WO2003001736A1 - Method for authenticating settlement terminal and settlement method using the same - Google Patents

Method for authenticating settlement terminal and settlement method using the same Download PDF

Info

Publication number
WO2003001736A1
WO2003001736A1 PCT/KR2002/000288 KR0200288W WO03001736A1 WO 2003001736 A1 WO2003001736 A1 WO 2003001736A1 KR 0200288 W KR0200288 W KR 0200288W WO 03001736 A1 WO03001736 A1 WO 03001736A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
settlement
server
certificate
information
Prior art date
Application number
PCT/KR2002/000288
Other languages
French (fr)
Inventor
Hui-Yol Cho
Original Assignee
Starbridge Communications Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Starbridge Communications Co., Ltd. filed Critical Starbridge Communications Co., Ltd.
Publication of WO2003001736A1 publication Critical patent/WO2003001736A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Definitions

  • the present invention relates to a method for authenticating a settlement terminal, and more particularly to a settlement terminal authentication method and a settlement method using the same, wherein settlement for a transaction can be prevented from being illegally conducted due to an information leakage occurring during transmission and reception of information for the transaction settlement through the use of a settlement terminal such as a credit card reader.
  • a credit card reading terminal reads user information stored in a credit card of the user and sends the read information to a credit card company together with transaction records. Thereafter, the credit card company approves the transaction on the basis of the sent user information.
  • the above-mentioned conventional credit card-based settlement method has an unsolved problem in that another person may make a fraudulent use of the user's credit card.
  • the fraudulent use of the credit card mostly results from a loss or theft of the card, it may be sometimes caused due to a leakage of information being transmitted and received between the credit card reading terminal and the credit card company.
  • a settlement terminal in order to prevent the credit card from being illegally used due to the information leakage, a settlement terminal must be authenticated for transaction settlement on the basis of encrypted data.
  • the present invention has been made in view of the above problems, and it is an object of the present invention to provide a method for authenticating a settlement terminal, wherein settlement for a transaction can be prevented from being illegally conducted due to an information leakage occurring during transmission and reception of information for the transaction settlement through the use of the settlement terminal.
  • a method for authenticating a settlement terminal connected to a settlement server over a network comprising the steps of a) entering initial terminal information to the settlement server through the terminal and receiving a terminal ID and one-time password created by the settlement server; b) gaining access to the settlement server through the terminal and sending the terminal ID and one-time password and a MAC (Media Access Control) address to the settlement server; c) determining on the basis of the sent terminal ID, one-time password and MAC address that the terminal is an authorized one and then storing the terminal ID, one-time password and MAC address in the settlement server; d) creating a terminal certificate for an SSL (Secure Socket Layer) protocol encrypted in an RSA (Rivest-Shamir-Adle
  • the above step a) may include the steps of a-1) connecting the terminal to the settlement server over the network; a-2) entering a user ID and password for user identification; a-3) sending the terminal information to the settlement server through the terminal if a user is an authorized one; a-4) storing the sent terminal information and creating the terminal ID and one-time password on the basis of the stored terminal information; and a-5) storing the created terminal ID and one-time password and sending the stored terminal ID and one-time password and the MAC address to the terminal.
  • a settlement method based on authentication of a settlement terminal comprising the steps of a) for settlement for a transaction, sending settlement information and a terminal certificate, encrypted on the basis of a SEED key, from the terminal to a settlement server according to an SSL (Secure Socket Layer) protocol over a network; b) extracting a terminal certificate and terminal information stored in an LDAP (Light Weight Directory Access Protocol) server; c) comparing a MAC (Media Access Control) address contained in the terminal certificate sent from the terminal with that contained in an information packet and, if the two MAC addresses are the same, determining that the terminal certificate sent from the terminal is valid; d) comparing the terminal certificate sent from the terminal with the terminal certificate extracted from the LDAP server and authenticating the terminal if the two terminal certificates are the same; and e) approving the transaction on the basis of the settlement information and then sending approval information to the terminal.
  • SSL Secure Socket Layer
  • Fig. 1 is a block diagram schematically showing a connection between a settlement terminal and a terminal authentication server over a network;
  • Fig. 2 is a block diagram illustrating a signal flow of an initial terminal information registration procedure of a settlement terminal authentication method in accordance with the present invention
  • Fig. 3 is a flow chart illustrating the initial terminal information registration procedure of the settlement terminal authentication method in accordance with the present invention
  • Fig. 4 is a block diagram illustrating a signal flow of a terminal authentication procedure of the settlement terminal authentication method in accordance with the present invention
  • Fig. 5 is a flow chart illustrating the terminal authentication procedure of the settlement terminal authentication method in accordance with the present invention.
  • Fig. 6 is a flow chart illustrating a settlement method in accordance with the present invention.
  • a settlement terminal is authenticated on the basis of encrypted data.
  • the settlement terminal is a general credit card settlement terminal.
  • This credit card settlement terminal is generally connected to a settlement server or financial institution via a dedicated line.
  • a specific dedicated line is required in a place where the settlement terminal is installed.
  • the settlement terminal must be registered and authenticated because it is connected to a very high speed Internet network (under a TCP/IP environment), such as an ISDN or ADSL.
  • modified SSL Secure Socket Layer
  • the terminal encrypts information through the use of a symmetric algorithm-based SEED key and sends the encrypted information to the server.
  • DES, 3DES and IDEA are generally used for symmetric encryption in a standard SSL
  • the present invention employs a modified SSL using SEED.
  • a terminal authentication server creates a one-time password in an initial terminal information registration procedure such that the password is used for terminal authentication.
  • a settlement-dedicated terminal 3 is connected to the terminal authentication server 5 and settlement server 8 over the network 1, which may be a TCP/IP-based very high speed communication network (for example, an ADSL network).
  • the terminal authentication server 5 is connected to an LDAP server 7, and the settlement server 8 is connected to a financial settlement server 9 and a financial institution 11.
  • the terminal authentication server 5, LDAP server 7 and settlement server 8 are shown in Fig. 1 to be individual servers, they may be substantially included in one server, or a Web server of a settlement service provider.
  • the dedicated terminal 3 which is driven by a general or exclusive Web browser or an exclusive operating system, stores a SEED key provided from a certificate authority and encrypts information to be sent, using the stored SEED key.
  • the terminal 3 is also adapted to exchange certificates with the terminal authentication server 5 according to a modified SSL protocol.
  • the LDAP Light Weight Directory Access Protocol
  • the LDAP acts to store terminal information and a server certificate authenticated by the certificate authority and provide the stored certificate and terminal information to the terminal authentication server 5 when the terminal 3 is required to be authenticated.
  • FIG. 2 is a block diagram illustrating a signal flow of the initial terminal information registration procedure
  • Fig. 3 is a flow chart illustrating in detail the initial terminal information registration procedure.
  • a manager dispatched from a terminal manufacturing company gains access to the terminal authentication server 5 through the terminal (S101) and enters an ID and password thereto (SI 02).
  • the terminal authentication server 5 receives the ID and password entered by the manager and compares them with those stored in a database 13 to determine whether the manager is an authorized one (S103). If the manager is an authorized one, the terminal authentication server 5 permits the manager to enter and send terminal information to the server 5 through the terminal 3 (SI 04). Thereafter, the terminal authentication server 5 receives the terminal information sent from the manager and stores it in the database 13 (SI 05).
  • the terminal authentication server 5 creates a one-time password in an existing 'challenge/response' manner or 'time synchronous' manner, which is well known in the art.
  • the server 5 also creates a terminal ID (SI 06).
  • the server 5 stores the created one-time password and terminal ID and a MAC (Media Access Control) address in the database 13 at the same time as sending them to the terminal 3 (SI 07).
  • the terminal information is stored and registered in the database of the terminal authentication server, and the dedicated terminal is provided with the terminal ID, one-time password and MAC address for terminal authentication from the terminal authentication server.
  • the terminal authentication server 5 registers the terminal information, sent from the manager through the terminal, creates the terminal ID and one-time password and sends them back to the terminal.
  • the terminal stores the terminal ID and one-time password sent from the terminal authentication server 5. Thereafter, for terminal authentication, the terminal gains access to the server 5 using the terminal ID and one-time password, and is then authenticated by the server 5.
  • the terminal authentication server 5 is preferably a Web server that verifies user information and transaction information, applied from the terminal 3 for transaction settlement, and transfers settlement information to the settlement server as a result of the verification to allow the settlement server to approve the transaction. That is, the terminal authentication server 5 authenticates a specific terminal existing on the Internet when settlement for a transaction is required, so that the transaction settlement can be conducted.
  • Fig. 4 is a block diagram illustrating a signal flow of the terminal authentication procedure
  • Fig. 5 which is a flow chart illustrating in detail the terminal authentication procedure.
  • the terminal 3 gains access to the terminal authentication server 5 (S201) and sends to the server 5 the terminal ID, one-time password and MAC address assigned upon the terminal registration (S202).
