Conventionally, a basic concept of IrFM (Infrared Financial Messaging) is associated with a profile of a financial transaction based on IrDA (Infrared Data Association) that is near-distance radio connection method. There is proposed a financial payment method in various environments using a PTD (Personal Trusted Device) in relation to the IrFM.
An operation of an IC (Integrated Circuit) card module is always performed through a POS (Point Of Sale) terminal, and because the IC card module is always in a standby state a buyer holding the IC card module commands the IC card module to transmit response data such that the IC card module can give a response to a request from the POS terminal.
That is, where a conventional EMV (Europay, Master and Visa) payment process is performed on the basis of the IrFM, several (e.g., at least 9 or 10) transactions between the POS terminal and the IC card module are conducted through two-way communications.
The case where the transactions between the POS terminal and the IC card module through the two-way communications will be described with reference to a flowchart shown in FIG. 1. Where the IC card module is inserted into the POS terminal, the POS terminal is initialized or reset in response to a reset signal at step S1.
If the POS terminal is reset, applications to be used for the transaction among applications supported by the IC card module and the POS terminal are selected. Then, a list of available applications is created and one application is selected from the list at step S2.
The POS terminal then provides a GET PROCESSING OPTION command, i.e., a command for synchronization, to the IC card module to notify the IC card module that transaction processing has been initiated at step S3. At this time, the IC card module provides, to the POS terminal, an AFL (Application File Locator) in response to the GET PROCESSING OPTION command.
The POS terminal then reads application data needed for the transaction processing from the IC card module. At this time, it is determined whether the data must be authenticated using an SDA (Static Data Authentication) or DDA (Dynamic Data Authentication), at step S4.
At step S5, the POS terminal determines whether an issuer authentication for an online transaction of a considerable amount of money is requested or an authentication for preventing an unlawful use, which can not be detected in an offline transaction, through periodic online transaction is requested.
The SDA is an authentication procedure for unchangeable data in card data associated with the IC card module. The SDA is performed to determine whether data recorded by the issuer has not been changed. After performing the SDA for the IC card module, the DDA is performed to authenticate a signature generated by the IC card module.
In the above-described procedure, where the SDA of the offline transaction data is used, the POS terminal checks processing conditions based on data of the POS terminal and the IC card module, including a condition at a time of comparing application version numbers of the POS terminal and the IC card module, determines whether a country code and an asynchronous transfer mode are available and checks a valid period, etc. at step S6.
At step S7, the POS terminal searches for a password inputted from a PIN (Personal Identification Number) to determine whether or not a user of the IC card module is an authorized.
If the password is valid, the POS terminal provides a GENERATE AC (Application Cryptogram) to the IC card module on the basis of a transaction mechanism determined by the IC card module, thereby completing the authentication procedure at step S8.
In the above-described procedure, where the SDA of the online transaction data is used, the POS terminal requests a card company to perform online processing through a VAN (Value Added Network) according to an ARQC (Authorization Request Cryptogram) such that the online authentication can be performed, at step S9.
A host computer of the card company completes the authentication procedure through three steps of an online request, an online response and an issuer authentication to determine whether the transaction must be allowed or rejected at step S10.
As described above, where an IC card module's payment process is based on the EMV, the transaction is accomplished in a state that the IC card module is in connection with the POS terminal. However, there is a problem in that a probability of a radio link disconnection is high because of the increased number of transaction processes between the IC card module and POS terminal. Similarly, if the transaction processes between the conventional IC card module and the POS terminal were applied to a mobile communication terminal such that the authentication procedure and the transaction can be accomplished through the mobile terminal, the number of transaction processes would also increase. For this reason, a user would be inconvenienced because it takes longer time from a transaction start time to a transaction end time required for completing the transaction between the mobile communication terminal and the POS terminal.