature.
  • the communication module 210 receives the validity of the card and the validation result of the payment terminal 150 or the charging terminal 160 from the card management server 120 and transmits the result to the payment terminal 150 or the charging terminal 160. Accordingly, the terminal 110 and the payment terminal 150 or the charging terminal 160 determines whether the card to be used by the terminal 110 is valid and whether the payment terminal 150 or the charging terminal 160 is valid. You can check before the transaction.
  • the communication module 210 receives an electronic signature payment start signal or a charging start signal from the payment terminal 150 or the charging terminal 160 and transmits the signal to the card management server 120.
  • the communication module 210 receives electronically signed payment completion information or charging completion information from the card management server 120 and transmits it to the payment terminal 150 or the charging terminal 160.
  • the communication module 210 may receive the target advertisement information from the card management server 120 in receiving the charging completion information.
  • the card management module 220 controls the communication module 210 to make an appropriate request to the card management server 120 according to an input of whether the card issuance, payment or charging.
  • Card management module 220 may be implemented in the application 240 or may be implemented separately from the application 240, whether the application 240 issuing one or more cards received from the user of the terminal 110, whether payment or not Depending on whether the charging, the card management server 120, payment terminal 150 or charging terminal 160 to control the communication module 210 to make an appropriate request.
  • the card management module 220 receives the card selection information received and controls the communication module 210 to transmit a card selection signal to the card management server 120.
  • the card management module 220 inquires the card status information stored in the memory 230 and provides the terminal 110 to the terminal 110.
  • the memory unit 230 stores information that does not require encryption received from the card management server 120.
  • the memory unit 230 stores card IDs and other optional information as information that does not require encryption. Since the terminal 110 receives and stores only information that does not require encryption, the terminal 110 can simply store the information without consultation with other manufacturers, and does not store information that requires encryption, and thus has an advantageous effect in terms of security.
  • the memory unit 230 receives and stores state information of a card from an issuer that issues each card for each card ID stored in the memory unit 230.
  • the status information of the card includes whether the card can be used, and what the usage limit of the card is.
  • the memory unit 230 receives and stores the state information of the card from the issuer server which issued the card, and provides the state information of the requested card when the card management module 220 inquires.
  • the application 240 provides a user interface (UI) so that the user of the terminal 110 can receive an input of whether a card is issued, whether to pay or charge.
  • the application 240 may be implemented as one module or service in a bank application or program. Alternatively, the application 240 may be implemented as a separate application or program. Further, when the communication module 210 receives the target advertisement information, the application 240 causes the target advertisement to be played by executing the target advertisement information.
  • the application 240 may provide a UI to receive a selection of a card to be used for charging or payment from the user of the terminal 110, and may receive or confirm location information of the terminal 110.
  • the application 240 transmits the received or confirmed information to the card management module 220.
  • FIG. 3 is a diagram showing the configuration of a card management server according to an embodiment of the present invention.
  • the card management server 120 is a communication module 310, control module 320, memory unit 330, signature value encryption / decryption module 340 and security It includes a data separation module 350.
  • the communication module 310 receives the card issuing request together with the CI or the terminal ID from the terminal 110, and encrypts the information that does not need encryption with the terminal 110 and the general database 130, with the security database 140. Sends the necessary information.
  • the communication module 310 may receive a request for issuing a plurality of cards of the same type from the terminal 110.
  • the communication module 310 receives a card status request signal from the terminal 110 and transmits a card status information signal.
  • the communication module 310 When the communication module 310 receives the card ID from the terminal 110, in order to check whether the corresponding card is valid, the communication module 310 transmits a validation request of the card to the general database 130, and the verification result from the general database 130. Receives and transmits to the terminal 110 or the terminal 110 and the payment terminal 150 / charging terminal 160, the communication module 310 with the card ID from the terminal 110 with the payment terminal 150 or charging The electronic signature of the terminal 160 may be received together, and the digital signature verification request signal of the payment or charging terminal may be transmitted to the security database 140 so that the security database 140 may verify the validity of the corresponding terminal. The communication module 310 receives the verification result from the security database 140 and transmits it to the terminal 110 or the terminal 110 and the payment terminal 150 / charging terminal 160,
  • the communication module 310 receives the electronically signed payment or charging request signal together with the card ID from the terminal 110 and transmits it to the security database 140.
  • the communication module 310 receives the electronically signed payment or charging completion information from the security database 140 and transmits it to the terminal 110 or the terminal 110 and the payment terminal 150 / charging terminal 160.
  • the communication module 310 may transmit the transaction history for each card ID checked in the general database 130 to the card company server and the data security device 170 according to preset conditions.
  • the communication module 310 may receive a card balance inquiry request signal from the terminal 110 and transmit a card balance inquiry request to the security database 140 before receiving a payment or charging request signal.
  • the communication module 310 may receive the card balance information from the security database 140 and transmit it to the terminal 110.
  • the communication module 310 receives a card selection signal from the terminal 110 to select a card to be used before proceeding with payment or charging (regardless) or simultaneously with payment or charging.
  • the communication module 310 may also receive location information of the terminal 110 itself from the terminal 110 together with the card selection signal. Thereafter, the communication module 310 transmits the card selection result to the terminal 110.
  • the control module 320 When receiving the card issuing request from the terminal 110, the control module 320 checks the terminal ID or CI and various option information received with the card issuing request. The control module 320 transmits the terminal ID or CI to the general database 130 to check whether it is stored in the general database 130. The control module 320 according to whether the terminal ID or CI received from the terminal 110 in the general database 130 is stored, whether the issuance request of the card requested by the terminal 110 is the initial issuing request or reissued. You can check if it is a request.
  • the control module 320 assigns the card ID stored in the memory unit 330 according to the terminal ID or CI.
  • the control module 320 transmits the terminal ID, the CI, and the card ID to the signature value encryption / decryption module 340, so that the signature value encryption / decryption module 340 generates or matches the unique key according to the card ID.
  • Create a The card is issued as the security key is generated.
  • the security key is information including the ID and unique key of the issued card, and is essential information for digitally signing information or data in order to prevent forgery and forgery.
  • control module 320 does not control to transmit the security key of the issued card to the terminal 110, but as described above, only the information that does not require encryption for the issued card is transmitted to the communication module 310. To control. To this end, the control module 320 controls the security data separation module 350 to separate the information necessary for encryption and the information that is not required among the information of the issued card. When the security data separation module 350 separates each piece of information, the control module 320 sends the information requiring encryption to the security database 140 and the information that does not require encryption to the general database 130 and the terminal 110. The communication module 310 is controlled to transmit.
  • control module 320 When the issuing request of the card requested by the terminal 110 is a re-issuing request, the control module 320 receives information that does not require encryption stored corresponding to the corresponding terminal ID or CI in the general database 130. Control the communication module 310 to transmit to.
  • the control module 320 determines whether the corresponding card is valid. Since payment or charging is in progress, the card management server 120 mainly determines whether the corresponding card is validly issued in determining the validity of the selected card. For example, there may be a case where the card selected by the terminal 110 is a card that has not been issued yet. As such, when receiving the card selection signal from the terminal 110, the control module 320 may determine whether the ID of the selected card exists in the general database 130 to determine whether the card is validly issued. As such, the control module 320 determines the validity of the card, including whether the card has been issued effectively.
  • the control module 320 determines whether to select a corresponding card according to whether the selected card is valid, and controls the communication module 310 to transmit the card selection result to the terminal 110. If the selected card is valid, the control module 320 transmits to the terminal 110 that the corresponding card is selected and the corresponding card is selected, and stores the ID of the selected card in the general database 130, and later, the terminal 110. When a charge or payment request signal is received from the card, the selected card operates as a stored card. On the contrary, if the selected card is not valid for reasons such as not yet issued, the control module 320 transmits an error message to the terminal 110 so that the selected card is not valid.
  • control module 320 When the control module 320 receives a card ID, an electronic signature or a payment start signal or a charging start signal from the terminal 110, the control module 320 controls the transmission to the general database 130 or the security database 140, respectively. On the contrary, when the control module 320 receives the authentication result, electronically signed payment completion information or charging completion information from the general database 130 or the security database 140, the control module 320 and the payment with the terminal 110 or the terminal 110. Control to transmit to the terminal 150 / charging terminal 160.
  • the control module 320 determines whether the selected card is valid before performing processing according to the payment or charging request. Decide whether to act as a card. The control module 320 determines whether the card selected by the terminal 110 is valid. The control module 320 not only whether the card selected by the terminal 110 is validly issued, but also the payment terminal 150 or the charging terminal 160 to which the corresponding card transmits a payment or charging request or finally charge or payment. It is determined whether the card is valid by determining whether the card is compatible with the card company server and the data security device 170 to be processed.
  • the control module 320 uses the location information of the terminal and the information of the selected card payment terminal 150, charging terminal 160 or card company The compatibility with the server and the data security device 170 can be more accurately determined.
  • the control module 320 determines whether to operate by selecting a corresponding card according to whether the selected card is valid, and transmits the card selection result to the terminal 110. If the selected card is valid, the control module 320 transmits to the terminal 110 that the corresponding card is selected and the corresponding card is selected, and proceeds the process (charge or payment) requested by the terminal 110 to the corresponding card. On the contrary, if the selected card is not valid for reasons such as not yet issued, the control module 320 transmits an error message to the terminal 110 so that the selected card is not valid.
  • the control module 320 determines whether to provide the target advertisement information by determining whether the terminal ID or CI belongs to a predetermined group. By determining whether the terminal ID or the CI belongs to a preset group, the control module 320 may provide the target advertisement information to the terminal 110 only when the terminal ID or the CI belongs to a preset group. When the terminal ID or the CI belongs to a preset group, the control module 320 may provide the target advertisement information to the terminal 110 only when the charging amount requested by the terminal 110 in the charging start signal is greater than or equal to the predetermined amount. Can be.
  • the control module 320 requests the security database 140 to further charge a predetermined additional amount to the charging amount requested by the terminal 110.
  • the preset additional amount may be a certain amount or may be a certain amount proportional to the charge amount requested by the terminal. Accordingly, by providing the target advertisement information to the terminal, the control module 320 may obtain a predetermined cost from the target advertisement information server or the card company server, and by watching the target advertisement information from the user's point of view of the terminal 110, There is an advantage that can be charged additionally.
  • the memory unit 330 stores a card ID of a card to be newly issued.
  • the memory unit 330 may receive and store a card ID every time it is issued from a card company server (not shown), or may receive and store a predetermined number of card IDs at once.
  • the memory unit 330 receives a terminal ID or CI from the control module 320, the memory unit 330 provides one of the stored card IDs to the control module 320.
  • the memory unit 330 provides the control module 320 with a different card ID for each terminal ID or CI.
  • the memory unit 330 stores target advertisement information to be provided to the terminal 110.
  • the memory unit 330 may receive and store target advertisement information from a target advertisement information providing server or a card company server. Accordingly, each time the control module 320 requests the target advertisement information, the memory unit 330 provides the stored target advertisement information.
  • the signature value encryption / decryption module 340 receives the card ID from the control module 320 and generates a security key.
  • the signature value encryption / decryption module 340 generates a unique key or stores the generated unique key, and generates a security key when receiving the card ID from the control module 320.
  • the unique key is a unique key for verifying the device's authority to a specific request and is essential information for digital signature. Therefore, for the security of the unique key, the signature value encryption / decryption module 340 may encrypt the generated unique key.
  • the signature value encryption / decryption module 340 assigns the generated unique key or the stored unique key to each received card ID, and generates a security key using the card ID and the unique key.
  • the signature value encryption / decryption module 340 uses the security key generated by generating the unique key information assigned to the specific card ID, and then transmits the electronic signature to the control module 320.
  • the signature value encryption / decryption module 340 may be implemented as a security application module (SAM), but is not limited thereto.
  • SAM security application module
  • the signature value encryption / decryption module 340 may be replaced with any module that generates and encrypts a unique key and a security key. have.
  • the signature value encryption / decryption module 340 decodes the electronic signature. However, the signature value encryption / decryption module 340 may not decrypt all the contents of the electronic signature of the payment terminal 150 or the charging terminal 160, but may issue the issuer ID and the payment terminal 150 or the charging terminal ( Only information that does not require encryption, which is the ID of 160, can be decrypted. Therefore, the signature value encryption / decryption module 340 decrypts and confirms only information that does not require encryption, and decrypts the information that requires encryption in the security database.
  • the security data separation module 350 separates the information received from the control module 320 according to whether encryption is required.
  • the security data separation module 350 receives various IDs, CIs, various option information, balance information in issued cards, unique keys, etc. received from the control module 320.
  • the security data separation module 350 separates the received information and the unique key information into information that requires encryption and information that does not require encryption.
  • Information that requires encryption includes a unique key, balance information, and the like, and information that does not require encryption includes CI, various option information, various IDs such as a card ID, and a terminal ID.
  • the secure data separation module 350 performs encryption only on the information that requires encryption, and indexes the encrypted information and the unencrypted information by using the same specific flag.
  • both information can be identified as one data.
  • the secure data separation module 350 may identify both pieces of information as one piece of data by indexing using a value having a predetermined serial number, and index both pieces of information by indexing them using CI or card ID. Can be identified by its data.
  • the security data separation module 350 transmits the separated amount information to the control module 320 and electronically signs the information requiring encryption.
  • the secure data separation module 350 may also be implemented as a SAM like the signature value encryption / decryption module 340, but is not limited thereto.
  • the security data separation module 350 is shown in the configuration implemented in the card management server 120, but is not necessarily limited thereto, and is connected to the card management server 120 by wired or wireless communication or in the form of a card or module.
  • the card management server 120 may be implemented in the form of a USB or the like.
  • FIG. 4 is a diagram illustrating a configuration of a security database according to an embodiment of the present invention.
  • the security database 140 is a communication module 410, control module 420, signature value verification module 430, signature value encryption and decryption module 440 and The memory unit 450 is included.
  • the communication module 410 receives information that requires encryption from the card management server 120.
  • the communication module 410 receives a card balance inquiry request from the card management server 120 and transmits card balance information to the card management server 120.
  • the communication module 410 receives the digital signature verification request signal from the card management server 120 and transmits the verification result to the card management server 120.
  • the communication module 410 receives an electronically signed payment request signal or a charging request signal from the card management server 120, and transmits the electronically signed payment completion information or charging completion information to the card management server 120.
  • control module 420 controls the signature value encryption / decryption module 440 to decrypt the information, and, if decrypted, stores the corresponding information in the memory unit ( 450) My store.
  • the control module 420 checks the balance information corresponding to the corresponding card ID stored in the memory 450.
  • the control module 420 controls the communication module 410 to transmit the confirmed card balance information to the card management server 120.
  • the control module 420 controls the signature value verification module 430 and the signature value encryption / decryption module 440 to verify whether the digital signature is valid. do.
  • the control module 420 controls the signature value encryption / decryption module 440 to digitally sign the verification result, and the terminal 110 or the terminal 110 and the payment terminal 150 / charging terminal
  • the communication module 410 is controlled to transmit to the 160.
  • the control module 420 controls the memory unit 450 to request or charge the payment in the balance stored in the memory unit 450 Ensure that the requested amount is reflected.
  • the control module 420 controls the signature value encryption / decryption module 440 to decode the electronically signed payment or charge request signal to determine the payment or charge request amount, and the payment terminal 150 or the charging terminal 160
  • the memory unit 450 is controlled so that the requested payment or charge amount is reflected in the balance information of the corresponding card (card corresponding to the card ID) stored in the memory unit 450.
  • the control module 420 controls the signature value encryption / decryption module 440 and the communication module 410 to electronically sign payment completion information or charge completion information to the card management server 120.
  • control module 420 verifies whether the balance information stored in the memory unit 450 is correct.
  • the control module 420 receives a verification request for the balance, or at predetermined intervals, the balance information of the transaction data most recently reflected among the balances stored in the memory 450 and the transactions stored in the general database, the card company server, and the data.
  • the accuracy of the balance information stored in the memory unit 450 is verified.
  • the signature value verification module 430 verifies the digital signature of the payment terminal 150 or the charging terminal 160 decrypted by the signature value encryption / decryption module 440.
  • a unique key identical to a unique key for payment or charging of the payment terminal 150 or the charging terminal 160 included in the electronic signature of the decrypted payment terminal 150 or the charging terminal 160 is stored in the memory unit 450. The validity of the digital signature.
  • the signature value encryption / decryption module 440 decodes the electronic signature of the payment terminal 150 or the charging terminal 160 received from the card management server 120. According to the control of the control module 420, it is decrypted so that the electronic signature of the payment terminal 150 or the charging terminal 160 can be verified.
  • the signature value encryption / decryption module 440 decrypts all information requiring encryption that the card management server 120 cannot decrypt by using a unique key for payment or charging stored in the memory unit 450.
  • the signature value encryption / decryption module 440 also decodes a payment or charging start signal electronically signed by the payment terminal 150 or the charging terminal 160.
  • control module 420 checks how much the payment terminal 150 or the charging terminal 160 requests the payment or charging, and reflects it in the remaining balance information stored in the memory 450.
  • signature value encryption / decryption module 440 digitally signs payment completion information or charge completion information.
  • the memory unit 450 stores the decrypted information from the signature value encryption / decryption module 440.
  • the information decrypted from the signature value encryption / decryption module 440 is information that requires encryption for the card issued by the card management server 120 and includes balance and unique key information.
  • the memory unit 450 stores the decrypted information so that the signature value verification module 430 can verify the electronic signature of the payment terminal 150 or the charging terminal 160.
  • the memory unit 450 also stores the unique key for the payment given to the payment terminal 150 or the unique key for the charge given to the charging terminal 160, thereby performing the authentication key in the payment request or the charge request. Make sure that your digital signature is valid.
  • FIG. 5 is a timing chart illustrating a process of issuing a card to a terminal in a card management system according to an embodiment of the present invention.
  • the terminal 110 transmits a card issuing request signal together with the terminal ID or CI to the card management server 120 (S510).
  • the card management server 120 transmits the terminal ID or CI to the general database 130 (S520).
  • the card management server 120 transmits the terminal ID or CI to the general database 130 to check whether there is a card issued for the terminal ID or CI.
  • the general database 130 transmits whether the terminal ID or CI is stored (S530).
  • the general database 130 checks whether the received terminal ID or CI is stored and transmits the confirmation result to the card management server 120.
  • the card management server 120 issues a card and generates a security key of the card to be issued (S540).
  • the card management server 120 checks the received terminal ID or CI and gives the card ID, and generates or matches a unique key according to the card ID. Generate a security key. The card is issued as the security key is generated.
  • the card management server 120 separates the issued card information into information that requires encryption and information that does not require encryption (S550).
  • the information that requires encryption includes a unique key, balance information, and the like
  • information that does not require encryption includes CI, various option information, a terminal ID, a card ID, and the like.
  • the card management server 120 stores unnecessary information in the general database 130 (S560).
  • the card management server 120 stores the information requiring encryption in the security database 140 (S570).
  • the card management server 120 transmits information requiring no encryption to the terminal 110 (S580).
  • the card management server 120 transmits only the information that does not need encryption among the separated information to the terminal 110.
  • the terminal 110 stores information that does not require encryption (S590). Since there is a case where the terminal 110 needs to quickly exchange information with the payment terminal 150 or the charging terminal 160 by using information that does not need encryption, information that does not require encryption is stored in the terminal 110.
  • FIG. 6 is a timing chart illustrating a process of reissuing a card to a terminal in a card management system according to an embodiment of the present invention.
  • the terminal 110 transmits a card issuing request signal together with the terminal ID or CI to the card management server 120 (S610).
  • the card management server 120 transmits the terminal ID or CI to the general database 130 (S620).
  • the general database 130 checks whether the received terminal ID or CI is stored (S630).
  • the general database 130 grasps information that does not need encryption, stored together with the terminal ID or CI (S640). For a card that has already been issued, the CI of the user who requested the issuance of the card or the ID of the terminal is stored in the general database 130 together with information that does not require card encryption. Therefore, the general database 130 grasps information that does not require encryption stored with the received terminal ID or CI.
  • the general database 130 transmits information that does not need encryption, stored together with the terminal ID or CI, to the terminal 110 through the card management server 120 (S650). Since the general database 130 transmits unnecessary encryption information to the terminal 110, the terminal 110 may be reissued a card.
  • FIG. 7 is a timing chart illustrating a process of inquiring a state of a card in the card management system according to an exemplary embodiment of the present invention.
  • the terminal 110 transmits a card status information request signal to the card management server 120 (S710).
  • the terminal 110 transmits a card status request signal to the card management server 120 together with the card ID to request status information.
  • the card management server 120 inquires the card state information (S720).
  • the card management server 120 inquires the card state information stored in the card management server 120 and provides it to the terminal 110.
  • the card management server 120 transmits the card state information to the terminal 110 (S730).
  • FIG. 8 is a timing chart illustrating a process of completing charging by a terminal in a card management system according to an embodiment of the present invention.
  • the terminal 110 transmits a charge request signal together with the card ID to the card management server 120 (S810).
  • the card management server 120 transmits a validity authentication request signal of the card to the general database 130 (S815).
  • the card management server 120 requests the validity authentication to the general database 130 to determine whether the card is a valid card.
  • the general database 130 authenticates the validity of the card (S820).
  • the general database 130 authenticates validity based on whether the card ID received from the card management server 120 in the general database 130 is stored.
  • the general database 130 transmits the authentication result of the card to the card management server 120 (S825).
  • the card management server 120 transmits the card ID and the charge request signal received from the terminal 110 to the security database 140 (S830).
  • the security database 140 reflects the charged amount in the balance information (S835).
  • the security database 140 grasps the balance information stored in correspondence with the card ID and the charge amount information included in the charge request signal, and reflects the charge amount in the balance information.
  • the security database 140 notifies the general database 130 of the charge amount of money (S840).
  • General database 130 stores the transaction history for the card ID (S845). When receiving the amount of charge from the security database 140, the general database 130 stores the transaction history for the card ID. General database 130 stores the transaction date and time, place, amount, balance, etc. for the corresponding card ID.
  • the security database 140 transmits the electronically signed charging completion information to the terminal 110 via the card management server 120 (S850).
  • the card management server 120 transmits the transaction history for each card ID according to a predetermined condition to the card company server and the data security device 170 (S855). In the card management server 120 transmits the transaction history to the card company server and the data security device 170 so that the charge amount is reflected, the card company server and the data security device 170 for the transaction history whenever there is a charge request from a specific terminal. Can be sent, but not necessarily. For example, if a predetermined condition is stored in a transaction number more than a specific number of times or is set in a predetermined cycle, the card management server 120 may transmit the transaction history for each card ID when the set condition is satisfied. The card management server 120 transmits to the card company server and the data security device 170 when the transaction details of the various cards satisfy the preset conditions, so that the charge amount is finally reflected for each card.
  • FIG. 9 is a timing chart illustrating a process of completing charging by a terminal in a card management system according to another embodiment of the present invention.
  • the terminal 110 transmits a charge request signal together with the card ID to the card management server 120 (S910).
  • the card management server 120 transmits a validity authentication request signal of the card to the general database 130 (S915).
  • the general database 130 authenticates the validity of the card (S920).
  • the general database 130 transmits the authentication result of the card to the card management server 120 (S925).
  • the card management server 120 transmits the card ID and the charge request signal received from the terminal 110 to the security database 140 (S930).
  • the security database 140 transmits the signed card ID and the charge amount information to the card company server and the data security device 170 (S935).
  • the security database 140 digitally signs the charge request signal received from the card management server 120, and transmits the electronically signed card ID and the charge amount information included in the charge request signal to the card company server and the data security device 170. send.
  • the card company server and data security device 170 charges the amount requested to the card (S940).
  • the card company server and the data security device 170 decode the electronically signed card ID and the amount of charge information received from the security database 140 to determine how much the amount of charge is required for which card.
  • the card company server and the data security device 170 charge the required amount of charge in the remaining balance of the card.
  • the card company server and the data security device 170 notify the general database 130 and the security database 140 of the amount of money charged (S945).
  • the security database 140 reflects the charged amount in the balance information (S950).
  • the security database 140 receives the fact that the requested amount is charged from the card company server and the data security device 170, the security database 140 reflects the charge amount requested to be charged in the remaining balance information corresponding to the corresponding card ID.
  • the general database 130 stores the transaction history for the card ID (S955).
  • the security database 140 transmits the electronically signed charging completion information to the terminal 110 via the card management server 120 (S960).
  • FIG. 10 is a timing chart illustrating a process of payment or charging to a terminal according to a request of a payment terminal or a charging terminal in a card management system according to an exemplary embodiment of the present invention.
  • the payment terminal 150 or the charging terminal 160 requests the card ID to the terminal 110 (S1000). Since the card has a unique encryption algorithm for each issuer, the payment terminal 150 or the charging terminal 160 requests the card ID to the terminal to check whether the card to be used by the terminal is a card of a type compatible with the card. This is because the card ID includes the issuer ID in addition to the card information.
  • the terminal 110 transmits the card ID to the payment terminal 150 or the charging terminal 160 (S1005).
  • the payment terminal 150 or the charging terminal 160 requests the card management server 120 to check the card balance via the terminal 110 (S1010).
  • Payment terminal 150 or charging terminal 160 to the terminal 110 the terminal 110 requests the card balance inquiry with the card ID to the card management server 120.
  • the payment terminal 150 requests the terminal 110 to check the card balance.
  • the card management server 120 inquires the balance of the card to the security database 140 (S1015).
  • the card management server 120 inquires the balance of the card to the security database 140, the security database 140 checks the balance information stored corresponding to the card ID and transmits to the card management server 120.
  • the card management server 120 transmits the card balance information to the payment terminal 150 or the charging terminal 160 (S1020).
  • the electronic signature of the payment terminal 150 or the charging terminal 160 is transmitted to the terminal 110 (S1025).
  • the payment terminal 150 or the charging terminal 160 verifies the validity of the payment terminal 150 or the charging terminal 160, and checks the verification result of the terminal 110 on the electronic signature of the terminal 110. To send.
  • the terminal 110 transmits the card ID to the card management server 120 together with the received electronic signature (S1030).
  • the terminal 110 also transmits the card ID to the card management server 120 together with the received electronic signature in order to verify the validity of the card to be used and confirm the other components.
  • the card management server 120 transmits a card validation request signal to the general database 130 (S1035).
  • the card management server 120 transmits the digital signature verification request signal of the payment terminal 150 or the charging terminal 160 to the security database 140 (S1040).
  • the general database 130 verifies the validity of the card (S1045).
  • the general database 130 verifies the validity of the card as to whether the card ID is stored.
  • the security database 140 verifies the validity of the payment terminal 150 or the charging terminal 160 (S1050).
  • the security database 140 decrypts the received digital signature and verifies the validity of the payment terminal 150 or the charging terminal 160 based on whether the security key of the payment terminal 150 or the charging terminal 160 is stored. .
  • the general database 130 and the security database 140 transmit the verification result.
  • the general database 130 receives the validation result of the card
  • the security database 140 receives the validation result of the payment terminal 150 or the charging terminal 160 via the card management server 120 and the terminal 110. 150 or transmits to the charging terminal 160.
  • the payment terminal 150 or the charging terminal 160 transmits the electronically signed payment request signal or the charging request signal to the terminal 110 (S1060). If the payment terminal 150 or the charging terminal 160 has a sufficient balance in the card and the card is valid, the payment terminal 150 or the charging terminal 160 electronically signs and transmits a payment request signal or a charging request signal to the terminal 110. The payment terminal 150 or the charging terminal 160 electronically signs the payment request signal or the charge request signal, thereby preventing the required charge amount or payment amount from being changed.
  • the terminal 110 transmits a payment request signal or a charging request signal to the card management server 120 together with the card ID (S1065).
  • the card management server 120 transmits a payment request signal or a charging request signal together with the card ID to the security database 140 (S1070).
  • the security database 140 reflects the payment or charging amount in the balance information (S1075).
  • the security database 140 decodes the electronically signed payment request signal or charge request signal to determine how much the payment amount or the charge amount is. Thereafter, the security database 140 reflects the payment amount or the charge amount grasped in the remaining balance information corresponding to the card ID.
  • the security database 140 notifies the general database 130 of the payment or charging of the amount (S1080).
  • the general database 130 stores the transaction history for the card ID (S1085).
  • the general database 130 stores the payment or recharge of the amount for a specific card in the transaction history and stores the transaction history for each card ID.
  • the security database 140 transmits the electronically signed payment completion information or charging completion information to the payment terminal 150 or the charging terminal 160 (S1090).
  • the card management server 120 transmits the transaction history for each card ID according to a predetermined condition to the card company server and the data security device 170 (S1095).
  • FIG. 11 is a flowchart illustrating a process of issuing a card to the terminal by the card management server according to an embodiment of the present invention. Since it has been described in detail with reference to Figures 1 to 10, the detailed description will be omitted.
  • the card management server 120 receives the card issuing request signal from the terminal 110 together with the terminal ID or the CI (S1110).
  • the card management server 120 determines whether the terminal ID or CI received in the general database 130 is stored (S1120).
  • the card management server 120 issues a card and generates a security key of the issued card (S1130).
  • the card management server 120 separates the issued card information into information that requires encryption and information that does not require encryption (S1140).
  • the card management server 120 stores the separated information in the general database 130 and the security database 140 (S1150).
  • the card management server 120 grasps information that does not need encryption, stored together with the terminal ID or CI in the general database 130 (S1160). .
  • the card management server 120 transmits information that does not require encryption to the terminal (S1170).
  • FIG. 12 is a flowchart illustrating a process of completing charging by a card management server according to a request of a terminal according to an embodiment of the present invention.
  • the card management server 120 receives the card ID and the balance charge request signal from the terminal 110 (S1210).
  • the card management server 120 transmits a card validity authentication request signal to the general database 130 (S1220).
  • the card management server 120 receives the card validity authentication result from the general database 130 (S1230).
  • the card management server 120 transmits the card ID and the charging request signal to the security database 140 (S1240).
  • the card management server 120 receives the fact that the charge amount is reflected in the balance information from the security database 140 and transmits it to the terminal (S1250).
  • the card management server 120 transmits the transaction history for each card ID to the card company server and the data security device according to preset conditions (S1260).
  • FIG. 13 is a flowchart illustrating a process in which a card management server performs a payment or charging to a terminal at the request of a payment terminal or a charging terminal according to an embodiment of the present invention.
  • the card management server 120 receives a card balance inquiry request for a specific card ID from the payment terminal 150 or the charging terminal 160 and inquires the balance of the specific card ID in the security database (S1310).
  • the card management server 120 transmits the balance of the specific card ID to the payment terminal 150 or the charging terminal 160 (S1320).
  • the card management server 120 receives the electronic signature of the payment terminal 150 or the charging terminal 160 and the card ID of the terminal from the terminal 110 (S1330).
  • the card management server 120 transmits the digital signature of the payment terminal 150 or the charging terminal 160 and the card validation request signal to the security database 140 to receive the verification result from the security database 140 (S1340). ).
  • the card management server 120 receives a payment or charging request signal from the terminal 110 together with the card ID and transmits the received signal to the security database 140 (S1350).
  • the card management server 120 receives the fact that the payment or the charged amount is reflected in the balance information from the security database and transmits it to the terminal (S1360).
  • FIG. 14 is a timing chart illustrating a process of selecting a card to be used in the terminal according to an embodiment of the present invention.
  • the terminal 110 transmits a card selection signal to the card management server 120 (S1410).
  • the card management server 120 determines whether the selected card is validly issued (S1420).
  • the card management server 120 determines whether to operate with the selected card according to the determination result (S1430).
  • the card management server 120 transmits the card selection result to the terminal 110 (S1440).
  • 15 is a timing chart illustrating a process of selecting a card to be used immediately before payment or charging in a terminal according to an embodiment of the present invention.
  • the terminal 110 transmits the card selection signal to the card management server 120 together with the payment or charging request signal (S1410). In addition, the terminal 110 may transmit current location information of the terminal 110 together.
  • the card management server 120 determines whether the selected card is valid (S1520).
  • the card management server 120 performs an operation for payment or charging with the selected card (S1530).
  • the card management server 120 transmits a message indicating that the card is selected to the terminal 110 and proceeds with the operation.
  • the card management server 120 transmits an error message indicating that the selected card is not valid to the terminal 110 (S1530).
  • FIG. 16 is a flowchart illustrating a process of determining, by a card management server, a card to be used by receiving a card selection request from a terminal according to an embodiment of the present invention.
  • the card management server 120 receives a card selection signal from the terminal 110 (S1610).
  • the card management server 120 may receive a card selection signal before (not related to) a charging or payment request, or may receive it along with a charging or payment request.
  • the card management server 120 determines whether the selected card is valid (S1620).
  • the card management server 120 If the selected card is valid, the card management server 120 to operate as the selected card, or proceed with the operation for charging or payment (S1630).
  • the card management server 120 transmits an error message to the terminal 110 (S1640).
  • FIGS. 11 to 13 and 17 each process is described as being sequentially executed, but this is merely illustrative of the technical idea of the exemplary embodiment of the present invention.
  • a person of ordinary skill in the art to which an embodiment of the present invention belongs may change the order of the processes described in each drawing or execute one or more of the processes without departing from the essential characteristics of the embodiment of the present invention.
  • 11 and 13 and 17 are not limited to the time series since the processes may be applied in various ways.
  • the processes illustrated in FIGS. 11 to 13 and 17 may be implemented as computer readable codes on a computer readable recording medium.
  • the computer-readable recording medium includes all kinds of recording devices in which data that can be read by a computer system is stored. That is, the computer-readable recording medium may be a magnetic storage medium (for example, ROM, floppy disk, hard disk, etc.), an optical reading medium (for example, CD-ROM, DVD, etc.) and a carrier wave (for example, the Internet Storage medium).
  • the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un système et un procédé de gestion de cartes utilisant un dispositif de sécurité. Selon un aspect du présent mode de réalisation, un objectif de la présente invention est de proposer un système et un procédé de gestion de cartes pour fournir une publicité cible à un utilisateur spécifique qui a l'intention de recharger une carte de transport, de façon à permettre à un opérateur du système de gestion de cartes de créer des recettes.
PCT/KR2018/002946 2017-03-13 2018-03-13 Système et procédé de gestion de cartes utilisant un dispositif de sécurité Ceased WO2018169285A2 (fr)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
KR1020170030959A KR101902990B1 (ko) 2017-03-13 2017-03-13 보안모듈을 이용한 교통카드 발급 및 운용 시스템 및 방법
KR10-2017-0030959 2017-03-13
KR10-2017-0083225 2017-06-30
KR1020170083225A KR101850705B1 (ko) 2017-06-30 2017-06-30 앱 방식을 이용한 교통카드 발급 및 운용 시스템 및 방법
KR1020170084633A KR101907960B1 (ko) 2017-07-04 2017-07-04 보안장치를 이용한 카드 관리 시스템 및 방법
KR10-2017-0084633 2017-07-04
KR1020170113796A KR101902992B1 (ko) 2017-09-06 2017-09-06 교통 카드 관리 시스템 및 방법
KR10-2017-0113796 2017-09-06

Publications (2)

Publication Number Publication Date
WO2018169285A2 true WO2018169285A2 (fr) 2018-09-20
WO2018169285A3 WO2018169285A3 (fr) 2018-11-08

Family

ID=63522413

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/002946 Ceased WO2018169285A2 (fr) 2017-03-13 2018-03-13 Système et procédé de gestion de cartes utilisant un dispositif de sécurité

Country Status (1)

Country Link
WO (1) WO2018169285A2 (fr)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101460514B1 (ko) * 2010-01-12 2014-11-20 에스케이플래닛 주식회사 통합 결제 서비스 장치 및 방법, 통합 결제 서비스 서버, 이를 위한 클라이언트 단말 및 스마트 카드
KR101168076B1 (ko) * 2010-06-09 2012-07-24 비씨카드(주) 모바일 카드 서비스 방법 및 그 방법을 수행하기 위한 이동 단말기
KR20150123551A (ko) * 2014-04-25 2015-11-04 모지도코화이어코리아 유한회사 Hce를 활용한 모바일 카드 서비스 방법 및 이를 적용한 모바일 단말
KR20160022431A (ko) * 2014-08-19 2016-03-02 주식회사 티모넷 스마트폰을 이용한 hce 기반의 교통카드 결제 시스템 및 방법
KR102460459B1 (ko) * 2015-02-27 2022-10-28 삼성전자주식회사 전자 장치를 이용한 카드 서비스 방법 및 장치

Also Published As

Publication number Publication date
WO2018169285A3 (fr) 2018-11-08

Similar Documents

Publication Publication Date Title
WO2020235782A1 (fr) Procédé d'authentification d'identification personnelle dans un environnement distribué
WO2021075867A1 (fr) Procédé de stockage et de récupération de clés pour système basé sur des chaînes de blocs et dispositif associé
WO2018008800A1 (fr) Système d'authentification de certificat accrédité basé sur une chaîne de blocs, et procédé d'authentification de certificat accrédité basé sur une chaîne de blocs, utilisant ce système
WO2013067935A1 (fr) Procédé et système destinés à authentifier l'identité d'un utilisateur et équipement utilisé lors de cette authentification
WO2020032321A1 (fr) Système de fourniture de transaction financière reposant sur un code virtuel, dispositif de génération de code virtuel, dispositif de vérification de code virtuel, procédé de fourniture de transaction financière reposant sur un code virtuel et programme de fourniture de transaction financière reposant sur un code virtuel
WO2014030959A1 (fr) Procédé pour fournir des informations, terminal mobile et dispositif d'affichage correspondants
WO2017171165A1 (fr) Système d'émission de certificat public en fonction d'une chaîne de blocs et procédé d'émission de certificat public en fonction d'une chaîne de blocs utilisant ledit système
WO2020032482A1 (fr) Procédé et système de fourniture de transaction financière au moyen d'une carte vide
WO2019208861A1 (fr) Dispositif et procédé pour fournir un service de transaction de cryptomonnaie au moyen d'un portefeuille électronique
WO2021040205A1 (fr) Dispositif électronique et procédé de transfert d'instruction de commande à un dispositif cible par un dispositif électronique
WO2014139342A1 (fr) Procédé de téléchargement de clé, procédé de gestion, procédé de gestion de téléchargement, dispositif et système
WO2020091525A1 (fr) Procédé de paiement à l'aide d'une authentification biométrique et dispositif électronique associé
WO2020149500A1 (fr) Procédé et appareil pour l'enregistrement d'une clé partagée
WO2016126052A2 (fr) Procédé et système d'authentification
WO2010087567A1 (fr) Procédé d'installation d'un objet de droits destiné à du contenu dans une carte de mémoire
WO2017176051A1 (fr) Procédé et système pour authentifier un dispositif de l'internet des objets à l'aide d'un dispositif mobile
WO2019132555A1 (fr) Dispositif électronique permettant de transmettre et de recevoir un message comportant un émoji et procédé permettant de commander le dispositif électronique
WO2017099342A1 (fr) Procédé, appareil et système pour fournir des informations de compte temporaire
WO2019107946A1 (fr) Dispositif électronique et procédé de traitement de paiement à distance
WO2018034491A1 (fr) Dispositif primaire, dispositif accessoire et procédés de traitement d'opérations sur le dispositif primaire et le dispositif accessoire
WO2019198846A9 (fr) Procédé et dispositif d'acquisition d'informations de probabilité de système gacha, et programme informatique
WO2023106759A1 (fr) Dispositif et procédé de paiement facile hors ligne du type borne d'impression de photos hybride comprenant une lecture de code qr et une commande de médiation web du type à auto-sélection
WO2017188497A1 (fr) Procédé d'authentification d'utilisateur à intégrité et sécurité renforcées
WO2019190132A1 (fr) Procédé de traitement bancaire et support d'informations lisible par ordinateur contenant une application de traitement bancaire
WO2022149722A1 (fr) Procédé et système de service de facturation de contenu prépayé en fonction d'une chaîne de blocs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18766744

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18766744

Country of ref document: EP

Kind code of ref document: A2