  • the terminal authentication server 5 checks the terminal ID, one-time password and MAC address sent from the terminal to determine whether the terminal is an authorized one (S203). In the case where the terminal is an authorized one, the terminal authentication server 5 stores the sent terminal ID and MAC address in the database 13 (S204).
  • the terminal authentication server 5 creates a terminal certificate on the basis of the terminal information and MAC address (S205), and transfers the created terminal certificate to the LDAP server 7 to store it therein (S206).
  • the terminal certificate is created in an asymmetric algorithm-based RSA (Rivest-Shamir-Adleman) manner because the modified SSL communication can be performed between the terminal 3 and the terminal authentication server 5.
  • the terminal authentication server 5 requests a server certificate from a certificate authority 4 for authentication thereof, then the certificate authority 4 creates the server certificate in response to the request from the server 5 and provides it to the server 5 (S207). Thereafter, the terminal authentication server 5 sends the terminal certificate, server certificate, terminal information and SEED key to the terminal 3 (S208).
  • the terminal 3 receives the one-time password, created upon its registration, from the terminal authentication server 5, accesses the server 5 on the basis of the received password and receives the created terminal certificate and server certificate from the server 5 again. At this time, the terminal 3 also receives the symmetric algorithm-based SEED key to be used for the SSL communication and encrypts information to be sent, using the received SEED key.
  • the terminal 3 is a general credit card reading terminal, preferably a settlement-dedicated terminal equipped with an exclusive Web browser (or exclusive operating system software).
  • the terminal certificate, terminal information and SEED key, provided upon the initial authentication of the terminal 3, are used for terminal authentication and encryption of information to be sent, when transaction settlement is actually conducted.
  • Fig. 6 illustrates a settlement method according to the present invention, wherein transaction settlement is conducted on the basis of terminal authentication.
  • the credit card reading terminal 3 encrypts the settlement information and terminal certificate with the SEED key and sends the encrypted settlement information and terminal certificate to the terminal authentication server 5 (S302).
  • the settlement information includes the terminal information, information contained in the credit card, transaction records and so forth.
  • the terminal certificate is created according to the SSL protocol
  • the terminal certificate is dually encrypted according to the symmetric/asymmetric algorithms, thereby ensuring more reliable security of information.
  • the terminal authentication server 5 requests the LDAP server 7 to transfer the terminal certificate stored therein (S303).
  • the terminal authentication server 5 compares the MAC address contained in the terminal certificate sent from the terminal 3 with that contained in an information packet to determine whether they are the same. In the case where the two MAC addresses are determined to be the same, the terminal authentication server 5 recognizes that the terminal certificate sent from the terminal 3 is valid. Subsequently, the terminal authentication server 5 compares the terminal certificate sent from the terminal 3 with that transferred from the LDAP server 7 to determine whether they are the same. If the two terminal certificates are determined to be the same, then the server 5 authenticates the terminal 3 (S304).
  • the terminal authentication server 5 transfers the settlement information to the settlement server 8 to request it to approve the transaction (S305).
  • the settlement server 8 Upon receiving the settlement information (containing, for example, user information, a user ID, a password and transaction records) transferred from the terminal authentication server 5, the settlement server 8 compares the received settlement information with information stored in its database to determine whether the user is a valid one. If the user is determined to be a valid one, then the settlement server 8 approves the transaction (S306) and sends approval information to the settlement terminal (S307).
  • terminal authentication is carried out through the use of a one-time password that is assigned to a terminal upon initial terminal information registration.
  • the terminal is provided with a terminal certificate encrypted according to an asymmetric algorithm.
  • the terminal certificate and settlement information are encrypted on the basis of a symmetric algorithm, thereby obtaining a more reliable security effect.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A settlement method that provides a more reliable security effect. The settlement method comprises the step of entering initial terminal information to a settlement server (8) through a settlement terminal (3) and receiving a terminal ID and one-time password created by the settlement server, the step of sending the terminal ID and one-time password and a MAC address to the settlement server through the terminal, the step of determining that the terminal is an authorized one and then storing the terminal ID, one-time password and MAC address in the settlement server, the step of creating a terminal certificate for an SSL protocol encrypted in an RSA manner and storing the created terminal certificate in an LDAP server (7), and the step of sending the terminal information and terminal certificate, and a server certificate and SEED key created by a certificate authority (4) to the terminal.

Description

METHOD FOR AUTHENTICATING SETTLEMENT TERMINAL AND
SETTLEMENT METHOD USING THE SAME
Technical Field
The present invention relates to a method for authenticating a settlement terminal, and more particularly to a settlement terminal authentication method and a settlement method using the same, wherein settlement for a transaction can be prevented from being illegally conducted due to an information leakage occurring during transmission and reception of information for the transaction settlement through the use of a settlement terminal such as a credit card reader.
Background Art
Recently, with the ongoing industrialization and the advent of credit society, payment systems have been rapidly spread from a direct type where currency is paid directly for commodity purchasing or service use to an indirect type where money is paid through the use of a credit card, etc. for the commodity purchasing or service use. The indirect payment systems provide transparent transaction particulars enabling the prevention of problems such as tax evasion and so forth. In this regard, it is the current reality that the indirect payment systems are nationally widely encouraged.
In a conventional credit card-based settlement method, when a user purchases a commodity from a credit card-affiliated store or uses a service therefrom, a credit card reading terminal reads user information stored in a credit card of the user and sends the read information to a credit card company together with transaction records. Thereafter, the credit card company approves the transaction on the basis of the sent user information.
However, the above-mentioned conventional credit card-based settlement method has an unsolved problem in that another person may make a fraudulent use of the user's credit card. Although the fraudulent use of the credit card mostly results from a loss or theft of the card, it may be sometimes caused due to a leakage of information being transmitted and received between the credit card reading terminal and the credit card company. For this reason, there is a need for user authentication to prevent the credit card from being illegally used by another person. Further, in order to prevent the credit card from being illegally used due to the information leakage, a settlement terminal must be authenticated for transaction settlement on the basis of encrypted data.
Disclosure of the Invention
Therefore, the present invention has been made in view of the above problems, and it is an object of the present invention to provide a method for authenticating a settlement terminal, wherein settlement for a transaction can be prevented from being illegally conducted due to an information leakage occurring during transmission and reception of information for the transaction settlement through the use of the settlement terminal.
It is another object of the present invention to provide a settlement method wherein a settlement terminal is authenticated for transaction settlement on the basis of a dually encrypted terminal certificate, thereby providing more reliable security of information. In accordance with one aspect of the present invention, the above and other objects can be accomplished by the provision of a method for authenticating a settlement terminal connected to a settlement server over a network, comprising the steps of a) entering initial terminal information to the settlement server through the terminal and receiving a terminal ID and one-time password created by the settlement server; b) gaining access to the settlement server through the terminal and sending the terminal ID and one-time password and a MAC (Media Access Control) address to the settlement server; c) determining on the basis of the sent terminal ID, one-time password and MAC address that the terminal is an authorized one and then storing the terminal ID, one-time password and MAC address in the settlement server; d) creating a terminal certificate for an SSL (Secure Socket Layer) protocol encrypted in an RSA (Rivest-Shamir-Adleman) manner on the basis of the terminal information and MAC address and storing the created terminal certificate in an LDAP (Light Weight Directory
Access Protocol) server; and e) sending the terminal information and terminal certificate, and a server certificate and SEED key created by a certificate authority to the terminal.
Preferably, the above step a) may include the steps of a-1) connecting the terminal to the settlement server over the network; a-2) entering a user ID and password for user identification; a-3) sending the terminal information to the settlement server through the terminal if a user is an authorized one; a-4) storing the sent terminal information and creating the terminal ID and one-time password on the basis of the stored terminal information; and a-5) storing the created terminal ID and one-time password and sending the stored terminal ID and one-time password and the MAC address to the terminal.
In accordance with another aspect of the present invention, there is provided a settlement method based on authentication of a settlement terminal, comprising the steps of a) for settlement for a transaction, sending settlement information and a terminal certificate, encrypted on the basis of a SEED key, from the terminal to a settlement server according to an SSL (Secure Socket Layer) protocol over a network; b) extracting a terminal certificate and terminal information stored in an LDAP (Light Weight Directory Access Protocol) server; c) comparing a MAC (Media Access Control) address contained in the terminal certificate sent from the terminal with that contained in an information packet and, if the two MAC addresses are the same, determining that the terminal certificate sent from the terminal is valid; d) comparing the terminal certificate sent from the terminal with the terminal certificate extracted from the LDAP server and authenticating the terminal if the two terminal certificates are the same; and e) approving the transaction on the basis of the settlement information and then sending approval information to the terminal.
Brief Description of the Drawings
The above and other objects, features and other advantages of the present invention will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which:
Fig. 1 is a block diagram schematically showing a connection between a settlement terminal and a terminal authentication server over a network;
Fig. 2 is a block diagram illustrating a signal flow of an initial terminal information registration procedure of a settlement terminal authentication method in accordance with the present invention;
Fig. 3 is a flow chart illustrating the initial terminal information registration procedure of the settlement terminal authentication method in accordance with the present invention; Fig. 4 is a block diagram illustrating a signal flow of a terminal authentication procedure of the settlement terminal authentication method in accordance with the present invention;
Fig. 5 is a flow chart illustrating the terminal authentication procedure of the settlement terminal authentication method in accordance with the present invention; and
Fig. 6 is a flow chart illustrating a settlement method in accordance with the present invention.
Best Mode for Carrying Out the Invention
In the present invention, a settlement terminal is authenticated on the basis of encrypted data. The settlement terminal is a general credit card settlement terminal.
This credit card settlement terminal is generally connected to a settlement server or financial institution via a dedicated line. In this regard, a specific dedicated line is required in a place where the settlement terminal is installed. In this invention, the settlement terminal must be registered and authenticated because it is connected to a very high speed Internet network (under a TCP/IP environment), such as an ISDN or ADSL.
Over the Internet, the position and information of the terminal have to be verified for each settlement. As a result, the authentication is required each time a settlement is conducted. Note that security of information is an essential factor to an open environment such as the Internet. In this connection, in the present invention, information is encrypted and transmitted and received for terminal authentication required for settlement. To this end, in the invention, modified SSL (Secure Socket Layer) communication is performed to exchange certificates between a server and a terminal on the basis of an asymmetric algorithm-based encryption. Further, the terminal encrypts information through the use of a symmetric algorithm-based SEED key and sends the encrypted information to the server. Although DES, 3DES and IDEA are generally used for symmetric encryption in a standard SSL, the present invention employs a modified SSL using SEED. In addition, according to the present invention, a terminal authentication server creates a one-time password in an initial terminal information registration procedure such that the password is used for terminal authentication.
Now, a preferred embodiment of a settlement terminal authentication method according to the present invention will be described in detail in conjunction with the accompanying drawings.
With reference to Fig. 1, there are conceptually shown in block form connections from a settlement-dedicated terminal 3 to a terminal authentication server 5 and a settlement server 8 over a network 1. As shown in Fig. 1, the settlement-dedicated terminal 3 is connected to the terminal authentication server 5 and settlement server 8 over the network 1, which may be a TCP/IP-based very high speed communication network (for example, an ADSL network). The terminal authentication server 5 is connected to an LDAP server 7, and the settlement server 8 is connected to a financial settlement server 9 and a financial institution 11. Although the terminal authentication server 5, LDAP server 7 and settlement server 8 are shown in Fig. 1 to be individual servers, they may be substantially included in one server, or a Web server of a settlement service provider.
The dedicated terminal 3, which is driven by a general or exclusive Web browser or an exclusive operating system, stores a SEED key provided from a certificate authority and encrypts information to be sent, using the stored SEED key. The terminal 3 is also adapted to exchange certificates with the terminal authentication server 5 according to a modified SSL protocol.
As stated previously, information read by the dedicated terminal 3 is dually encrypted through the SSL and SEED key (i.e., encrypted according to the symmetric algorithm and asymmetric algorithm) and then sent to the terminal authentication server 5 over the network 1. The LDAP (Light Weight Directory Access Protocol) server 7 acts to store terminal information and a server certificate authenticated by the certificate authority and provide the stored certificate and terminal information to the terminal authentication server 5 when the terminal 3 is required to be authenticated.
A description will hereinafter be given of an initial terminal information registration procedure in accordance with the present invention with reference to Fig. 2 which is a block diagram illustrating a signal flow of the initial terminal information registration procedure, and Fig. 3 which is a flow chart illustrating in detail the initial terminal information registration procedure.
For terminal registration, first, a manager dispatched from a terminal manufacturing company gains access to the terminal authentication server 5 through the terminal (S101) and enters an ID and password thereto (SI 02). The terminal authentication server 5 receives the ID and password entered by the manager and compares them with those stored in a database 13 to determine whether the manager is an authorized one (S103). If the manager is an authorized one, the terminal authentication server 5 permits the manager to enter and send terminal information to the server 5 through the terminal 3 (SI 04). Thereafter, the terminal authentication server 5 receives the terminal information sent from the manager and stores it in the database 13 (SI 05).
Subsequently, the terminal authentication server 5 creates a one-time password in an existing 'challenge/response' manner or 'time synchronous' manner, which is well known in the art. The server 5 also creates a terminal ID (SI 06). The server 5 stores the created one-time password and terminal ID and a MAC (Media Access Control) address in the database 13 at the same time as sending them to the terminal 3 (SI 07).
Through the above-described procedure, the terminal information is stored and registered in the database of the terminal authentication server, and the dedicated terminal is provided with the terminal ID, one-time password and MAC address for terminal authentication from the terminal authentication server.
As stated above, the terminal authentication server 5 registers the terminal information, sent from the manager through the terminal, creates the terminal ID and one-time password and sends them back to the terminal. The terminal stores the terminal ID and one-time password sent from the terminal authentication server 5. Thereafter, for terminal authentication, the terminal gains access to the server 5 using the terminal ID and one-time password, and is then authenticated by the server 5.
The terminal authentication server 5 is preferably a Web server that verifies user information and transaction information, applied from the terminal 3 for transaction settlement, and transfers settlement information to the settlement server as a result of the verification to allow the settlement server to approve the transaction. That is, the terminal authentication server 5 authenticates a specific terminal existing on the Internet when settlement for a transaction is required, so that the transaction settlement can be conducted. Next, a description will be given of a terminal authentication procedure in accordance with the present invention with reference to Fig. 4 which is a block diagram illustrating a signal flow of the terminal authentication procedure, and Fig. 5 which is a flow chart illustrating in detail the terminal authentication procedure. For terminal authentication, first, the terminal 3 gains access to the terminal authentication server 5 (S201) and sends to the server 5 the terminal ID, one-time password and MAC address assigned upon the terminal registration (S202). The terminal authentication server 5 checks the terminal ID, one-time password and MAC address sent from the terminal to determine whether the terminal is an authorized one (S203). In the case where the terminal is an authorized one, the terminal authentication server 5 stores the sent terminal ID and MAC address in the database 13 (S204).
Thereafter, the terminal authentication server 5 creates a terminal certificate on the basis of the terminal information and MAC address (S205), and transfers the created terminal certificate to the LDAP server 7 to store it therein (S206).
It should be noted herein that the terminal certificate is created in an asymmetric algorithm-based RSA (Rivest-Shamir-Adleman) manner because the modified SSL communication can be performed between the terminal 3 and the terminal authentication server 5.
On the other hand, if the terminal authentication server 5 requests a server certificate from a certificate authority 4 for authentication thereof, then the certificate authority 4 creates the server certificate in response to the request from the server 5 and provides it to the server 5 (S207). Thereafter, the terminal authentication server 5 sends the terminal certificate, server certificate, terminal information and SEED key to the terminal 3 (S208).
As stated above, according to the present invention, the terminal 3 receives the one-time password, created upon its registration, from the terminal authentication server 5, accesses the server 5 on the basis of the received password and receives the created terminal certificate and server certificate from the server 5 again. At this time, the terminal 3 also receives the symmetric algorithm-based SEED key to be used for the SSL communication and encrypts information to be sent, using the received SEED key.
In the present embodiment, the terminal 3 is a general credit card reading terminal, preferably a settlement-dedicated terminal equipped with an exclusive Web browser (or exclusive operating system software).
The terminal certificate, terminal information and SEED key, provided upon the initial authentication of the terminal 3, are used for terminal authentication and encryption of information to be sent, when transaction settlement is actually conducted.
Fig. 6 illustrates a settlement method according to the present invention, wherein transaction settlement is conducted on the basis of terminal authentication.
As shown in Fig. 6, if a user purchases a commodity or uses a service and then presents his/her credit card to settle his/her account for the commodity purchasing price or service usage fee (S301), the credit card reading terminal 3 encrypts the settlement information and terminal certificate with the SEED key and sends the encrypted settlement information and terminal certificate to the terminal authentication server 5 (S302). At this time, the settlement information includes the terminal information, information contained in the credit card, transaction records and so forth.
Notably, the terminal certificate is created according to the SSL protocol
(namely, the RSA manner)-based asymmetric algorithm and then encrypted through the use of the symmetric algorithm-based SEED key. In other words, the terminal certificate is dually encrypted according to the symmetric/asymmetric algorithms, thereby ensuring more reliable security of information.
Thereafter, the terminal authentication server 5 requests the LDAP server 7 to transfer the terminal certificate stored therein (S303). The terminal authentication server 5 compares the MAC address contained in the terminal certificate sent from the terminal 3 with that contained in an information packet to determine whether they are the same. In the case where the two MAC addresses are determined to be the same, the terminal authentication server 5 recognizes that the terminal certificate sent from the terminal 3 is valid. Subsequently, the terminal authentication server 5 compares the terminal certificate sent from the terminal 3 with that transferred from the LDAP server 7 to determine whether they are the same. If the two terminal certificates are determined to be the same, then the server 5 authenticates the terminal 3 (S304).
After authenticating the terminal 3, the terminal authentication server 5 transfers the settlement information to the settlement server 8 to request it to approve the transaction (S305). Upon receiving the settlement information (containing, for example, user information, a user ID, a password and transaction records) transferred from the terminal authentication server 5, the settlement server 8 compares the received settlement information with information stored in its database to determine whether the user is a valid one. If the user is determined to be a valid one, then the settlement server 8 approves the transaction (S306) and sends approval information to the settlement terminal (S307).
Industrial Applicability
As apparent from the above description, according to the present invention, terminal authentication is carried out through the use of a one-time password that is assigned to a terminal upon initial terminal information registration. As a result of the authentication, the terminal is provided with a terminal certificate encrypted according to an asymmetric algorithm. Thereafter, when settlement for a transaction is actually conducted, the terminal certificate and settlement information are encrypted on the basis of a symmetric algorithm, thereby obtaining a more reliable security effect. Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.

Claims

Claims:
1. A method for authenticating a settlement terminal connected to a settlement server over a network, comprising the steps of: a) entering initial terminal information to said settlement server through said terminal and receiving a terminal ID and one-time password created by said settlement server; b) gaining access to said settlement server through said terminal and sending said terminal ID and one-time password and a MAC (Media Access Control) address to said settlement server; c) determining on the basis of the sent terminal ID, one-time password and
MAC address that said terminal is an authorized one and then storing said terminal ID, one-time password and MAC address in said settlement server; d) creating a terminal certificate for an SSL (Secure Socket Layer) protocol encrypted in an RSA (Ri vest- Shamir- Adleman) manner on the basis of said terminal information and MAC address and storing the created terminal certificate in an LDAP (Light Weight Directory Access Protocol) server; and e) sending said terminal information and terminal certificate, and a server certificate and SEED key created by a certificate authority to said terminal.
2. The method as set forth in claim 1, wherein said settlement server includes a terminal authentication server.
3. The method as set forth in claim 1, wherein said step a) includes the steps of: a-1) connecting said terminal to said settlement server over said network; a-2) entering a user ID and password for user identification; a-3) sending said terminal information to said settlement server through said terminal if a user is an authorized one; a-4) storing the sent terminal information and creating said terminal ID and one-time password on the basis of the stored terminal information; and a-5) storing the created terminal ID and one-time password and sending the stored terminal ID and one-time password and said MAC address to said terminal.
4. The method as set forth in claim 3, wherein the connection of said terminal to said settlement server is made by a manager.
5. The method as set forth in claim 1, wherein said one-time password is created in a challenge/response manner or time synchronous manner.
6. The method as set forth in claim 1, wherein said network is a TCP/IP -based network.
7. A settlement method based on authentication of a settlement terminal, comprising the steps of: a) for settlement for a transaction, sending settlement information and a terminal certificate, encrypted on the basis of a SEED key, from said terminal to a settlement server according to an SSL (Secure Socket Layer) protocol over a network; b) extracting a terminal certificate and terminal information stored in an LDAP (Light Weight Directory Access Protocol) server; c) comparing a MAC (Media Access Control) address contained in said terminal certificate sent from said terminal with that contained in an information packet and, if the two MAC addresses are the same, determining that said terminal certificate sent from said terminal is valid; d) comparing said terminal certificate sent from said terminal with said terminal certificate extracted from said LDAP server and authenticating said terminal if the two terminal certificates are the same; and e) approving said transaction on the basis of said settlement information and then sending approval information to said terminal.
8. The settlement method as set forth in claim 7, wherein said network is a TCP/IP-based network.
9. A settlement method based on authentication of a settlement terminal, comprising the steps of: a) entering initial terminal information to a settlement server through said terminal and receiving a terminal ID and one-time password created by said settlement server; b) gaining access to said settlement server through said terminal and sending said terminal ID and one-time password and a MAC (Media Access Control) address to said settlement server; c) determining on the basis of the sent terminal ID, one-time password and MAC address that said terminal is an authorized one and then storing said terminal ID, one-time password and MAC address in said settlement server; d) creating a terminal certificate for an SSL (Secure Socket Layer) protocol encrypted in an RSA (Rivest-Shamir-Adleman) manner on the basis of said terminal information and MAC address and storing the created terminal certificate in an LDAP (Light Weight Directory Access Protocol) server; e) sending said terminal information and terminal certificate, and a server certificate and SEED key created by a certificate authority to said terminal; f) for settlement for a transaction, allowing said terminal to encrypt settlement information and said terminal certificate with said SEED key and send the encrypted settlement information and terminal certificate to said settlement server; g) receiving said terminal certificate and terminal information stored in said LDAP server; h) comparing a MAC address contained in said terminal certificate sent from said terminal with that contained in an information packet and, if the two MAC addresses are the same, determining that said terminal certificate sent from said terminal is valid; i) comparing said terminal certificate sent from said terminal with said terminal certificate received from said LDAP server and authenticating said terminal if the two terminal certificates are the same; and j) approving said transaction on the basis of said settlement information and then sending approval information to said terminal.
PCT/KR2002/000288 2001-06-21 2002-02-22 Method for authenticating settlement terminal and settlement method using the same WO2003001736A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020010035260A KR20020096581A (en) 2001-06-21 2001-06-21 A method of authenticating a settlement terminal and a settlement method using thereof
KR2001-0035260 2001-06-21

Publications (1)

Publication Number Publication Date
WO2003001736A1 true WO2003001736A1 (en) 2003-01-03

Family

ID=19711150

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2002/000288 WO2003001736A1 (en) 2001-06-21 2002-02-22 Method for authenticating settlement terminal and settlement method using the same

Country Status (2)

Country Link
KR (1) KR20020096581A (en)
WO (1) WO2003001736A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006043904A1 (en) * 2004-10-20 2006-04-27 Encentuate Pte Ltd One time passcode system
EP1683295A1 (en) * 2003-10-17 2006-07-26 ArrayComm, Inc. Digital certificate to user terminal hardware in a wireless network
US7548620B2 (en) * 2004-02-23 2009-06-16 Verisign, Inc. Token provisioning
EP2200251A1 (en) * 2008-12-19 2010-06-23 BRITISH TELECOMMUNICATIONS public limited company System for web-site verification
US7958348B2 (en) * 2003-07-14 2011-06-07 Nagravision S.A. Method for securing an electronic certificate
US8555361B2 (en) 2010-02-26 2013-10-08 Motorola Mobility Llc Dynamic cryptographic subscriber-device identity binding for subscriber mobility
EP2790374A1 (en) * 2013-04-11 2014-10-15 Fujitsu Limited Certificate generation method, certificate generation apparatus and information processing apparatus
CN110992049A (en) * 2019-12-02 2020-04-10 北京市燃气集团有限责任公司 Intelligent card writing method and device
JP7269424B1 (en) 2022-09-22 2023-05-08 PayPay株式会社 Portable terminal, information processing method and information processing program

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100814533B1 (en) * 2006-02-13 2008-03-17 에스케이 텔레콤주식회사 Connection maintenance service system of ldap based and its method
KR100879813B1 (en) * 2008-05-02 2009-01-22 케이아이에스정보통신 주식회사 Magnetic stripe reader module apparatus for preventing an information exposure of credit card and information processing method for the same apparatus
KR101028106B1 (en) * 2008-05-29 2011-04-08 케이아이에스정보통신 주식회사 Method of authenticating encrypted card information in payment server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
KR20000054777A (en) * 2000-06-23 2000-09-05 김상돈 Method of authenticating on the basis of mac address in a network connection
JP2001111544A (en) * 1999-10-05 2001-04-20 Nec Corp Authenticating method in radio lan system and authentication device
JP2001201143A (en) * 2000-01-18 2001-07-27 Mitsubishi Heavy Ind Ltd Air conditioner

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR950010921B1 (en) * 1993-12-06 1995-09-25 금성정보통신주식회사 Authntication method in mobile communication system
KR100315641B1 (en) * 1999-03-03 2001-12-12 서평원 Mutual Authentication Method Of Mobile Station And System For OTAPA
JP2000092567A (en) * 1998-09-07 2000-03-31 Toyota Motor Corp Authenticating device for terminal equipment
KR100349888B1 (en) * 2000-09-08 2002-08-24 주식회사데이콤 PKI system for and method of using micro explorer on mobile terminals

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
JP2001111544A (en) * 1999-10-05 2001-04-20 Nec Corp Authenticating method in radio lan system and authentication device
JP2001201143A (en) * 2000-01-18 2001-07-27 Mitsubishi Heavy Ind Ltd Air conditioner
KR20000054777A (en) * 2000-06-23 2000-09-05 김상돈 Method of authenticating on the basis of mac address in a network connection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
FREIER A., KARLTON P., KOCHER P.: "The SSL protocol, version 3.o, internet draft", March 1996 (1996-03-01), Retrieved from the Internet <URL:http://home.netscape.com/eng/ssl3/ssl-toc.html> *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101066693B1 (en) 2003-07-14 2011-09-21 나그라비젼 에스에이 Method for securing an electronic certificate
US7958348B2 (en) * 2003-07-14 2011-06-07 Nagravision S.A. Method for securing an electronic certificate
EP1683295A1 (en) * 2003-10-17 2006-07-26 ArrayComm, Inc. Digital certificate to user terminal hardware in a wireless network
EP1683295A4 (en) * 2003-10-17 2010-07-28 Intel Corp Digital certificate to user terminal hardware in a wireless network
US8015599B2 (en) 2004-02-23 2011-09-06 Symantec Corporation Token provisioning
US7548620B2 (en) * 2004-02-23 2009-06-16 Verisign, Inc. Token provisioning
US7571489B2 (en) 2004-10-20 2009-08-04 International Business Machines Corporation One time passcode system
WO2006043904A1 (en) * 2004-10-20 2006-04-27 Encentuate Pte Ltd One time passcode system
EP2200251A1 (en) * 2008-12-19 2010-06-23 BRITISH TELECOMMUNICATIONS public limited company System for web-site verification
WO2010070297A1 (en) * 2008-12-19 2010-06-24 British Telecommunications Public Limited Company System for web-site verification
US8555361B2 (en) 2010-02-26 2013-10-08 Motorola Mobility Llc Dynamic cryptographic subscriber-device identity binding for subscriber mobility
WO2011106769A3 (en) * 2010-02-26 2014-09-04 General Instrument Corporation Dynamic cryptographic subscriber-device identity binding for subscriber mobility
EP2790374A1 (en) * 2013-04-11 2014-10-15 Fujitsu Limited Certificate generation method, certificate generation apparatus and information processing apparatus
US9438583B2 (en) 2013-04-11 2016-09-06 Fujitsu Limited Certificate generation method, certificate generation apparatus, information processing apparatus, and communication device
CN110992049A (en) * 2019-12-02 2020-04-10 北京市燃气集团有限责任公司 Intelligent card writing method and device
JP7269424B1 (en) 2022-09-22 2023-05-08 PayPay株式会社 Portable terminal, information processing method and information processing program
JP2024046307A (en) * 2022-09-22 2024-04-03 PayPay株式会社 Portable terminal, information processing method, and information processing program

Also Published As

Publication number Publication date
KR20020096581A (en) 2002-12-31

Similar Documents

Publication Publication Date Title
US9727864B2 (en) Centralized identification and authentication system and method
US6836765B1 (en) System and method for secure and address verifiable electronic commerce transactions
EP1245008B1 (en) Method and system for secure authenticated payment on a computer network
US8608065B2 (en) Authenticating electronic financial transactions
KR100349779B1 (en) Four-party credit/debit payment protocol
US6908030B2 (en) One-time credit card number generator and single round-trip authentication
US20080235513A1 (en) Three Party Authentication
US20040059952A1 (en) Authentication system
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
US20070067828A1 (en) Extended one-time password method and apparatus
US20030154376A1 (en) Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using
US20090292642A1 (en) Method and system for automatically issuing digital merchant based online payment card
JP2013037711A (en) Method of and system for authorizing purchases made over computer network
WO2000002150A1 (en) Transaction authorisation method
US20040054624A1 (en) Procedure for the completion of an electronic payment
WO2003001736A1 (en) Method for authenticating settlement terminal and settlement method using the same
US7603320B1 (en) Method and system for protecting sensitive information and preventing unauthorized use of identity information
US6938160B2 (en) Network service user authentication system
JP2001331646A (en) System and method for financial transaction using fingerprint matching
Herzberg Micropayments
KR100822942B1 (en) System for newly Processing Financial Goods
Pashalidis et al. Using EMV cards for single sign-on
KR100738207B1 (en) System for processing cash payment, financial automatic devices and program recording medium
EP3690782A1 (en) Secure and confidential payment
KR20030015612A (en) Certification System and the Method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP