KR20110001475A - Method and system for the right of using service via network and portable memory unit therefor - Google Patents

Method and system for the right of using service via network and portable memory unit therefor Download PDF

Info

Publication number
KR20110001475A
KR20110001475A KR1020090059023A KR20090059023A KR20110001475A KR 20110001475 A KR20110001475 A KR 20110001475A KR 1020090059023 A KR1020090059023 A KR 1020090059023A KR 20090059023 A KR20090059023 A KR 20090059023A KR 20110001475 A KR20110001475 A KR 20110001475A
Authority
KR
South Korea
Prior art keywords
user
service
information
portable storage
storage device
Prior art date
Application number
KR1020090059023A
Other languages
Korean (ko)
Inventor
김춘길
신정철
홍재홍
Original Assignee
주식회사 퍼스트포켓
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 퍼스트포켓 filed Critical 주식회사 퍼스트포켓
Priority to KR1020090059023A priority Critical patent/KR20110001475A/en
Publication of KR20110001475A publication Critical patent/KR20110001475A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a method and system for managing service rights on a network and a portable storage device therefor.

The present invention provides a service to a user by using a service right management system comprising a portable storage device, a service right management server, a user terminal and a service server, and a payment server, and uses the service to the user by using user information. By empowering users, users can store and carry user information in highly secure portable storage devices, and connect the portable storage devices to various user terminals connected to wired and wireless Internet to perform user authentication anytime, anywhere, and then perform services. It is convenient to use.

Description

Method and System for the Right of Using Service via Network and Portable Memory Unit Therefor}

The present invention relates to a method and system for managing service rights on a network and a portable storage device therefor. More particularly, the present invention relates to a method and system for performing authentication for an online service using user information, granting and managing a right to use the online service, and a portable storage device therefor.

Recently, as various wired and wireless internets are activated, user terminals supporting them are increasing. In particular, high-quality mass data communication is being activated as navigation, IPTV, and smart phones are activated, as well as existing PCs, mobile phones, and PDAs. Users are using services using various channels and user terminals, and accordingly, service / content management and provision capabilities of wired / wireless telecommunications companies and manufacturers of user terminals that provide services and contents become increasingly important.

In order to use a specific service and content in various channels and user terminals, the user's authority management is particularly important, and the authority management of a service grants the use of the service access itself, and confirms the use right after confirming the payment of a specific paid service. And the like. In more detail, after authenticating a user using an authentication medium and an authentication means, a service access right or a service use right is granted. However, as the use of the Internet online service increases, the problem of using the online service in a malicious way by stealing another user's name and authenticating the user is emerging. In particular, minors who are under 14 years old are illegally joining game sites or other adult sites through poor user authentication procedures, and social problems are caused by joining online portal sites in the names of others. Severe damages are often incurred, such as corrupting or conducting financial settlements in the names of others.

In order to solve this problem, currently provided online services provide services after authenticating users in various ways such as user authentication using a public certificate or user authentication using a mobile phone. However, such a conventional user authentication method requires a variety of authentication information and authentication media to identify a user, and thus has low convenience and portability. Even if a user purchases the same content for a fee on a PC, a mobile phone or IPTV is required. If the user terminal is changed due to such a problem, there is a problem that it is difficult to grant the use authority of the service by checking and authenticating the user's authority.

In order to solve the above-mentioned problems, the present invention has a main object to provide a service for authenticating a user using user information, thereby granting and managing a service access and use authority on a network.

In order to achieve the above object, the present invention provides a portable storage device for storing user information of a user; A service authority management server for storing and managing user authentication information and payment information received from a payment server in association; A user terminal that receives and transmits user information from the portable storage device when the user information is requested; A payment server that processes payment for the cost of using and accessing the service and stores and manages payment information according to the processed result; And requesting user information from the user terminal to receive user information from the user terminal, and transmitting user information to the service rights management server, requesting user authentication information and payment information for the user, and receiving the service information from the service rights management server. And a service server for authenticating a user by using the user information received from the service authority and the user authentication information and payment information received from the service authority management server, and then granting access and use rights to the service. to provide.

In addition, according to another object of the present invention, a communication device for performing communication with an external device; And a flash memory including a program area storing an electronic wallet program for authenticating a user and a data area storing various data including user information of the user, an encryption processor for encrypting user information, and data for managing various data. It provides a portable storage device for a user authentication service comprising a processor, a communication processor for performing communication with an external device using a communication device, and a smart card including a controller for controlling overall operations.

In addition, according to another object of the present invention, the user information receiving step of receiving a user information stored in the portable storage device from the user terminal by requesting the user information from the user terminal to the user terminal connected to the portable storage device for storing the user information ; Receiving, by the service server, requesting and receiving user authentication information and payment information for the user identified by the user information to the service rights management server; And the service server authenticates the user using the user information received from the user terminal and the user authentication information and payment information received from the service authority management server, and provides a service requiring user authentication using the user authentication result and payment information. It provides a service rights management method comprising the step of providing a service to determine whether or not.

In addition, according to another object of the present invention, the user information receiving step of receiving a user information stored in the portable storage device from the user terminal by requesting the user information from the user terminal to the user terminal connected to the portable storage device for storing the user information ; A user authentication request step of requesting authentication of the user by the service server transferring user information transmitted from the user terminal to the service rights management server; A service provision determination step of determining, by the service right management server, user authentication and service provision by using user information transmitted from a user terminal, previously stored user authentication information, and payment information, and transmitting a service provision result to a service server; And a service providing step of providing, by the service server, a service requiring user authentication according to a result of whether the service is provided.

As described above, according to the present invention, a user may store and carry user information in a portable security device having excellent security, and provide a service after performing user authentication anytime and anywhere regardless of the type of communication network and user terminal. I can receive it.

Hereinafter, some embodiments of the present invention will be described in detail through exemplary drawings. In adding reference numerals to the components of each drawing, it should be noted that the same reference numerals are assigned to the same components as much as possible even though they are shown in different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

In addition, in describing the component of this invention, terms, such as 1st, 2nd, A, B, (a), (b), can be used. These terms are only for distinguishing the components from other components, and the nature, order or order of the components are not limited by the terms. If a component is described as being "connected", "coupled" or "connected" to another component, that component may be directly connected or connected to that other component, but between components It will be understood that may be "connected", "coupled" or "connected".

In the embodiment of the present invention, the user information refers to information for identifying a user who uses a portable storage device, a user terminal, or the like for using a service requiring user authentication. For example, a user's name, social security number, and address. , Personal information such as occupation, gender, credit rating, personal information, personal credit information, and the like. A service requiring user authentication refers to a service provided to a user only when authentication or verification of a user who uses the service for the protection of personal information or for the public benefit is performed. For example, a user who registers or logs in at a portal site, etc. It may be a service such as a portal service provided only afterwards or a public service or financial transaction service provided only after a member registration, login, or user verification is completed at a site operated by a public institution or a financial institution. In addition, a service requiring user authentication refers to a service that is authorized to access and use a service depending on whether the service is charged. For example, the service is only available after the payment of the HSDPA service or the payment of the service itself. Paid content available.

1 is a block diagram schematically illustrating a service right management system according to an embodiment of the present invention.

The service right management management system 100 according to an embodiment of the present invention is a portable storage device 110, a user terminal 120, a service server 130, a service right management server 140, payment server 150 It can be configured to include.

The portable storage device 110 stores user information of a user and transmits the user information to the user terminal 120 when the user information is requested from the user terminal 120 in connection with the user terminal 120. The portable storage device 110 may be implemented to be portable so that a user can easily carry and use the stored information by freely connecting to a computer provided at home, work, public institutions, financial institutions, etc., and an external storage medium such as a flash memory. It may be implemented as a portable storage medium such as an electronic wallet device having an IC or an IC card having an integrated circuit (IC) chip, and has a communication function to perform communication by being connected to an external device such as a user terminal 120 or the like. can do.

In addition, the portable storage device 110 may store device-specific information of the portable storage device 110. When the device-specific information is requested from the user terminal 120 together with the user information, the portable storage device 110 may store the device-specific information together with the user information. It may transmit to the terminal 120. Such device-specific information may be transferred to the service server 130 by the user terminal 120 and used to authenticate the user in the service server 130. In addition, the device-specific information is information that is given when issuing the portable storage device 110, such as a model name, model number, manufacturing serial number, identification number of the portable storage device 110 (for example, electronic wallet identification number (WIN) : Wallet Identification Number)) may be encrypted by the issuer that issues the portable storage device 110 and stored in the portable storage device 110, and may be a server or service server of a service authority management server or an issuer. ) Can be stored together.

In addition, the portable storage device 110 may include a smart card with a built-in flash memory, but is not necessarily limited thereto and may include a flash memory and a smart card independently.

In addition, when the portable storage device 110 receives user information from the user terminal 120, the portable storage device 110 may authenticate the user using the user terminal 120 and then transmit the user information to the user terminal 120. That is, when user information is requested as information for user authentication from the user terminal 120, information for authenticating a user using an input / output interface such as a touch screen, a liquid crystal screen, a monitor, a keyboard, and a mouse of the user terminal 120. By inputting and comparing the stored information with the previously stored information, the user information can be transmitted to the user terminal 120 only when authentication is successful. To this end, the portable storage device 110 may store screen data for authenticating a user using the user terminal 120 and provide the same to the user terminal 120.

The user terminal 120 receives user information from the connected portable storage device 110 when the user information is requested from the service server 130 by accessing the service server 130 using the wired or wireless Internet according to a user's operation. Transfer to the service server 130. In this case, the user terminal 120 may request a service requiring user authentication from the service server 130 as needed and receive user authentication information from the service server 130 accordingly, but separately from the service server 130. The user information may be requested from the service server 130 without a procedure for requesting a service of the.

In addition, when the user terminal 120 receives user information from the service server 130, the user terminal 120 may further receive device-specific information together with the user information from the portable storage device 110, in which case, the service server 130 may be received. As the user authentication information, device-specific information may be additionally delivered together with the user information.

The user terminal 120 may be a personal computer (PC), a notebook computer, a personal digital assistant (PDA), a portable multimedia player (PMP), or a PlayStation Portable (PSP). Information communication computers such as mobile phones, mobile communication terminals, card payment terminals, electronic cash registers, set-top boxes, cash dispensers, and ATMs. It may be a device such as an automated teller machine, a financial storage device such as a utility bill acceptor, and a communication device such as a communication modem for performing communication with various devices or wired / wireless communication networks, and services requiring user authentication and financial transaction service and user authentication. Memory for storing various programs and data for execution, and executing programs Means a variety of devices including a microprocessor for operation and control.

The service server 130 requests user information from the user terminal 120 to receive the user information from the user terminal 120, and transmits the user information to the service authority management server 140 to request user authentication information and payment information. And receiving from the service right management server 140, authenticating a user using the user information received from the user terminal 120 and the user authentication information and payment information received from the service right management server 140, and accessing the service. / Determine usage rights. The service server 130 may be implemented as a general network server, and may include a database that stores service information on a service requiring user authentication and various information for providing a service.

In addition, the service server 130 may receive the device-specific information together with the user information as the user authentication information from the user terminal 120, in this case using the user information transmitted from the user terminal 120 performs user authentication In addition, the device-specific information may be used to additionally authenticate the user. When additionally authenticating the user using the device specific information, the service server 130 compares the device specific information transmitted from the user terminal 120 with the device specific information previously stored for the user identified by the user information. By determining whether or not, the user can be authenticated.

In addition, the service server 130 compares the user information received from the user terminal 120 and the user authentication information and payment information received from the service rights management server 140 to match whether or not the user authentication and service provision It determines whether it succeeds or fails, and when the user authentication and service provision are successful, the service requested from the user terminal 120 may be processed and the processing result may be transmitted to the user terminal 120.

The service authority management server 140 stores and manages user authentication information in association with payment information for a specific service. The service right management server 140 may be implemented as a conventional network server that exists independently, but is not limited thereto, and may also be implemented as a component or a program module included in the service server 130. The service right management server 140 receives and stores payment information associated with user authentication information from a payment server.

The payment server 150 processes payment for the service by the user terminal 120 or other means and transmits the payment result to the service right management server 140. The payment server 150 may be implemented as a conventional network server that exists independently, but is not limited thereto, and components provided in the service server 130 or the service right management server 140 or the user terminal 120. It could also be implemented as a program module.

2 is a block diagram schematically illustrating a portable storage device according to an embodiment of the present invention.

The portable storage device 110 according to an embodiment of the present invention includes a program area 230 for storing an electronic wallet program 240 for authenticating a user and a data area for storing various data including user information of a user ( External memory such as a flash memory 220 including a 260, an encryption processor 280 for encrypting user information, a data processor 282 for managing various data, a user terminal 120, etc., using a communication unit 292. And a smart card 210 including a communication processor 284 for communicating with a device and a controller 290 for performing overall control, and a communicator 292 for communicating with an external device. have.

Hereinafter, although the flash memory 220 is shown and described as being embedded in the smart card, the flash memory 220 is not necessarily embedded in the smart card. In this case, the portable storage device 110 may include a smart card, a flash memory, and a communicator. The smart card does not have a built-in flash memory, but has a built-in memory, and the flash memory is configured independently of the smart card. Is connected with the smart card. That is, when the flash memory 220 is not embedded in the smart card 210, the portable storage device 110 may use an encryption processor for encrypting user information, a data processor for managing various data, and a communicator. A smart card including a communication processor for performing communication and a controller for overall control, a program area for storing an electronic wallet program for authenticating a user, and a data area for storing various data including user information of the user. It may be configured to include a flash memory and a communicator for performing communication with the external device. The internal memory embedded in the smart card may store security related information such as a public certificate, user information, device specific information, basic financial information, and the like, and when the security related information is stored in the internal memory of the smart card, They may not be stored in flash memory.

Here, the smart card refers to a device that stores data or information and transmits the stored data or information to an external device through communication, or receives and stores data or information from an external device, and is not necessarily limited to a smart card. It may be implemented as a memory or a storage medium having a function.

In addition, the electronic wallet program 240 recognizes a computing environment of an external device such as the user terminal 120 connected using the communicator 292 or provides the portable storage device 110 to an external device such as the user terminal 120. Recognizing and receiving user information from an external device such as the basic module 242 and the user terminal 120 for authenticating a user, the user authentication processing module 254 for transmitting the user information to an external device such as the user terminal 120. It may be configured to include).

Here, when the user authentication processing module 254 receives user information from an external device such as the user terminal 120, the user authentication processing module 254 may control the basic module 242 to authenticate the user using the external device.

In addition, the electronic wallet program 240 is connected to a service server 130 such as a portal service server that operates a portal site, a financial transaction server operated by various financial institutions, or a public institution, through the user terminal 120, and flash memory. By using the various information stored in the data area 260 of 220, the same portal service provided by a plurality of portal sites or similar services such as the same financial service provided by a plurality of financial institutions according to a user's command The same screens and input procedures should be used. To this end, the communication with the service server 130 may use not only the existing Hyper Text Transfer Protocol (HTTP) method but also XML (eXtended Mark-up Language) or a newly defined standard full text.

In addition, the electronic wallet program 240 may use a control object for moving screens, icons, and menus for the user interface of the user terminal 120 from the data area 260 of the flash memory 220. have. Accordingly, the portable storage device 110 automatically or manually recognizes the connection to the user terminal 120 using the electronic wallet program 240, and accesses a wired / wireless communication network such as the Internet, such as a portal service or a financial transaction service. A control element for moving a screen or menu for processing a service requiring user authentication or inquiring about stored information may be read from the data area 260.

To this end, the electronic wallet program 240 is the electronic wallet management module 244 to automatically check and update the version of the program, smart card management module 246 to control the operation of the smart card 210, flash memory 220 Data processing module 248 that stores, inquires, and deletes various data stored in the data area 260 of a user), and aggregates personal information or financial information of users scattered in multiple portal sites or scattered in multiple financial institutions. The integrated financial management module 250 and the portable storage device 110 that provide various analysis such as statistical information such as usage frequency, amount, service type, etc. for each financial institution are outputted to various external sources such as the user terminal 120. When you connect to your device and use a variety of financial services to users, such as banking, stock trading, money trading, e-commerce and payment, Connected to the server, the user terminal 120 requests the financial transaction service to the financial transaction server using the financial transaction service information, and receives the processing result of processing the financial transaction service from the financial transaction server through the user terminal 120 It may further include one or more of the financial transaction processing module 252 for updating the financial transaction service information.

In the data area 260 of the flash memory unit 220, the portable storage device 110 is connected to the user terminal 120 to screen data for authenticating a user and to a financial transaction server through the user terminal 120. In the case of providing a financial service, various screen data 262 required for each financial transaction service, financial transaction data 264 such as financial transaction history, processing results and usage history logs, information for identifying various computer devices, and each Computer device-specific data 266 such as input / output device information of the computer device and user setting data 268 such as personal preference information and various user-defined contents, portable storage device 110 such as an electronic wallet identification number and a personal identification number, and And / or authentication data 270 for authenticating the user. In addition, in the flash memory unit 220, the remaining area (memory) other than the program area 230 and the data area 260 may store various data (document, image / music / video file, etc.) for the user's convenience. .

Such a portable storage device 110 is implemented like a general USB memory stick or credit card, so that anyone can easily and conveniently carry it, and can be mounted on most computers equipped with a USB port to communicate with a computer through a USB interface. Can be implemented. Therefore, the communicator 292 is preferably implemented in the form of a USB terminal supporting a USB interface, but is not necessarily limited thereto, and various wired / wireless communication devices capable of performing communication with the user terminal 120, for example, It may be implemented as a serial port and a parallel communication port of a computer, or may be implemented as a short range wireless communication function such as Bluetooth, Zigbee, or the like.

In addition, as described above, the flash memory 220 includes a program area 230 and a data area 260. When the user terminal 120 is connected to the portable storage device 110, the portable storage device ( The flash memory 220 of the 110 may be recognized as an external disk that is an auxiliary memory. The flash memory 220 may store device unique information such as an electronic wallet identification number for identifying the portable storage device 110 and user information such as a personal identification number (PIN) for identifying a user. The unique information and the user information may be input and encrypted and stored only when the user visits an issuing institution such as a public institution or a financial institution for the first time to register or issue the portable storage device 110. If the flash memory 220 is not embedded in the smart card 210, the flash memory 220 may be encrypted and stored in the internal memory of the smart card 210.

Here, the electronic wallet identification number is an identification number for authenticating the portable storage device 110, and the service server 130 or other portable storage device when the user performs a service requiring user authentication, such as a portal service or a financial transaction service. The electronic device may be used to authenticate the portable storage device 110 by comparing with the electronic wallet identification number registered and stored in the server managing the 110. In addition, the personal identification number is used when the user connects the portable storage device 110 to the user terminal 120 or the user requests a service requiring user authentication to the service server 130 using the user terminal 120. When authenticating a user, the user using the portable storage device 110 may be used to authenticate whether the user is a legitimate user.

The portable storage device 110 accesses a server operated by various financial institutions, financial service agencies, and public institutions to receive the services provided by the server, and includes account information, card information, user certificates, and biometrics. Information and various passwords can be stored. Such information may be registered by being stored in the flash memory 220 or the internal memory of the smart card 210, and in this case, the electronic wallet program 240 accesses the corresponding server using the stored information or performs a sequential financial transaction service. Various services can be handled automatically or manually.

3 is a flowchart illustrating a service authority management method according to an embodiment of the present invention.

The user visits a public institution, a financial institution, an electronic wallet issuing agency, or the like, requests for issuance of a portable storage device (S302), and after user authentication (S304), a user is issued a portable storage device in which user information is stored (S306). In the above method of user authentication, face-to-face authentication, ID card submission or biometric authentication, and the like, since such a method is widely known, a detailed description thereof will be omitted. The unique number and user information of the issued portable storage device are transmitted to the service right management server, so that the service rights management server 140 can store the device unique number for the user identified by the user information (that is, the user information and And store the device unique number in association with each other.

Through this process, user information may be stored in the portable storage device 110, and the user may receive a service requiring user authentication after performing user authentication using the user information stored in the portable storage device 110. have.

To this end, when the user connects the portable storage device 110 to the user terminal 120 (S310) and operates the user terminal 120 to access the service server 130 through the wired or wireless Internet, the user terminal 120 Requests a service requiring user authentication to the service server 130 according to the user's operation (S312). Here, the service requiring user authentication may be a direct service such as a search service or a financial transaction service, but may be a request such as membership registration or login required before requesting a direct service.

The service server 130, which has received a service request from the user terminal 120, authenticates whether the user who uses the user terminal 120 is a user who receives the service and whether the user has access / use authority of the corresponding service. In step S314, user authentication information is requested.

Meanwhile, in steps S312 and S314, when the user terminal 120 requests a service requiring user authentication from the service server 130, the service server 130 requests user authentication information from the user terminal 120. As described above, even when the user terminal 120 does not request a service requiring user authentication from the service server 130, the service server 130 may request user authentication information from the user terminal 120. That is, the service server 130 may request user authentication information from the user terminal 120 as necessary regardless of the service request of the user terminal 120.

The user terminal 120 that has received the user authentication information from the service server 130 requests the user information from the connected portable storage device 110 (S316), and the portable storage device 110 stores the user information of the user. Read and transmit to the user terminal 120 (S318).

Meanwhile, although the portable storage device 110 and the user terminal 120 have been shown and described as being already connected in step S310, the portable storage device 110 does not necessarily need to be connected to the user terminal 120 in step S310, and the user does not have to. When the terminal 120 receives the user authentication information from the service server 130, the terminal 120 may allow the user to connect the portable storage device 110 to the user terminal 120. That is, the portable storage device 110 may be connected to the user terminal 120 before step S316.

In addition, when the service server 130 requests user authentication information to the user terminal 120 in operation S316, the service server 130 may select one of a plurality of user authentication methods, wherein the plurality of user authentication methods are known. It may be a variety of user authentication methods performed online, for example, a user authentication method using a public certificate, a user authentication method using a mobile phone, a user authentication method using a credit card or a telephone.

In addition, in operation S316, the user terminal 120 may further request device specific information while requesting user authentication information from the portable storage device 110. In this case, in operation S318, the portable storage device 110 may store the device. The device specific information may be transmitted to the user terminal 120 together with the user authentication information.

The user terminal 120 receiving the user information of the user transmits the user information to the service server 130 as a response to the user authentication information request (S320), and the service server 130 received from the user terminal 120 In order to perform user authentication using the user information, request the user authentication information and payment information to the service rights management server 140 (S322), the service rights management server 140 retrieves the stored data to request the requested user authentication. The information and the payment information are transmitted to the service server 130 (S324).

Thereafter, the service server 130 determines whether to provide authentication and service for the user by using the user information received from the user terminal 120 and the user authentication information and payment information received from the service authority management server 140 ( S326). In this case, the service server 130 may perform user authentication by comparing whether the user information received from the user terminal 120 and the user information and payment information received from the service rights management server 140 match. In addition, according to payment information, whether to provide a service or not or not may be determined, and a user authentication result and whether to provide a service may be transmitted to the user terminal 120.

In addition, the service server 130 may release encryption on the user information received from the user terminal 120 and the user authentication information received from the service rights management server 140. That is, since the user information and the user authentication information received by the service server 130 from the user terminal 120 and the service right management server 140 are respectively encrypted by the user terminal 120 and the service right management server 140. In this case, the user can be authenticated by decrypting and comparing each other. However, when performing the authentication of the user, the service server 130 does not necessarily need to release the encryption of the user information to confirm the match, and to protect the personal information and prevent hacking, the user information in the encrypted state. It may be more desirable to authenticate the real name of the user by checking the match of.

In addition, in operation S318, when the user terminal 120 receives device specific information together with user information from the portable storage device 110, in operation S320, the user terminal 120 may provide device specific information as well as user information. In operation S326, the service server 130 may not only authenticate the user by using the user information but also additionally authenticate the user by using the device-specific information. In this case, the service server 130 may authenticate the user by comparing the device-specific information previously stored and the device-specific information transmitted from the user terminal 120 to determine a match.

1 and 3, when the service server 130 receives the user information from the user terminal 120 (S320), and requests the user information for the user to the service rights management server 140 (S322), Receiving the user information and payment information for the user from the service rights management server 140 (S324), but it is described as to determine whether to provide the user authentication and service (S326), but the service server 130 must be so It is not necessary to be the subject of the authentication and the determination of whether to provide the service, and the service authority management server 140 may be the subject of the user authentication and the determination of whether to provide the service or not.

That is, when the service server 130 receives the user information from the user terminal 120 as in step S320, the service server 130 delivers the user information transmitted from the user terminal 120 to the service rights management server 140. While requesting user authentication and service provision, the service rights management server 140 compares the user information transmitted from the service server 140 with previously stored user authentication information of the user identified by the user information. The user may authenticate the user, and additionally determine whether to provide a service according to the payment information identified by the user information, and transmit the user authentication result and whether the service is provided to the service server 130, and the service server 130 may manage service rights. User authentication is required based on the result of user authentication and service provided from server 140. A service that can determine whether to provide a user terminal 120.

As described above, according to the service authority management system and method according to an embodiment of the present invention, since the user can easily carry the user information for user authentication to the portable storage device 110, the user anytime anywhere Not only can the user be provided with a service that requires user authentication through authentication, but the service can be conveniently used in various terminals according to payment information. In addition, the portable storage device according to an embodiment of the present invention can recognize a corresponding user terminal and provide an interface for a user authentication service or a financial transaction service to a computer when connected to various user terminals, thereby enhancing user convenience. Not only can be used, it can be utilized without significantly modifying or supplementing the existing system, such as the user terminal 120. In addition, the portable storage device 110 according to an embodiment of the present invention may further perform authentication on the device itself and authentication of a user who owns the device through device-specific information. Since it is excellent, the reliability of user authentication can be ensured higher.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments. In other words, within the scope of the present invention, all of the components may be selectively operated in combination with one or more. In addition, although all of the components may be implemented in one independent hardware, each or all of the components may be selectively combined to perform some or all functions combined in one or a plurality of hardware. It may be implemented as a computer program having a. Codes and code segments constituting the computer program may be easily inferred by those skilled in the art. Such a computer program may be stored in a computer readable storage medium and read and executed by a computer, thereby implementing embodiments of the present invention. The storage medium of the computer program may include a magnetic recording medium, an optical recording medium, a carrier wave medium, and the like.

In addition, the terms "comprise", "comprise" or "having" described above mean that the corresponding component may be included unless otherwise stated, and thus, excludes other components. It should be construed that it may further include other components. All terms, including technical and scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. Terms used generally, such as terms defined in a dictionary, should be interpreted to coincide with the contextual meaning of the related art, and shall not be interpreted in an ideal or excessively formal sense unless explicitly defined in the present invention.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.

1 is a block diagram schematically illustrating a service right management system according to an embodiment of the present invention;

2 is a block diagram schematically illustrating a portable storage device according to an embodiment of the present invention;

3 is a flowchart illustrating a service authority management method according to an embodiment of the present invention.

<Description of Symbols for Main Parts of Drawings>

110: portable storage device 120: user terminal

130: service server 140: service rights management system

150: payment server

Claims (11)

A portable storage device for storing user information of a user; A payment server that processes payment for the cost of using and accessing the service and stores and manages payment information according to the processed result; A service authority management server that receives the payment information from the payment server, stores and manages the user information and the payment information in association; A user terminal that receives and transmits the user information from the portable storage device when the user authentication information is requested; And Request the user authentication information from the user terminal to receive the user information from the user terminal, request the user authentication information by transmitting the user information to the service right management server, and request the user authentication information from the service right management server. And receive payment information, authenticate the user by using the user information received from the user terminal and the user authentication information and payment information received from the service right management server, and determine whether to provide a service requiring user authentication. Service server Service rights management system on a network comprising a. The portable storage device of claim 1, wherein the portable storage device comprises: An IC chip or an electronic wallet device, wherein the electronic wallet device includes a smart card incorporating a flash memory. The portable storage device of claim 1, wherein the portable storage device comprises: And when the user information is requested from the user terminal, transmitting the user information to the user terminal. The portable storage device of claim 1, wherein the portable storage device comprises: And when the user information is requested from the user terminal, authenticating the user using the user terminal. The method of claim 1, The portable storage device further stores device specific information, and the user terminal additionally transmits the device specific information to the service server when the user information is requested from the service server, and the service server further transmits the device specific information. And authenticating the user further using the pre-stored device unique number and the pre-stored device unique number. A communicator for communicating with an external device; And A flash memory including a program area storing an electronic wallet program for authenticating a user and a data area storing various data including user information of the user, an encryption processor for encrypting the user information, and managing the various data. And a smart card including a data processor, a communication processor for performing communication with the external device using the communicator, and a controller for controlling overall operations. The electronic wallet program of claim 6, A basic module for recognizing a computing environment of an external device connected using the communicator or recognizing the portable storage device to the external device, and authenticating the user; A biometric management module which transmits screen data to the external device when the external device is connected, and encrypts and stores the screen data in the flash memory when the user information is received from the external device; And A user authentication processing module which transmits the user information to the external device when the user information is requested from the external device Portable storage device for service rights management on the network comprising a. The method of claim 7, wherein the user authentication processing module, And when the user information is requested from the external device, control the basic module to authenticate the user by using the external device. A user information receiving step of requesting user authentication information from a user terminal connected to a portable storage device storing user information by a service server and receiving the user information stored in the portable storage device from the user terminal; Receiving, by the service server, a service authorization management server requesting and receiving user authentication information identified by the user information and payment information managed in association with the user authentication information; And A service providing determination step of authenticating the user by using the user information received from the user terminal and the user authentication information and payment information received from the service authority management server server and determining whether to provide a service; Service rights management method on the network comprising a. The method of claim 9, wherein the receiving of the user information comprises: And when the user terminal requests the user information from the portable storage device, the portable storage device authenticates the user using the user terminal. Receiving user authentication information by a service server requesting user information from a user terminal connected to a portable storage device storing user information and receiving the user information stored in the portable storage device from the user terminal; A service providing request step of transmitting, by the service server, user information transmitted from the user terminal to a service rights management server, requesting user authentication identified by the user and determination of whether to provide a service; The service right management server authenticates the user and determines whether to provide a service using user information transmitted from the user terminal, previously stored biometric information, and payment information received from a payment server, and determines a user authentication result and service. Determining whether to provide a service for transmitting a service to the service server; And A service providing step of providing, by the service server, a service requiring user authentication according to the user authentication result and whether the service is provided; Real-name authentication service providing method comprising a.
KR1020090059023A 2009-06-30 2009-06-30 Method and system for the right of using service via network and portable memory unit therefor KR20110001475A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020090059023A KR20110001475A (en) 2009-06-30 2009-06-30 Method and system for the right of using service via network and portable memory unit therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020090059023A KR20110001475A (en) 2009-06-30 2009-06-30 Method and system for the right of using service via network and portable memory unit therefor

Publications (1)

Publication Number Publication Date
KR20110001475A true KR20110001475A (en) 2011-01-06

Family

ID=43610037

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020090059023A KR20110001475A (en) 2009-06-30 2009-06-30 Method and system for the right of using service via network and portable memory unit therefor

Country Status (1)

Country Link
KR (1) KR20110001475A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160014739A (en) * 2016-01-19 2016-02-11 전대연 Indoor and outdoor positioning-based smartcard Certification App System
WO2017069413A1 (en) * 2015-10-19 2017-04-27 ㈜와이스퀘어 Security key management device and method therefor
KR102323680B1 (en) * 2021-05-25 2021-11-10 주식회사쿠콘 Platform system and method for collecting information using integrated authentication and computer program for the same

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017069413A1 (en) * 2015-10-19 2017-04-27 ㈜와이스퀘어 Security key management device and method therefor
KR20160014739A (en) * 2016-01-19 2016-02-11 전대연 Indoor and outdoor positioning-based smartcard Certification App System
KR102323680B1 (en) * 2021-05-25 2021-11-10 주식회사쿠콘 Platform system and method for collecting information using integrated authentication and computer program for the same

Similar Documents

Publication Publication Date Title
US10929832B2 (en) Method and system for electronic wallet access
US9495524B2 (en) Secure user authentication using a master secure element
US20110185181A1 (en) Network authentication method and device for implementing the same
KR20140095745A (en) Supporting Method For Payment and System thereof
US9667626B2 (en) Network authentication method and device for implementing the same
CN107005619B (en) Method, corresponding device and system for registering mobile point of sale (POS)
EP2690840B1 (en) Internet based security information interaction apparatus and method
EP2690589A1 (en) Method and system for security information interaction based on internet
KR20110002968A (en) Method and system for providing financial trading service by using biometrics and portable memory unit therefor
KR102071438B1 (en) Payment authentication method and apparatus of mobile terminal and mobile terminal
KR20170133307A (en) Online financial transactions, identity authentication system and method using real cards
KR20060102456A (en) System and method for authenticating user, server for authenticating user and recording medium
KR100869157B1 (en) Apparatus, Method and Computer Program Recorded Medium for Providing Electronic Wallet Service
KR20080112674A (en) Apparatus, system, method and computer program recorded medium for authenticating internet service server and user by using portable storage with security function
KR20070065863A (en) Apparatus, system, method and computer program recorded medium for providing electronic waller service by using usim (universal subscriber identity module) card
KR20110002967A (en) Method and system for providing authentication service by using biometrics and portable memory unit therefor
US20150007300A1 (en) Method, apparatus, and system for using ic card as authentication medium
US20190095912A1 (en) Pre-approval financial transaction providing system and method therefor
KR20110001475A (en) Method and system for the right of using service via network and portable memory unit therefor
KR20110029032A (en) Method for processing issue public certificate of attestation, terminal and recording medium
KR101103189B1 (en) System and Method for Issueing Public Certificate of Attestation using USIM Information and Recording Medium
JP5433430B2 (en) User registration system in internet banking
KR20090104199A (en) System and Method for Processing Transfer Money using Financial Automatic Teller Machine and Program Recording Medium
KR20150114358A (en) User authentication system by contacting card and operating method thereof
KR20110002956A (en) Method and system for payment of service via network and portable memory unit therefor

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination