KR101660674B1 - an NFC mobile phone ID card certification system by the using of HCE function - Google Patents

an NFC mobile phone ID card certification system by the using of HCE function Download PDF

Info

Publication number
KR101660674B1
KR101660674B1 KR1020160018218A KR20160018218A KR101660674B1 KR 101660674 B1 KR101660674 B1 KR 101660674B1 KR 1020160018218 A KR1020160018218 A KR 1020160018218A KR 20160018218 A KR20160018218 A KR 20160018218A KR 101660674 B1 KR101660674 B1 KR 101660674B1
Authority
KR
South Korea
Prior art keywords
authentication
mobile phone
hce
terminal
data
Prior art date
Application number
KR1020160018218A
Other languages
Korean (ko)
Inventor
학 성 김
학 성 김
김요석
엄현덕
Original Assignee
주식회사 한국심트라
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 한국심트라 filed Critical 주식회사 한국심트라
Priority to KR1020160018218A priority Critical patent/KR101660674B1/en
Application granted granted Critical
Publication of KR101660674B1 publication Critical patent/KR101660674B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W4/003
    • H04W4/008

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to a mobile phone ID using an HCE function in which an NFC chip is applied to a mobile communication terminal (in particular, a smart phone)
In the memory of the mobile phone, an emulator system of the HCE function is provided, and the ID authentication software of the HCE function having the means of the existing smart card system is provided. Using this HCE ID authentication software, the NFC equipped terminal and the cloud server, It has a fast and stable ID authentication function without storing the ID data, so that it can be easily applied to the access control and attendance system of the university students or workers.

Description

Using NFC mobile phone ID card authentication system The NFC mobile phone ID card certification system by using the HCE function

The present invention relates to an ID card authentication system for entering or exiting an NFC-type mobile phone employing an ID card using an HCE (Host Card Emulation) method.

[Patent Document 1] Korean Patent Registration No. 10-1470747 Method and Apparatus for Implementing Door Lock System Using Portable Terminal

[Patent Document 2] Korean Unexamined Patent Publication No. 10-2011-0096011 A method of providing a credit card service using a mobile ID and a mobile terminal

[Patent Document 3] Korea Invention Registration No. 10-0926165 One-shot CALL through NFC controller. One shot SMS. Automatic Transfer Device and Method of Mobile Phone Terminal with One-shot Internet Access Function

[Patent Document 4] Korean Unexamined Patent Publication No. 10-1096175 Mobile ID Card Management System and its Mobile ID Card Management Method

[Literature 5] Korea Invention Registration Patent 10-1286482 ANF Mobile Phone Student ID Management System

[0004] The above-mentioned documents use the identification card in a mobile phone. [0005] [1] A door lock identifier is requested from a door lock to a portable terminal by using an NFC function with a portable terminal. And the like.

[Document 2] describes a method of using a mobile ID as a mobile credit card by assigning a mobile ID to the mobile phone

[Document 3] is a device that enables a user to directly access a message, a telephone, or the Internet by tagging an RFID tag using the NFC function applied to a mobile phone.

[0004] [Patent Document 4] discloses a technique of using an NFC function with an ID card mounted on a mobile phone, such as a method of comparing a user with a server for security management when issuing and authenticating a mobile ID card in a server.

[Literature 5] relates to a system for tagging an NFC terminal using ID authentication software applied to an NFC mobile phone to control entry, exit, or payment by the inventor of the present invention.

And applying the ID to the existing USIM chip is a technology applying smart card technology to the USIM chip by hardware, usually a bank and card issuer issuing a smart card and a carrier providing a USIM chip.

However, the application of smart card technology to the USIM chip at the beginning was developed several years ago and the mobile communication company tried to use the ID (identification) for the convenience of the user in the mobile phone to use it as a transportation card or a credit card. It is difficult to provide a card master key that can issue a smart card and manage a smart card as a mutual interest issue. Recently, it has been commercialized as a transportation card or a credit card function.

In addition, tagging with the NFC mobile phone filed by the present applicant has a problem in that the response speed is slow because it is required to receive a response to the NFC handset from the NFC handset in terms of entry or exit control.

Recently, the US CPI Group has launched the Mobile Wallet Platform technology that utilizes the HCE function for NFC-enabled mobile phones.

In the case of the above documents, there is a problem that the method of applying the ID to the USIM is difficult to commercialize because of the service cooperation problem with the mobile communication company.

With the rapid growth of mobile phones with NFC functions and the release of stable HCE functions, it became necessary to use mobile phone ID application technology using HCE function.

In addition, HCE function is applied only for mobile phone settlement, and it can be used for access control and attendance.

In addition, the ID card system applied to the existing mobile phone memory has a problem in that the authentication speed is slow and the service provider can secure the authentication security.

In order to solve the above problems, an object of the present invention is to create an HCE function-applied ID authentication system that replaces a USIM of a mobile phone without applying an ID.

Still another object of the present invention is to provide a method and system for issuing a mobile phone ID card using the ID authentication system and the HCE authentication program of a cloud server.

The present invention adopts the HCE function of the mobile phone and the ID authentication function using the cloud server as a technology adopted by Google for the electronic purse without applying the ID to the mobile phone USIM and storing the ID data in the mobile phone, The present invention has an effect that it can be easily applied to access control or attendance system of college students or workers using the ID authentication function.

1 is a diagram illustrating a basic configuration system of the present invention
2 is an example of the process of issuing an ID card for a mobile phone using the HCE function
FIG. 3 is an explanatory diagram of an ID authentication method for performing access control using the HCE function
FIG. 4 is a diagram illustrating an ID authentication method for performing access control using the HCE function described in a method different from FIG.
FIG. 5 is a diagram illustrating a technique for applying a Runtime variable in HCE authentication

The present invention relates to a mobile phone identification card having an NFC chip applied to a mobile phone (all mobile phones including a mobile communication terminal function and including a smart phone, a smart phone, a smart tap, etc.)

When ID authentication is applied to a mobile phone that includes existing RFID functions, ID information is placed in the USIM chip to process the authentication

In the present invention, when an ID is issued to a cloud server by using the HCE ID authentication software of the mobile phone and an ID is requested from the mobile phone equipped with the NFC Reader, the HCE ID authentication software uses the cloud server to perform the HCE method The present invention has a feature that it is possible to solve the problem that the ID information is inserted into the USIM of the existing mobile phone by applying the existing smart card function to the mobile phone by applying the ID card as the ID authentication method.

In addition, the ID software authentication using the HCE function is authorized in terms of security and stability, and thus has a useful value in the practical use of the present invention.

Figure 112016500539182-pat00001

As can be seen from Table 1, the present invention is different from the method of storing ID information in a conventional mobile phone memory or applying it to a USIM CHIP. In addition, although the US company Google has set up a HCE authentication base, it is a technology that is preparing for commercialization because it is intended to be applied to an electronic wallet. However, the application is not developed in other fields. It is an advanced invention application as a description of specific development applied by issuing an authentication key to NFC mobile phones. In addition, although the access authentication through the server using the NFC mobile phone is the same as that in the above-mentioned [1], the present invention is handled in the mobile phone which has no ID data in the NFC mobile phone and has been issued the HCE authentication key, There is a difference in authentication using only a decryption key, which is greatly advantageous from the viewpoint of security.

The following will be described in more detail with reference to the drawings.

1 is a diagram illustrating an example of a basic system configuration of the present invention, in which a user has a cell phone 100 equipped with an RFID or NFC function

A terminal 600 equipped with an NFC reader capable of NFC or RFID communication is provided,

A cloud server 800 connected to the mobile phone 100 and the wireless network 1000 is provided,

The HCE authentication key 321 issued by the cloud server 800 and the ID data 910 of the cloud server 800 using the HCE ID authentication software 320 in the memory 300 of the mobile phone 100 In the case where the HCE ID authentication software 320 having the ID authentication means is used by the mobile OS 310 to control the entrance or exit of the school,

When the user tags the terminal 600 equipped with the NFC Reader for ID authentication and the HCE ID authentication software 320 requests the ID data 910 to the cloud server 800 together with the HCE authentication key 321 The C transceiver 330 that transmits the encrypted ID data 910 to the mobile phone 100 using the S transceiver 320 generated by the cloud server 800 at one time and the one time use of the C transceiver 330 generated by the mobile phone 100 The terminal 600 transmits the ID information requested by the authentication unit 700 of the terminal 600 when the encrypted ID data 910 is decrypted and is tagged to the terminal 600 using the encrypted ID data 910, And an HCE authentication software (320) of means for performing ID authentication using the ID authentication program (1200).

That is, the C-trans-key 330 is generated at one time and is used to decrypt the encrypted ID data 910.

The C-trans-key 330 is a one-time-generated decryption key for security whenever the S-trans-key 320 generated by one-time encrypts the ID.

The HCE ID authentication software 320 requests the ID data 910 to the cloud server 800 together with the HCE authentication key 321 in such a manner that it is applied without generating the C transit key 330 of the mobile phone The terminal 600 transmits the encrypted ID data 910 to the mobile phone 100 using the S transceiver 320 generated by the cloud server 800 at one time and transmits the encrypted ID data 910 to the mobile phone 100 in response to the ID information request of the terminal 600. [ A means for decrypting the encrypted ID data 910 provided by the cloud server 800 with the E-transform key 710 generated in a one-time manner and authenticating the ID to the ID authentication program 1200 of the management server 1100 And an HCE authentication software (320). In this case, the mobile phone 100 should include a function for supporting the HCE authentication function.

That is, the E transceiver key 910 is connected to the S transceiver 320, which is generated in one time in the memory of the terminal 600, not in the mobile phone 100, and is used for decrypting the encrypted ID data 910, Is a decryption key generated.

An ID authentication program 1200 is provided in the management server 1100 connected with the terminal 700 equipped with the NFC Reader and connected to the wired or wireless network 1300 so that it can perform authentication and management.

2 is an explanatory diagram illustrating an ID card issuing process for a mobile phone using the HCE function.

That is, the mobile ID card application, that is, the HCE ID authentication software 320, is logged in and driven on the screen of the mobile phone 100. (100S)

Then, the HCE ID authentication software 320 confirms whether the cellular phone 100 supports the HCE function. (200S)

If the HCE function is not supported, the issuing operation is stopped. (300S)

Then, it issues an ID issue request to the cloud server 800. (400S)

When requesting the issuance of the ID, unique information of the mobile phone 100 is transmitted to the cloud server 800. (500S)

The cloud server 800 generates the HCE authentication key 321 using the unique information of the mobile phone 100. (600S)

The cloud server 800 transmits the generated HCE authentication key 321 to the mobile phone 100 and stores it in the mobile phone 100 to issue an ID.

When the unique ID information of the mobile phone 100 is different from that of the mobile phone 100 requesting ID issuance, the HCE ID authentication S / W (320) can not be used.

At this time, the HCE authentication key 321 is generated using the unique number IMEI received from the mobile phone 100 and the cloud Token used by the student's student number and the HCE function.

FIG. 3 is a diagram illustrating an example of a method of performing the HCE function using the mobile phone ID card issued in FIG. 2 or performing access control processing.

That is, if the NFC mobile phone 100 having the HCE ID authentication software 320 installed and the HCE authentication key 321 issued is tagged to the NFC reader installed terminal 600, the NFC reader installed terminal 600 recognizes the tagging (2000S)

Upon recognition of the tagging, the authentication unit 700 of the terminal 600 requests ID information to the cellular phone 100. (2100S)

The HCE ID authentication software 320 of the mobile phone 100 requests the ID server for the ID information service 2200S.

The cloud server 800 operates the HCE service to process the HCE authentication service for confirming the HCE authentication key 321 and the unique number of the cellular phone 100 and generating the one-time S-transit key 920. (2300S)

When the HCE authentication service is completed, the mobile terminal 100 sends the encrypted ID data 910 using the S-trans-key 920 to the mobile phone 100. (2400S)

The cellular phone 100 receives the encrypted ID data 910 (2500S); This means that the cellular phone 100 does not store the ID information in the sense that it temporarily waits before providing the cloud ID information signal to the terminal 600

The HCE ID authentication software 320 of the mobile phone 100 responds to the ID information request with the encrypted ID data 910 of the terminal 600. (2600S)

The terminal 600 also decrypts the encrypted ID data 910 sent from the cellular phone 100 by the E transceiver 710 without storing the ID information.

The authentication unit 700 of the terminal 600 requests the management server 1100 to authenticate the decrypted ID data 910 so that the ID authentication program 1200 performs ID authentication and processes the entry or exit authentication authentication service (2800S)

That is, according to the present invention, not only the ID data 910 is stored in the mobile phone 100, but the terminal 600 has only the E transceiver 710 capable of decrypting the encrypted ID data 910, And has a feature of improving the security.

4 is a diagram illustrating another method different from that of FIG. 3 in the method of performing HCE function accessing and access control processing using the mobile phone ID card issued in FIG.

That is, if the NFC mobile phone 100 having the HCE ID authentication software 320 installed and the HCE authentication key 321 issued is tagged to the NFC reader installed terminal 600, the NFC reader installed terminal 600 recognizes the tagging (2000S)

Upon recognition of the tagging, the authentication unit 700 of the terminal 600 requests ID information to the cellular phone 100. (2100S)

The HCE ID authentication software 320 of the mobile phone 100 requests the ID server for the ID information service 2200S.

The cloud server 800 operates the HCE service to process the HCE authentication service for confirming the HCE authentication key 321 and the unique number of the cellular phone 100 and generating the one-time S-transit key 920. (2300S)

When the HCE authentication service is completed, the mobile terminal 100 sends the encrypted ID data 910 using the S-trans-key 920 to the mobile phone 100. (2400S)

The cellular phone 100 receives the encrypted ID data 910 (2500S); The steps up to this step are the same as the above-mentioned method of Fig. 3, and also the ID information is not stored in the mobile phone 100

Then, when the mobile phone 100 receives the encrypted ID data 910, the HCE ID authentication software 320 generates a one-time C transit key 330. (2900S)

And decrypts the ID data 910 encrypted with the generated C trans-key 330. (3000S)

And responds to the terminal 600 with the decrypted ID data 910. (3100S)

The authentication unit 700 of the terminal 600 requests the management server 1100 to authenticate the decrypted ID data 910 so that the ID authentication program 1200 performs ID authentication and processes the access or access control authentication service . (3200S)

Likewise, FIG. 5 also shows that the present invention not only stores the ID data 910 in the mobile phone 100 but also enhances the security because the terminal 600 does not have the ID information.

Since the present invention requires receiving a response signal of the above-mentioned [5], the present invention has a further improvement in encryption as shown in Table 2 below as a technique for processing a shortcoming.

Figure 112016500539182-pat00002

5 is a system configuration diagram for applying the Runtime variable of the present invention to HCE authentication.

That is, the HCE ID authentication software 320 includes a Runtime Variable Security Module 340. The Runtime Variable Security Module 340 associates the mobile phone 100 with the terminal 600 and is connected to the cloud server 800, The source information (grade, order, name, code, etc.) of the HCE authentication software 320 has only the Tag Length Value (A) 800) and the Runtime parameter 930 included in the HCE authentication program 900 of FIG.

That is, the Runtime variable security module 340 obtains the Runtime variable 930 when decrypting the ID with the mobile phone 100, decrypts it as a key value, applies it to the ID data 910, The runtime variable 930 has the Tag length value A and if this information is not correct, it becomes the wrong ID data 910 and responds to the terminal 600 or the HCE ID authentication S / W 320, The security processing is performed so that communication with the terminal 600 can not be performed.

Generally, an application program of a portable device such as a smart phone is disclosed when a hack is made. The runtime variable security module 340 of the present invention is a complement to that of the HCE ID authentication software 320, The present invention has a feature of a double security effect because it does not have the ID data 910 and thus does not know the source data and is not authenticated unless it is applied to the Runtime variable 930. [

100 mobile phone 200 display window
300 mobile phone memory
310 Mobile OS
320 HCE Certification Software 321 HCE Issuer Key
330 C transceiver
340 Runtime Variable Security Module
400 NFC CHIP
500 mobile antennas
Terminal equipped with 600 NFC Reader
700 Certification Department 710 E Trans-key
800 cloud server
900 HCE Certification Program 910 ID Data
920 S Transcursor 930 Runtime Variable
1000 Wireless Network
1100 management server
1200 ID Certification Program 1300 wired or wireless network

Claims (5)

A mobile phone 100 equipped with an NFC function;
A terminal 600 equipped with an NFC reader capable of NFC communication; And
A cloud server 800 connected to the mobile phone 100 and the network 1000; It is provided
In performing ID authentication related to entrance or exit control to the mobile phone 100 to which the HCE authentication key 321 issued from the cloud server 800 is applied,
When the user tags the mobile phone 100 to the terminal 600 equipped with the NFC Reader, the HCE ID authentication software 320 transmits the ID data encrypted with the S transverse key 920 generated in the one-time use in the cloud server 800 And the authentication unit 700 provides the encrypted ID data 910 to the authentication unit 700 of the terminal 600 equipped with the NFC Reader and the authentication unit 700 encrypts the encrypted ID data 910 with the S- And a means for decrypting the decrypted E-trance key 710 to the management server 1100 to perform ID authentication.
A mobile phone 100 equipped with an NFC function;
A terminal 600 equipped with an NFC reader capable of NFC communication; And
A cloud server 800 connected to the cellular phone network 1000; It is provided
In performing ID authentication related to entrance or exit control to the mobile phone 100 to which the HCE authentication key 321 issued from the cloud server 800 is applied,
When the user tags the mobile phone 100 to the terminal 600 equipped with the NFC Reader, the HCE ID authentication software 320 of the mobile phone 100 transmits the S transpose key 920 And decrypts the encrypted ID data 910 into the disposable C transcipher 330 generated by encrypting the encrypted ID data 910 with the S transcryptor 920 in the mobile phone 100 so as to authenticate the terminal 600 equipped with the NFC reader And the authentication unit 700 provides the ID data 910 to the management server 1100 so as to perform the ID authentication.
3. The method of claim 1 or 2, wherein the HCE ID authentication software (320) obtains the Runtime parameter (930) of the cloud server (800) when authenticating the HCE function use ID of the mobile phone (100) And a runtime variable security module 340 that allows the ID authentication to proceed by applying it as a variable value. delete delete
KR1020160018218A 2016-02-17 2016-02-17 an NFC mobile phone ID card certification system by the using of HCE function KR101660674B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160018218A KR101660674B1 (en) 2016-02-17 2016-02-17 an NFC mobile phone ID card certification system by the using of HCE function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160018218A KR101660674B1 (en) 2016-02-17 2016-02-17 an NFC mobile phone ID card certification system by the using of HCE function

Publications (1)

Publication Number Publication Date
KR101660674B1 true KR101660674B1 (en) 2016-10-11

Family

ID=57161802

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160018218A KR101660674B1 (en) 2016-02-17 2016-02-17 an NFC mobile phone ID card certification system by the using of HCE function

Country Status (1)

Country Link
KR (1) KR101660674B1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106657673A (en) * 2017-01-19 2017-05-10 上海数果科技有限公司 Intelligent control mobile terminal based on NFC and control system
WO2018124856A1 (en) * 2016-12-30 2018-07-05 주식회사 코인플러그 Method and terminal for authenticating user by utilizing mobile id by means of blockchain database, and server utilizing method and terminal
CN108805539A (en) * 2018-02-09 2018-11-13 深圳市微付充科技有限公司 A kind of method of payment, mobile device and storage device that Intrusion Detection based on host snap gauge is quasi-
KR20190120537A (en) 2018-04-16 2019-10-24 주식회사 그루크리에이티브랩 Convertible card device
CN112749385A (en) * 2021-01-19 2021-05-04 张友平 NFC equipment security authentication system suitable for HCE mode

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101286482B1 (en) * 2012-08-03 2013-07-17 주식회사 한국심트라 An nfc mobile phone id card management system for students

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101286482B1 (en) * 2012-08-03 2013-07-17 주식회사 한국심트라 An nfc mobile phone id card management system for students

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Smart Card Alliance, "Host Card Emulation(HCE)", (2015.06.18.)* *
Smart Card Alliance,"Host Card Emulation(HCE) 101" - White Paper, (2014.08)* *
Smart Card Alliance,"NFC Non-Payments Use Cases", (2015.12) *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018124856A1 (en) * 2016-12-30 2018-07-05 주식회사 코인플러그 Method and terminal for authenticating user by utilizing mobile id by means of blockchain database, and server utilizing method and terminal
CN106657673A (en) * 2017-01-19 2017-05-10 上海数果科技有限公司 Intelligent control mobile terminal based on NFC and control system
CN108805539A (en) * 2018-02-09 2018-11-13 深圳市微付充科技有限公司 A kind of method of payment, mobile device and storage device that Intrusion Detection based on host snap gauge is quasi-
KR20190120537A (en) 2018-04-16 2019-10-24 주식회사 그루크리에이티브랩 Convertible card device
CN112749385A (en) * 2021-01-19 2021-05-04 张友平 NFC equipment security authentication system suitable for HCE mode

Similar Documents

Publication Publication Date Title
US11172365B2 (en) Method, system, and device for generating, storing, using, and validating NFC tags and data
EP3280090B1 (en) User authentication method and device
KR101660674B1 (en) an NFC mobile phone ID card certification system by the using of HCE function
US10728244B2 (en) Method and system for credential management
US9740847B2 (en) Method and system for authenticating a user by means of an application
CN103259667B (en) The method and system of eID authentication on mobile terminal
US9542630B2 (en) Method of securely reading data from a transponder
US20190251561A1 (en) Verifying an association between a communication device and a user
US11039293B2 (en) Method and devices for transmitting a secured data package to a communication device
US9734091B2 (en) Remote load and update card emulation support
CN103873231A (en) Authentication server, mobile terminal and method for issuing radio frequency card key using authentication server and mobile terminal
CN105850155B (en) System and method for managing application data for contactless card applications
CN110290134A (en) A kind of identity identifying method, device, storage medium and processor
CN108734005B (en) Security/identity authentication method, mobile equipment and storage device
KR101240231B1 (en) A mobile phone id card security system
US11263302B2 (en) Transaction system
GB2495494A (en) Identity verification
US11449858B2 (en) Management, authentication and activation of a data carrier
KR20110035759A (en) Method and system for issuing of mobile application
KR101632541B1 (en) Method for Service File Security Using Universal Subscriber Identity Module
KR20160046655A (en) Apparatus and method for user authentication using subscriber identification module
US20230100465A1 (en) User authenitication system using physical card, and method thereof
KR101610937B1 (en) Data Communucation Method among Mobile Terminal and OTP Generator and Keylock during Process of Certifying Password of OTP Generator and Keylock Module
CN115578175A (en) Flexible and extensible credit card opening method and system
CN118095317A (en) Article information management method, system and control device

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20190715

Year of fee payment: 4