KR20150089569A - Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof - Google Patents

Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof Download PDF

Info

Publication number
KR20150089569A
KR20150089569A KR1020140010339A KR20140010339A KR20150089569A KR 20150089569 A KR20150089569 A KR 20150089569A KR 1020140010339 A KR1020140010339 A KR 1020140010339A KR 20140010339 A KR20140010339 A KR 20140010339A KR 20150089569 A KR20150089569 A KR 20150089569A
Authority
KR
South Korea
Prior art keywords
authentication
information
terminal
user
digital system
Prior art date
Application number
KR1020140010339A
Other languages
Korean (ko)
Inventor
김동진
김대진
심충섭
Original Assignee
주식회사 씽크풀
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 씽크풀 filed Critical 주식회사 씽크풀
Priority to KR1020140010339A priority Critical patent/KR20150089569A/en
Publication of KR20150089569A publication Critical patent/KR20150089569A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A user authentication method using a user device, a digital system therefor, a user device, and an authentication system are disclosed. A method for authenticating a user using a user apparatus according to an embodiment of the present invention includes the steps of: performing communication with a predetermined user apparatus for authenticating the digital system, authenticating, by the digital system, And transmitting an acknowledgment signal including the authentication information to an authentication system, and performing an authentication check procedure in which the transmitted acknowledgment signal is authenticated, wherein if the authentication check procedure is successful, The authentication request outputted from the processing device or the digital system to the authentication system or the service system connected with the authentication system is processed successively, and the authentication information is transmitted to the user device through the digital system, Information or a terminal generated by the digital system And is generated by the user device based on device authentication information including terminal authentication information including one-time information, device identification information of the user device, and device one-time information generated by the user device.

Description

TECHNICAL FIELD [0001] The present invention relates to a user authentication method using a user device, a digital system, a user device, and an authentication system using the same,

The present invention relates to a method for authenticating a user using a user apparatus, a digital system, a user apparatus, and an authentication system for the same, and more particularly, If the user to be used is required to perform authentication (also referred to as user authentication), a simple and highly secure personal authentication using a user device (e.g., IC card) and a digital system (e.g., mobile terminal) Method and system thereof.

And more particularly, to an authentication method and a system therefor that enable a user apparatus to generate authentication information for authenticating not only itself but also the digital system.

Conventional technology related to identity authentication has traditionally used identity and password authentication. However, such a conventional authentication method has a problem that it is difficult to perform a normal authentication function when an ID and a password are leaked. To complement this, various authentication schemes have appeared.

For example, there are authentication of the mobile phone itself, authentication by a user using an authorized certificate, authentication using an OTP, authentication of an i-PIN (Internet Personal Identification Number), or authentication using a credit card.

Authorized certificate authentication is an authentication protocol with a relatively high security level, but it is not easy to carry the authorized certificate stably and there are disadvantages such as complicated authentication process. In addition, the public certificate has also recently been leaked in large quantities, thus posing a problem of safety.

The i-PIN is a method of authenticating the user by using a virtual identification number used on the Internet. The user must know a new identification number in advance, and it is difficult to perform a normal authentication function once an exposure is performed as in an ID password method There are constraints.

In addition, the authentication of the mobile phone itself is problematic in that it is susceptible to smsing and the like by a method of authenticating occupation of the mobile phone by using the authentication number.

Also, since all of these conventional technologies are a method of inputting a password (certificate password, I-PIN password) or an authentication number, if a password or an authentication number is exposed to another person, the authentication of the user is inevitable. There is a high risk of exposure to hacking.

In addition, in the case of authentication using the OTP, the user can authenticate only when the user has the OTP client (OTP token). Also, the user is required to generate the OTP through the OTP client, There is a presence.

Accordingly, a technical idea that can provide a highly secure personal authentication protocol while maintaining convenience compared with conventional authentication technologies is required along with a payment protocol.

In addition, online crime becomes more intelligent and frequent as online financial transactions become more active, so the need for 2-channel authentication is increasing. Technological thinking is required to enable users to easily perform authentication while enabling 2-channel authentication.

In this case, the authentication request and the authentication action to be performed by a legitimate user can be separated so that the authentication request and the authentication request are authenticated, so that the information necessary for authentication can be easily exposed to the other person. A technical idea that allows the use of the service without requiring the service is required.

Further, the user device generates authentication information for authenticating not only itself but also the digital system, thereby judging whether the user has performed the authentication using legitimate authentication tools (i.e., the user device and the digital system) Technical ideology is required.

Korean Patent Application Publication No. 10-2012-0022452 "Payment service apparatus and method, client terminal and smart card therefor"

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide a digital system and a user device which are highly likely to be carried by a user. In addition, the present invention provides a two-channel personal authentication, a long-term personal authentication, or a technical idea enabling a third party to easily perform a personal authentication for allowing a legitimate user to provide a service.

In addition, since authentication can be performed using one-time information (e.g., OTP), it is necessary to have a separate one-time information generating device (e.g., OTP client) for generating one-time information It is to provide a technical idea that can carry out the simple and secure self-certification without.

In addition, the generation of the one-time information can be performed through a digital system or a user device (e.g., a smart card or the like) carried by the user, so that the risk that authentication due to illegal copying of the digital system or the user device can be performed And to provide technological ideas that can be significantly lowered.

In addition, it is another object of the present invention to provide a technique for providing higher security by implementing the authentication information generated by the user apparatus only when the digital system communicates with the user apparatus.

Also, even when the payment card is used for authentication of the user, the settlement financial information (for example, the card number, the expiration date, the CVC, etc.) may not be circulated on the network and even if the outflow of information occurs due to an attack, It is to provide a technical idea about the authentication method which can provide high security by reducing the risk of leakage of financial information.

In addition, it is not required to require a user to input the authentication information generated by the user device, thereby providing the user with the technical idea of authentication of the user, which is robust against attacks through key logging as well as convenience at the time of payment.

Further, the present invention provides a highly secure authentication method by allowing a user apparatus to generate authentication information capable of authenticating the digital system. And in particular, to provide a technical idea capable of generating the authentication information by a user apparatus that can not directly communicate with an authentication side.

The present invention also provides a technical idea that allows a digital system and / or a user device to be used for an authentication operation to be predetermined and perform authentication of the user only through the digital system and / or the user device.

In addition, a digital system to be used for the authentication operation and a user apparatus that is paired with the digital system are set in advance, and authentication is successful only when communication (for example, contact or non-contact type) So as to provide a technical idea capable of providing a synergistic effect of remarkable security.

According to another aspect of the present invention, there is provided a method of authenticating a user using a user device, the method comprising: performing communication with a predetermined user device for authenticating the digital system; The method comprising: receiving authentication information generated by a user device and transmitting an authentication signal including the authentication information to an authentication system; and performing an authentication verification procedure in which the transmitted authentication signal is authenticated, The authentication request output from the predetermined data processing apparatus or the digital system to the authentication system or the service system connected to the authentication system is successfully processed and the authentication information is transmitted to the user apparatus through the digital system The terminal identification information of the digital system Based on device authentication information including terminal authentication information including terminal one-time information generated by the digital system and device identification information of the user apparatus or device one-time information generated by the user apparatus, .

The authentication information may be generated by the user device based on the terminal identification information and the device identification information, or may be generated by the user device based on the terminal identification information and the device identification information .

The authentication information may be generated based on the first device one-time information generated by the user device based on the device identification information and the terminal authentication information, or may be generated based on the terminal authentication information and the device identification information And is generated based on the second device one-time information generated by the user device.

The authentication method using the user device may further include a step of transmitting the authentication request information output by the authentication system, which has received the authentication request including the identification information of the digital system output from the data processing device, The method further comprising displaying on the digital system, wherein when the authentication action request information is displayed, the digital system can perform the communication with the user device.

The authentication method using the user device may further include receiving the authentication action request information output from the data processing device that receives the identification information of the digital system, The digital system can perform the communication with the user equipment.

Further, when the authentication information is generated by the user device based on the terminal identification information and the device identification information, the terminal identification information and the device identification information are obtained from the authentication information by the authentication system, Characterized in that the authentication confirmation procedure is successful until the terminal identification information and the device identification information are authenticated, or when the authentication information is generated by the user apparatus based on the terminal one-time information and the device identification information, Wherein the terminal identification information and the terminal identification information are acquired from the authentication information by the authentication system and authenticated through server one-time information generated by the authentication system such that the terminal one-time information corresponds to the terminal one-time information, If the device identification information is authenticated, It may be characterized in that the ball.

When the authentication information is generated based on the first device one-time information and the terminal authentication information generated by the user apparatus based on the device identification information, The one-time information and the terminal authentication information are acquired and authenticated through the first server one-time information generated by the authentication system such that the first device one-time information corresponds to the first device one-time information, Or if the authentication information is generated based on the second device one-time information generated by the user device based on the terminal authentication information and the device identification information, Wherein the second device one-time information is obtained from the authentication information by the system, One-time information must be authenticated by the terminal authentication information to the second server, one-time information generated by the authentication system based on the device identification information it may be characterized in that the authentication procedure is successful.

The step of transmitting the confirmation signal to the authentication system may further include the step of the digital system further including the terminal authentication information in the confirmation signal and transmitting the terminal authentication information to the authentication system, The authentication information is authenticated before the authentication confirmation process is successful.

The user authentication method using the user device may further include determining whether the digital system is a preset pair so that the user device corresponds to the digital system, and if the user device is a preset pair, And transmits an acknowledgment signal to the authentication system.

Further, a method for authenticating a user using the user apparatus includes the steps of: the digital system or the authentication system requesting a user of the digital system for user authentication information corresponding to the user apparatus; Further comprising the step of transmitting, to the authentication system, the digital system or the data processing apparatus, wherein the authentication confirmation procedure is successful only when the user authentication information is further authenticated by the authentication system.

According to another aspect of the present invention, there is provided a method for authenticating a user using a user device, the method comprising: receiving a confirmation signal from the digital system, The method comprising the steps of: receiving an authentication message including authentication information generated by the user device; performing an authentication procedure to authenticate the received acknowledgment signal; and if the authentication procedure is successful, Characterized in that the predetermined data processing apparatus or the digital system successively processes an authentication request output to the authentication system or a service system connected to the authentication system, wherein the authentication information is transmitted to the user device through the digital system The terminal identification information of the digital system or the digital Information generated by the user apparatus based on device authentication information including terminal authentication information including terminal one-time information generated by the system, device identification information of the user apparatus, and device one-time information generated by the user apparatus .

The authentication information may be generated by the user device based on the terminal identification information and the device identification information, or may be generated by the user device based on the terminal identification information and the device identification information .

The authentication information may be generated based on the first device one-time information generated by the user device based on the device identification information and the terminal authentication information, or may be generated based on the terminal authentication information and the device identification information And is generated based on the second device one-time information generated by the user device.

The authentication method using the user device may further include the steps of the authentication system receiving the authentication request including the identification information of the digital system from the data processing apparatus, Or transmitting the authentication action request information to the data processing device, wherein, after transmitting the authentication action request information, the authentication system performs the authentication process so that the confirmation signal is received from the digital system . ≪ / RTI >

Further, the step of performing the authentication confirmation procedure for authenticating the authentication information based on the confirmation signal received by the authentication system may further include the step of, when the authentication information is received by the user apparatus based on the terminal identification information and the device identification information The authentication system obtains the terminal identification information and the device identification information from the authentication information, and successively processes the authentication confirmation procedure until the obtained terminal identification information and the device identification information are authenticated, Or when the authentication information is generated by the user device based on the terminal one-time information and the device identification information, the authentication system obtains the terminal one-time information and the device identification information from the authentication information, Information by the authentication system so as to correspond to the terminal's one- The authentication server is configured with a one-time information, the device identification information is to be authenticated is out of a successful authentication process the verification process may include any of them.

In addition, the step of performing an authentication confirmation procedure for authenticating the authentication information based on the confirmation signal received by the authentication system may further include a step of, when the authentication information is generated by the first device When the authentication information is generated based on the one-time information and the terminal authentication information, the authentication system obtains the first device one-time information and the terminal authentication information from the authentication information, and the first device one- The authentication information is authenticated through first server one-time information generated by the authentication system so as to correspond to the terminal authentication information and the authentication information is successfully authenticated before the terminal authentication information is authenticated, Information generated based on the second device one-time information generated by the user device based on the information , The second device one-time information is obtained from the authentication information, and the second device one-time information is generated from the authentication information by using the second server one-time information generated by the authentication system based on the terminal authentication information and the device identification information And successively processing the authentication confirmation procedure to be authenticated through the information.

The authentication signal further includes the terminal authentication information, and the step of performing the authentication verification procedure for authenticating the authentication information based on the confirmation signal received by the authentication system includes the steps of: Authenticating the included terminal authentication information, and successively processing the authentication confirmation procedure until the terminal authentication information is further authenticated.

The authentication method using the user device may further include the step of authenticating whether or not the digital system in which the authentication system has transmitted the confirmation signal determines whether the digital system and the user apparatus are paired in advance to be mutually associated , It can be determined that the authentication confirmation process is successful if the pair status is authenticated.

According to another aspect of the present invention, there is provided a method for authenticating a user using a user device, the method comprising the steps of: communicating with a digital system by a user device to authenticate the user; , Transmitting the authentication information generated by the user equipment to the digital system, transmitting an acknowledgment signal including the transmitted authentication information to the authentication system by the digital system, and transmitting the acknowledgment signal to the authentication system Wherein the authentication confirmation process is successful and the authentication request output from the predetermined data processing device or the digital system to the authentication system or the service system connected with the authentication system is successful And the authentication information is transmitted to the digital system The terminal identification information including the terminal identification information of the digital system transmitted to the user apparatus or the terminal one-time information generated by the digital system, the apparatus identification information of the user apparatus or the apparatus one-time information generated by the user apparatus And is generated by the user device based on the device authentication information included.

The user authentication method using the user device may further include determining whether the user equipment is a preset pair so that the digital system corresponds to the user device, and if the digital system is a preset pair, And generates the authentication information or transmits the generated authentication information to the digital system.

The step of generating the authentication information by the user device may further include the steps of the user device generating the authentication information based on the terminal identification information and the device identification information, And generating the authentication information based on the identification information.

The step of generating authentication information by the user apparatus may include generating the authentication information based on the first device one-time information and the terminal authentication information generated by the user apparatus based on the device identification information, And generating the authentication information based on the second device one-time information generated by the user device based on the terminal authentication information and the device identification information.

The user authentication method using the user device can be recorded in a computer-readable recording medium on which the program is recorded.

According to another aspect of the present invention, there is provided a digital system using a user device, the digital system comprising: a user equipment communication module for performing communication with a user equipment for authentication of an authentication request; And a control module for transmitting, to the authentication system, a confirmation signal when the communication with the user device is performed through the module, and the confirmation signal includes the authentication information generated by the user device, Wherein the authentication request output from the predetermined data processing apparatus or the digital system to the authentication system or the service system connected to the authentication system is successfully processed when the authentication confirmation procedure in which the confirmation signal is authenticated succeeds, The authentication information is transmitted to the user The terminal identification information including the terminal identification information of the digital system transmitted to the device or the terminal one-time information generated by the digital system and the device identification information of the user apparatus or the device one-time information generated by the user apparatus And is generated by the user device based on the device authentication information.

The authentication information may be generated by the user device based on the terminal identification information and the device identification information, or may be generated by the user device based on the terminal one-time information and the device identification information, Second device generated based on the first device one-time information and the terminal authentication information generated by the user device based on the terminal authentication information and generated by the user device based on the terminal authentication information and the device identification information, Information is generated based on the information.

In addition, the digital system may further include a terminal one-time information generation module for generating the terminal one-time information.

According to another aspect of the present invention, there is provided an authentication system using a user device, the method comprising: receiving a confirmation signal output by the digital system when the digital system communicates with a predetermined user device, A communication unit for receiving the authentication information generated by the user device, an authentication unit for performing an authentication confirmation procedure for authenticating the received confirmation signal, and an authentication unit for, if successful, And a control unit for successively processing an authentication request output from the data processing apparatus or the digital system to the authentication system or the service system connected to the authentication system, wherein the authentication information is transmitted to the user apparatus via the digital system The terminal identification information of the digital system or the digital Based on the device authentication information including the terminal authentication information including the terminal one-time information generated by the device and the device authentication information including the device identification information of the user device or the device one-time information generated by the user device .

The authentication information may be generated by the user device based on the terminal identification information and the device identification information, or may be generated by the user device based on the terminal one-time information and the device identification information, Second device generated based on the first device one-time information and the terminal authentication information generated by the user device based on the terminal authentication information and generated by the user device based on the terminal authentication information and the device identification information, Information is generated based on the information.

According to an aspect of the present invention, there is provided a user apparatus including communication means for performing communication with a digital system, and operation means for generating authentication information when the communication is performed through the communication means Wherein the authentication information generated by the computing means is transmitted to the digital system, and when an acknowledgment signal including the transmitted authentication information is transmitted to the authentication system by the digital system, And the authentication request output from the digital data processing apparatus or the digital system to the authentication system or the service system connected to the authentication system is successfully processed, The authentication information is transmitted to the user device via the digital system The device authentication information including the terminal identification information of the digital system transmitted or the terminal authentication information including the terminal one-time information generated by the digital system and the device one-time information generated by the user apparatus And is generated by the user device based on the information.

The computing means may generate the authentication information based on the terminal identification information and the device identification information, generate the authentication information based on the terminal's one-time information and the device identification information, Based on the first device one-time information generated based on the terminal authentication information and the terminal authentication information, or generates the authentication information based on the terminal authentication information and the second device one- Lt; / RTI >

Also, the calculating means may determine whether the digital system is a preset pair corresponding to the user apparatus, and if the digital system is determined to be a preset pair, the authentication means may generate the authentication information or transmit the generated authentication information to the digital system To the mobile station.

According to the technical idea of the present invention, there is an effect of providing high security and simplicity by performing self-authentication by using two independent objects of a digital system and a user device, both of which are highly likely to be carried by a user and are familiar.

In other words, the authentication request is performed by a data processing apparatus that is separate from the digital system, and the authentication operation is performed through the digital system, Channel authentication, the remote authentication, or the third-party authentication can be performed with high security because it can be performed by another person or by a person other than the authentication requester.

In addition, there is no need for a user to have a device for separate one-time information (e.g., OTP, etc.), and a user device (e.g., IC card, traffic card, electronic ID card, etc.) It is possible to increase both the security and the convenience of the user.

Further, when the user apparatus generates the authentication information including the one-time information, the user apparatus generates the authentication information using the identification information of the digital system received from the digital system or the terminal one-time information generated by the digital system , It is possible to authenticate not only the user equipment but also the digital system using the authentication information generated by the user equipment.

In addition, since the digital system can authenticate not only the user device but also the digital system using the authentication information generated by the user device, the digital system, which is relatively vulnerable to attack, generates authentication information and authenticates the authentication system. It is possible to obtain security.

Further, it is possible to prevent the user from being exposed to the hacking of the key input method such as key logging as well as convenience in authentication of the user by preventing the user from using a process of inputting the authentication information while using the authentication information generated by the user device have.

In addition, since the digital system to be used for authentication of the user can be preset and specified, it has the effect of having a strong characteristic against attack such as smishing or man in the middle attack. Online crime can be actively blocked.

In addition, since a user apparatus constituting a pair (pair) with the digital system can be set in advance, it is possible to set up a pair of apparatuses without having all the apparatuses constituting the pair (that is, The apparatus can not be normally authenticated), thereby remarkably improving the security.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
Figure 1 shows schematic systems for implementing identity authentication using a user device in accordance with an embodiment of the present invention.
2 shows a schematic configuration of a digital system according to an embodiment of the present invention.
3 shows a schematic configuration of an authentication system according to an embodiment of the present invention.
4 shows a schematic data flow of authentication of a user using a user device according to an embodiment of the present invention.
FIG. 5 shows a schematic data flow of authentication of a user using a user apparatus according to another embodiment of the present invention.
6 shows a schematic data flow of authentication of a user using a user apparatus according to another embodiment of the present invention.
FIGS. 7 to 9 show a schematic data flow when the user equipment generates authentication information using the terminal one-time information of the digital system.
FIG. 10 is a diagram illustrating a process of an authentication system performing an authentication procedure according to an embodiment of the present invention. Referring to FIG.
11 is a diagram for explaining a process in which a digital system transmits an acknowledgment signal according to an embodiment of the present invention.
12 is a diagram showing a schematic configuration of a user apparatus according to an embodiment of the present invention.

In order to fully understand the present invention, operational advantages of the present invention, and objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

Figure 1 shows schematic systems for implementing identity authentication using a user device in accordance with an embodiment of the present invention.

Referring to FIG. 1, a digital system 100, an authentication system 200, and a user device 300 may be provided to implement a user authentication method using a user device according to an embodiment of the present invention. Depending on the implementation, a predetermined data processing apparatus 400 may be further provided. Further, a service system 500 connected to the authentication system 200 and capable of providing a predetermined service to the digital system 100 and / or the data processing apparatus 400 may be further provided.

The digital system 100 can implement the technical idea of the present invention while transmitting and receiving necessary information through the wired / wireless network with the authentication system 200. The digital system 100 can acquire information (e.g., authentication information or device identification information) necessary for the technical idea of the present invention from the user device 300 by communicating with the user device 300 have. The digital system 100 may also communicate with the user device 300 to provide the user device 300 with information (e.g., terminal identification information or information necessary for the technical idea of the present invention) One-time information generated by the terminal).

The digital system 100 may perform contact or non-contact communication with the user device 300. For example, the user device 300 may be implemented as a smart card, an IC card, or a transportation card capable of performing contact or non-contact communication with the digital system 100. In particular, the user device 300 may be a payment IC card (e.g., a credit card, a check card, etc.).

According to another embodiment, the user device 300 has its own identification information as the device owned by the user, and any type of device capable of communicating with the digital system 100 is possible. For example, the user device 300 may be a device capable of proving an identity (e.g., an electronic identification card), a communicable OTP device, or a user's mobile phone separate from the digital system 100.

Hereinafter, for convenience of description, the user device 300 will be described as an IC card, but the scope of the present invention is not limited thereto. Although the digital system 100 and the user device 300 perform short-range wireless communication (e.g., NFC communication, blues, etc.), the scope of the present invention is not limited thereto.

The digital system 100 may perform communication (e.g., near field wireless communication) with the user device 300. To this end, the user may tag the digital system 100 and the user device 300.

In this specification, tagging refers to the case where the digital system 100 and the user device 300 are located within a certain distance (for example, 10 cm or less when the NFC communication is used) in order to carry out contactless communication such as RFID communication and NFC communication. Or the like). The user can perform tagging by bringing the digital system 100 or the user device 300 into a predetermined distance to the user device 300 or the digital system 100. [

If the user device 300 is a payment card, the user device 300 may be a financial transaction means. The user device 300 may include a predetermined communication device (e.g., an RF antenna, an RF tag, and the like) to perform tagging communication with the digital system 100. [ In addition, the user device 300 may further include a storage device in which information necessary for realizing the technical idea of the present invention can be stored. For example, the user device 300 may be implemented as an IC card having an IC chip or various types of smart cards. Of course, the user device 300 may be an apparatus that can not independently perform financial transactions as described above. Even if the user device 300 is not a financial transaction device, according to the technical idea of the present invention, a user device 300 (e.g., an ID card, a mobile phone separate from the digital system 100) Etc.) can be used to easily perform authentication of the user. For example, since the user can easily perform the identity authentication only by the tagging operation of the digital system 100 and the user device 300, the user can input the ID / password, select the authorized certificate, As compared with the conventional complicated authentication process, it is possible to perform the self-authentication with high security, which is much simpler.

In addition, when performing short-range wireless communication through tagging, it is not necessary to take out a user device (e.g., an electronic ID card or a payment card 300) from a pocket or a wallet.

Of course, another conventional authentication method (for example, authentication using an authorized certificate, etc.) may be performed before or after the authentication of the user according to the technical idea of the present invention is performed for higher security. It goes without saying that higher security can be provided when such dual security authentication is performed.

According to one embodiment, the user device 300 may generate predetermined authentication information.

The authentication information may mean information that can be generated based on at least one piece of information to be authenticated. According to the technical idea of the present invention, the authentication information may be generated by the user device 300 and may be information that can authenticate not only the user device 300 but also the digital system 100.

The information capable of authenticating the user device 300 may include device identification information of the user device 300 and / or one-time information that is generated by the user device 300 and can be authenticated by the authentication system 200 That is, it may be device one-time information. Herein, the information that can authenticate the user device 300 is defined as device authentication information in this specification.

In addition, information that can authenticate the digital system 100 may include identification information of the digital system 100, that is, terminal identification information, and / or information that is generated by the digital system 100, One-time information that can be authenticated, that is, terminal one-time information. Information that can authenticate the digital system 100 is defined as terminal authentication information in this specification.

Then, the authentication information according to the technical idea of the present invention is generated based on the device authentication information and the terminal authentication information, and the device authentication information and the terminal authentication information May be obtained, or at least information that the authentication information has been generated based on the device authentication information and the terminal authentication information may be authenticated.

Hereinafter, the information that can be authenticated by the authentication information is defined as the authentication information. Then, the authentication information may be generated based on the device authentication information, which is the authentication information, and the terminal authentication information. Also, the device authentication information may be device identification information or device one-time information as described above. The terminal authentication information may be terminal identification information or terminal one-time information.

On the other hand, when the authentication information is generated based on at least one of the pieces of authenticated information, the user device 300 can transmit at least one piece of the authorized information (e.g., device identification information or terminal identification information) (E.g., encryption, encoding, hashing, etc.). Or to combine, process, or convert at least one newly generated authenticated information (e.g., device one-time information or terminal one-time information) for the authentication information in a predetermined manner.

As an example of combining, processing or converting the at least one piece of the information to be authenticated in a predetermined manner, it is possible to simply generate the combined information of the at least one piece of the information to be authenticated in a predetermined manner in the form of a predetermined file or information A case in which information including the at least one piece of authorized information is encrypted or a case where a part of the at least one piece of authenticated information is to be encrypted and the other piece of authenticated information is used to generate an encryption key or an encryption key Lt; / RTI > In addition, the user device 300 may generate the authentication information based on the at least one piece of the authentication information by transforming the at least one piece of the authentication information using various encoding methods, hashing methods, or the like.

In any case, the fact that the authentication information is generated by the user device 300 means that at least one piece of authenticated information corresponding to the authentication information, that is, at least one piece of authenticated information used for generating the authentication information And can be generated by the authentication system 200 in such a manner that the at least one authenticated information is obtained from the authentication information or that the authentication information has been generated based on the at least one authenticated information It is to be understood that the present invention may be embodied in various other forms, that various changes and modifications may be made and / or made, and that the embodiments may vary widely.

When the authentication information is generated based on any one of the pieces of information to be authenticated (for example, device one-time information), the one piece of the information to be authenticated itself is not only the device authentication information of the user device 300, As shown in FIG. For example, the terminal authentication information (e.g., terminal identification information or terminal one-time information) can be used when the user device 300 generates device one-time information. In this case, the authentication information is generated . Even in this case, the device one-time information itself can be information that can authenticate not only the user device 300 but also the digital system 100.

As a result, the authentication information may be generated based on the device identification information and the terminal identification information, or may be generated based on the device identification information and the terminal one-time information. Alternatively, the authentication information may be generated based on the device one-time information and the terminal identification information, or may be generated based on the device one-time information and the terminal one-time information. Alternatively, the authentication information may be generated based only on the device one-time information, and when the device one-time information is generated based on not only the identification information of the user device 300 but also the terminal identification information or the terminal one-time information Lt; / RTI >

The user device 300 may input at least two input values to the one-time information generation algorithm to generate device one-time information, and obtain the device one-time information with an output value. At this time, at least one can use his / her identification information, and the rest can use time information (e.g., time synchronization method) or information received from the authentication side (e.g., challenge response method).

In any case, the device one-time information may be generated by the user device 300 and may be generated by the authentication system 200 via the same input and the same algorithm as the one-time information generated by the one- Called server one-time information, the device one-time information can be authenticated by the authentication system 200. Of course, the terminal one-time information can also be generated and authenticated in the same manner.

Further, when the device one-time information is generated based on the terminal authentication information (e.g., terminal identification information or terminal one-time information) as described above, the input value of the device one-time information is set based on the terminal authentication information or the terminal authentication information It may mean that information that can be obtained is used as an input value. Therefore, in this case, the authentication system 200 first obtains the input value based on the terminal authentication information, obtains server one-time information using the obtained input value and at least one predetermined input value, and performs authentication . In the case where the terminal authentication information (i.e., terminal identification information or terminal one-time information) is used when generating the device one-time information, if the device one-time information is authenticated by the authentication system 200, The generated user device 300 is not only authenticated but also authenticated to the digital system 100.

The manner in which the user device 300 generates device one-time information may be achieved by various methods of generating a conventional OTP (e.g., challenge-response, time synchronization, etc.) Are well known in the art, detailed description thereof will be omitted herein.

The user device 300 may generate the authentication information and transmit the generated authentication information to the digital system 100. [ Then, the digital system 100 may transmit only the authentication information included in the confirmation signal to the authentication system 200. According to an embodiment, the digital system 100 may further include additional information in addition to the authentication information in the acknowledgment signal to the authentication system 200. For example, when the authentication information is generated based on the terminal identification information (or the terminal one-time information), the digital system 100 may further include the terminal one-time information (or terminal identification information) in the confirmation signal.

In this case, the fact that the confirmation signal is authenticated to the authentication system 200 may mean that not only the authentication information included in the confirmation signal is authenticated, but also the additional information included in the confirmation signal is authenticated. In this case, for the digital system 100 corresponding to the additional information (for example, terminal authentication information) included in the confirmation signal by the digital system 100, And authentication by the additional information) can be performed.

According to one embodiment, when the user device 300 is a payment card, when the tag is tagged with the digital system 100, the card is supplied with power through electromagnetic induction, The authentication information can be generated. The processor included in the IC chip may generate the authentication information when power is supplied through the communication with the digital system 100, and may enable the digital system 100 to read the generated authentication information. Of course, at this time, the digital system 100 may be required to be an authorized system capable of reading the authentication information. Certified software capable of reading the authentication information may be installed in the digital system 100 for this purpose.

As described above, according to the technical idea of the present invention, when authentication is simultaneously performed not only to the user device 300 but also to the digital system 100 using the authentication information generated by the user device 300, There is an effect that a higher security can be provided as compared with the case where the authentication system 300 and the digital system 100 generate authentication information and each authentication information is authenticated by the authentication system 200. [ This is because the user device (for example, the IC card 300) implementing the technical idea of the present invention may be far more difficult to forge or falsify through the attack than the digital system 100. Also, it is preferable that one piece of authentication information generated by using a larger number of input values of the authentication information (e.g., device identification information and terminal authentication information) is hacked, Since each authentication information is much harder than a hacked one, higher security is provided.

The authentication system 200 receives the authentication information included in the confirmation signal, and authenticates the authentication information, thereby authenticating the authentication information corresponding to the authentication information, that is, the authentication information based on the generation of the authentication information can do. It goes without saying that the authentication information to be authenticated means that the device corresponding to the authentication information is authenticated. For example, when the device one-time information is authenticated, the digital system 100 is further authenticated when at least the user device 300 is authenticated and further terminal identification information (or terminal one-time information) is used when generating the device one- It is effective. Further, when the authentication information includes the terminal identification information (or the terminal one-time information), the digital system 100, which is a device corresponding to the terminal identification information (or the terminal one-time information), is authenticated.

The authentication system 200 may be provided with an authentication unit for authenticating the authentication information corresponding to the authentication information. As will be described later, the authentication unit can generate the one-time information itself to authenticate the device one-time information when the authentication information includes the device one-time information. That is, the user device 300 may operate as an OTP client, for example, and the authentication unit may operate as an OTP server. Hereinafter, the one-time information generated by the authentication system 200 will be defined as 'server one-time information' for convenience of explanation.

When the authentication information includes the device identification information, the authentication unit uses the information stored in the authentication system 200 or a predetermined system (e.g., a credit card company system) connected with the authentication system 200 to identify the device identification Information can be authenticated. For example, when the user device 300 is a card, it may authenticate the device identification information by acquiring a name corresponding to the device identification information through communication with the card issuer system.

In addition, when the authentication information corresponding to the authentication information includes the terminal identification information, the authentication unit may authenticate the terminal identification information. To this end, the terminal identification information of the digital system 100 may be registered in advance in the authentication unit (or a system capable of performing communication with the authentication unit, for example, a mobile communication company system) The terminal identification information may be authenticated if the information and the terminal identification information included in the authentication information correspond to each other.

As described above, according to the technical idea of the present invention, the user device 300 generates the authentication information, and the generated authentication information can be authenticated by the authentication system 200.

Also, according to one embodiment, the user device 300 may be a payment card. Then, the authentication information generated by the user device 300 can use the identification information of the user device 300. At this time, as the payment financial information of the payment card, that is, the financial information necessary for payment, (E.g., UID, time information, an arbitrary value, etc.) independent of the information (e.g., card number, validity period, CVC code, etc.) stored in the user device 300 can be used as the identification information of the user device 300. [ In this case, since the settlement financial information may not be distributed to the digital system 100 or the authentication system 200, the security can be enhanced. For example, even if the authentication information and the apparatus authentication information generation algorithm are leaked, there is no risk that the settlement financial information is leaked through reverse engineering or the like.

1, the digital system 100 can communicate with the authentication system 200 via a wired / wireless network, and can communicate with the user device 300 through a predetermined communication (e.g., a local area wireless communication) May be defined to include any type of data processing device capable of communicating over a network. For example, the digital system 100 may be a data processing device, such as a tablet, a music player, or the like, which is easy for the user to carry around. Of course, the digital system 100 is preferably capable of communicating with the authentication system 200 and / or the data processing apparatus 400 via a network.

In addition, the digital system 100 may generate (or extract) authentication information to be included in the confirmation signal, that is, terminal authentication information. The function of the digital system 100 to generate the terminal authentication information may be implemented by installing predetermined software in the digital system 100 to implement the technical idea of the present invention.

In addition, when the terminal's one-time information is included in the confirmation signal separately from the authentication information, the terminal's one-time information may be generated in a manner different from the device one-time information generated by the user device 300. [ For example, when device one-time information is generated by a challenge response method or a time synchronization method, the terminal one-time information may be generated in a manner different from the method of generating device one-time information. In addition, although the device one-time information may be displayed through the digital system 100 so that the user may not need to input the displayed information, the terminal one-time information may be displayed through the digital system 100, It is possible.

Also, the terminal's one-time information may be generated by using identification information of the user device 300, that is, device identification information (or device one-time information) as an input value. Of course, the terminal identification information of the digital system 100 may be further used. In this case, it is of course possible to obtain an effect similar to the case of using the terminal identification information when the user device 300 generates device one-time information. In addition to the terminal one-time information, device identification information (or device one-time information) may be further included in the confirmation signal as described above.

As a result, according to the technical idea of the present invention, the digital system 100 may include authentication information generated by the user device 300 in an acknowledgment signal and transmit the authentication information to the authentication system 200, And may further include the device authentication information obtained from the user device 300 in the confirmation signal to the authentication system 200.

In any case, the authentication unit of the authentication system 200 may authenticate all of the information included in the confirmation signal, and may determine that the authentication confirmation procedure is successful only when all the information included in the confirmation signal is authenticated.

Further, the authentication unit may further perform pair authentication for authenticating whether the digital system 100 and the user device 300 are paired as described later, and if such authentication is further performed, It may be judged to have succeeded.

The confirmation signal may be defined as including a series of information or signals including information necessary for the authentication procedure performed by the authentication system 200. [ The acknowledgment signal may include only authentication information, but does not necessarily mean one data set (or continuous packet data), but may be temporally or physically separated information or signal. That is, the digital system 100 may output the confirmation signal to the authentication system 200 a plurality of times.

In any case, according to the technical idea of the present invention, the digital system 100 can include the authentication information in the confirmation signal and transmit it to the authentication system 200, and the authentication information included in the confirmation signal is transmitted to the authentication system 200 ). ≪ / RTI >

Meanwhile, the digital system 100 can transmit the acknowledgment signal only when the digital system 100 communicates with the user apparatus 300. Therefore, even if the digital system 100 is attacked by a hacking or the like, the confirmation signal may not be transmitted unless the user is holding the user device 300, and thus the authentication of the user is not successful .

Also, the authentication information generated by the user device 300 may be generated by the user device 300 only when the communication between the digital system 100 and the user device 300 is performed. For example, when the user device 300 is a smart card such as a payment card or an electronic ID card, since the smart card is not powered independently, the authentication information can be generated only when communication with the digital system 100 is performed. Of course it is. Also, even when the user equipment 300 is powered on and can generate authentication information by itself, the user equipment 300 can be implemented to generate the authentication information only when communication with the digital system 100 is performed have. The terminal authentication information may be transmitted to the user device 300 through the communication. Of course, in this case, software or an applet for implementing the technical idea of the present invention may also be installed in the user device 300.

In addition, the user device 300 may generate the authentication information only when communication with the digital system 100 set in advance is performed. It is needless to say that information about the digital system 100 forming a pair with the user device 300 may be registered in the user device 300 in advance.

In any case, the confirmation signal transmitted by the digital system 100 to the authentication system 200 may include authentication information, and the confirmation signal indicates that the digital system 100 and the user device 300 are in communication It may be output from the digital system 100 to the authentication system 200 only if it is performed. Therefore, even if the authentication information is included in the confirmation signal, it is authenticated that the user has two authentication tools, i.e., the digital system 100 and the user device 300. [

In addition, when the user device 300 according to the technical idea of the present invention is a payment IC card, the confirmation signal transmitted to the authentication system 200 by the digital system 100 is not related to the payment financial information Only one piece of information (e.g., device identification information, terminal identification information, and the like) may be included, thereby enhancing the security of the authentication method according to the technical idea of the present invention.

The authentication system 200 may perform an authentication procedure for authenticating the authentication information included in the confirmation signal. Further, when the confirmation signal further includes additional information (e.g., terminal authentication information), a procedure for further authenticating the additional information may be included in the authentication confirmation procedure.

On the other hand, even when the user apparatus 300 and the digital system 100 are authenticated by the authentication information, the digital system 100 transmits additional information (for example, terminal authentication information or communication (E.g., the acquired device identification information), which may further perform authentication using the identification information of the digital system 100 and / or the user device 300 when the user device 300 is forged, It is possible to provide security.

As a result, when the digital system 100 and / or hardware authentication procedures are additionally performed, the security of the authentication method according to the technical idea of the present invention can be further enhanced. Even if a forgery or falsification of software for generating authentication information occurs, if the user possessing the digital system 100 does not possess the user device 300 registered in the authentication system 200 in advance, Even in the case where the digital system 100 is registered in the authentication system 200, it is possible to prevent the authentication of the user from being successful.

The procedure for authenticating the device identification information according to an embodiment may be performed by the digital system 100. [ Or the procedure for authenticating the terminal identification information may be performed by the user device 300. [ That is, in the digital system 100, the identification information of the user apparatus 300 that can be used for the authentication operation is stored in advance, or the digital system 100 (which can be used for the authentication operation in advance) The digital system 100 or the user device 300 may determine whether the device communicating with the digital device 100 is a device registered in advance by the authentication system 200, There is an effect similar to that the identification information and / or the terminal identification information are authenticated. However, since the digital system 100 and / or the user device 300 may be at a greater risk of being falsified than the authentication system 200, the authentication system 200 may use the device identification information and / Or it may be desirable that the terminal identification information be authenticated.

Of course, the procedure for authenticating the device identification information and / or the terminal identification information may be omitted when the terminal identification information (or device identification information) is used when generating the device one-time information (or the terminal one-time information) It is possible. That is, when the device one-time information (or the terminal one-time information) is generated using up to the terminal identification information (or the device identification information), the terminal identification information (or the device identification information) is separately authenticated There is an effect that the terminal identification information is authenticated if the device one-time information is authenticated.

The authentication procedure performed by the authentication system 200 may further include a pair authentication procedure for authenticating whether the digital system 100 and the user device 300 are a pair. That is, the digital system 100 and the user device 300 may be paired in advance. Only when the two devices forming the pair perform the communication, the authentication system 200 determines that authentication is successful . In this way, the authentication process for confirming the authentication request by the user (i.e., communicating the digital system 100 and the user device 300) must be paired to be successful. In this case, if the digital system 100 and the user device 300 are both registered by the authentication system 200, even if they are not paired with each other, the authentication confirmation process may not be successfully processed, It is possible to have a synergistic effect.

Whether the two devices used in the authentication operation (digital system 100 and user device 300) are a pair may be authenticated by the authentication system 200, but may also be authenticated by the digital system 100 . That is, the digital system 100 can communicate with the digital system 100 only when it communicates with the user device 300, which is set to pair with the digital system 100 in advance. To this end, the digital system 100 may have previously stored information (e.g., device identification information) about the user device 300 that is paired with the digital system 100 in advance.

In some implementations, the user device 300 may store information about the digital system 100 that is paired with the user device 300, and the user device 300 may determine that the digital system 100 May be authenticated. If the authentication is not performed, the authentication information may not be generated or a predetermined control for not transmitting the authentication information to the digital system 100 may be performed.

Meanwhile, the authentication request may be transmitted to the authentication system 200 before the authentication signal is transmitted to the authentication system 200. For example, the authentication request may be an authentication request transmitted from the predetermined data processing apparatus 400 to the authentication system 200. The data processing apparatus 400 is a device which is separate from the digital system 100 and used by a user of the digital system 100 and is connected to the authentication system 200 to request authentication, Mobile terminal, set-top box, IPTV, and the like. For example, a user may input identification information (e.g., a telephone number) of his or her digital system 100 through the data processing apparatus 400 to perform an authentication request.

Further, the data processing apparatus 400 may be implemented in various embodiments according to the types of services provided after the authentication according to the technical idea of the present invention succeeds. For example, if the service is a payment service, the data processing device 400 may be an agent terminal requesting payment for settlement. If the service is a service for opening a door, the data processing device 400 may be a device installed at a door. Various embodiments of the data processing apparatus 400 may be possible depending on the type of service.

According to an embodiment, the data processing apparatus 400 or the digital system 100 may make an authentication request to a predetermined service system 500. The service system 500 may transmit a predetermined service (for example, a request for authentication) to the authentication requesting device (for example, the data processing device 400 or the digital system 100) upon successful authentication of the user according to the technical idea of the present invention. Login, financial transaction, confirmation of specific information, issuance of a certificate, purchase of goods or services, payment, opening and closing of a door, etc.). A user may access the service system 500 through the data processing apparatus 400 or the digital system 100 and the service system 500 may be connected to the service system 500 in order to perform the service provided by the service system 500. [ And may request the data processing apparatus 400 or the digital system 100 to authenticate the user. In this case, the service system 500 allows the data processing apparatus 400 or the digital system 100 to access the authentication system 200 (for example, a web page or a UI provided by the authentication system 200) The data processing apparatus 400 or the digital system 100 may be controlled to receive the authentication from the authentication system 200 through the data processing apparatus 400 or the digital system 100 have. The data processing apparatus 400 or the digital system 100 may transmit the authentication request to the authentication system 200 by inputting information necessary for the authentication request (for example, identification information of the digital system 100) As shown in FIG.

Of course, in some implementations, the service system 500 may receive an authentication request from the data processing apparatus 400 or the digital system 100 and send the received authentication request to the authentication system 200 . That is, the service system 500 may mediate the authentication process according to the technical idea of the present invention. The fact that the data processing apparatus 400 or the digital system 100 transmits predetermined information or signals to the authentication system 200 is transmitted to the authentication system 200 through the service system 500 And the like. Of course, even when the authentication system 200 transmits predetermined information or signals to the data processing apparatus 400 or the digital system 100, the authentication system 200 may include the case of being transmitted through the service system 500 . ≪ / RTI >

Although the authentication system 200 and the service system 500 are implemented as separate physical devices in FIG. 1, the authentication system 200 may be included in the service system 500 . In other words, since the predetermined software that implements the function of the authentication system 200 is installed in the service system 500, the authentication according to the technical idea of the present invention may be performed.

According to one embodiment, the authentication of the user according to the technical idea of the present invention may be performed for settlement. In this case, the data processing apparatus 400 may be a predetermined merchant terminal (a POS device installed in a store, a mobile merchant terminal, or the like). In this case, the user or the merchant can transmit the authentication request to the authentication system 200 by inputting identification information (e.g., telephone number) of the digital system 100 of the user to the merchant terminal.

In some cases, the user may notify identification information of his or her digital system 100 to a merchant site to perform payment at a remote site. Then, the merchant may transmit the authentication request to the authentication system 200 by inputting the identification information using the data processing apparatus 400, that is, a computer used at the merchant, or an affiliate terminal. If the authentication is successful by the authentication system 200, the payment requested by the data processing apparatus 400 may be finally approved. At this time, the service system 500 may be a predetermined card company system (or a financial institution system that performs card settlement).

In addition, the authentication request and the payment request need not necessarily be performed separately. That is, the authentication request according to the embodiment of the present invention may be performed simultaneously with a predetermined service request (for example, payment, etc.). In this case, identification information of the digital system 100 for the authentication request Of course. Such an example will be described in detail later with reference to FIGS. 4 and 5. FIG.

According to another embodiment, the authentication request may be output by the digital system 100 and transmitted to the authentication system 200 together with the acknowledgment signal or separately from the acknowledgment signal. Such an example will be described with reference to FIG.

When the authentication request is received and an acknowledgment signal is received from the digital system 100, the authentication system 200 performs an authentication check procedure as described above based on the received acknowledgment signal. If the authentication is successful, Can successfully process the authentication of the data processing apparatus 400 or the digital system 100. The service system 500 may then provide the data processing device 400 or a predetermined service requested by the digital system 100. Needless to say, another authentication of the user (for example, authentication using the authorized certificate, etc.) may be required after the authentication of the user according to the technical idea of the present invention succeeds.

In addition, the authentication procedure may further include authenticating user authentication information (e.g., PIN) of the user device 300. For example, when the user device 300 is a payment IC card, a password (i.e., a PIN number) set by the user may be preset in the user device 300. The user authentication information of the user device 300 may also be registered in the authentication system 200 in advance. Then, the authentication system 200 receives the user authentication information from the digital system 100 or the data processing apparatus 400, and if the received user authentication information corresponds to previously registered information, To be successful. Of course, the authentication of the user authentication information may be performed by the digital system 100 that communicates with the user device 300. In this case, the user authentication information of the user device 300 may be registered in the digital system 100 in advance.

The terminal identification information is information for identifying the hardware of the digital system 100 (e.g., USIM, identification information of a USIM, IMSI, IMEI, MAC Address, etc.). When the terminal identification information is included in the confirmation signal, the authentication system 200 can determine that the authentication confirmation procedure is successful only when the terminal identification information is registered in advance. Therefore, if the confirmation signal is not received through the digital system 100, which is a pre-registered terminal, even if the confirmation signal is transmitted to the authentication system 200 by a predetermined device, Therefore, there is an effect that a predetermined service may not be provided to the user. That is, it is possible to designate a digital system, thereby blocking unauthorized service requests through other terminals. Further, since an authentication action (payment authentication action) can be performed only through the designated digital system, there is an effect that smearing or manned middle attack can be prevented.

Meanwhile, the device one-time information generated by the digital system 100 is displayed by the digital system 100 (or, if the user device 300 has display means, displayed by the user device 300) , The user inputs the terminal's one-time information so that the inputted terminal's one-time information may be included in the confirmation signal. However, according to the embodiment of the present invention, the apparatus is automatically included in the confirmation signal without displaying the one-time information and inputting by the user, thereby providing convenience of the authentication operation by the user, The risk of information leakage through the network can be lowered. Of course, in this case, non-repudiation may be achieved by having the user enter the user authentication information (e.g., PIN) of the user device 300 or enter the terminal one-time information generated by the digital system 100 .

The authentication system 200 includes all systems participating in receiving an authentication request, communicating with the digital system 100 and / or the data processing apparatus 400, or in deciding whether to grant an authentication request Can be defined as meaning. Of course, the authentication system 200 does not mean only one physical device, but may be a system that is organically coupled to a plurality of devices or systems to implement the technical idea of the present invention. For example, the authentication system 200 may receive the authentication request directly from the digital system 100 or the data processing apparatus 400, or may receive the authentication request via the service system 500 as described above have.

For example, in the case of a payment service, the authentication system 200 can directly transmit a settlement request (the settlement request is an authentication request) from the data processing apparatus 400, for example, a user's computer, an affiliate store terminal Or may receive a payment request (authentication request) via the service system (e.g., web server 500 that provides an online marketplace). In this case, the authentication system 200 may be a credit card company system that can settle the settlement request (authentication request) using previously registered credit card information (the card company system in the present invention is not only an independent card company system, (Which means to include all financial institution systems (not shown) that perform card settlement). Also, according to an embodiment, a VAN system, a PG, or the like, which is connected to the card company system through a network and mediates a payment process, may be further included in the authentication system 200. [

Hereinafter, the process of authenticating the user according to the technical idea of the present invention will be described in more detail. Hereinafter, for convenience of explanation, the digital system 100 is implemented as a mobile phone, and the identification information of the digital system 100 used for the authentication request is a mobile phone number of the mobile phone as an example However, the scope of the present invention is not limited thereto.

2 shows a schematic configuration of a digital system according to an embodiment of the present invention.

Referring to FIG. 2, the digital system 100 includes a control module 110, a user equipment communication module 120, and a communication module 140. When the digital system 100 is implemented to generate terminal one-time information, the digital system 100 may further include a terminal authentication information generation module 130. [

Herein, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, each of the above configurations may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and may be a code physically connected to one another or a specific type of hardware May be easily deduced to the average expert in the field of the present invention. Thus, each of the above configurations refers to a combination of hardware and software that performs the functions defined herein, and does not mean a specific physical configuration.

The control module 110 may control the other components included in the digital system 100 such as the user device communication module 120, the terminal authentication information generation module 130, and / or the communication module 140 Functions and / or resources.

The user equipment communication module 120 may communicate with the user equipment 300. [ The communication may be contact or non-contact communication as described above. According to an example, the communication may be a contactless short range wireless communication (e.g., NFC communication). When the communication is the NFC communication, the user can be authenticated only by tagging the digital system 100 and the user device 300, so that the convenience of the user can be enhanced. In addition, even when the user device 300 is in a wallet or a pocket, the NFC communication can be performed without removing the user device 300, so that the convenience of authentication can be enhanced. The user equipment communication module 120 may be implemented by, for example, an NFC chip or a module provided in the digital system 100. In addition, it is a matter of course that the embodiment of the user equipment communication module 120 may be varied according to the embodiment of the communication performed by the digital system 100 and the user equipment 300.

The control module 110 may generate or transmit an acknowledgment signal according to the technical idea of the present invention.

The communication module 140 may communicate with the authentication system 200. And may perform communication with the data processing apparatus 400 according to an embodiment.

The control module 110 may communicate with the user device 300 through the user device communication module 120. Also, authentication information and / or device identification information may be received from the user device 300 according to an embodiment.

Also, the terminal identification information (or terminal one-time information) of the digital system 100 may be transmitted to the user device 300 through the user equipment communication module 120. The transmission of the terminal identification information (or terminal one-time information) may be performed when an authentication operation performed by a user, that is, an operation of communicating the digital system 100 and the user apparatus 300 is performed.

Of course, depending on the embodiment, the terminal identification information (or terminal one-time information) may be transmitted to the user device 300 separately from the authentication operation. For example, in the case of NFC communication, the user may have to perform a plurality of tagging. The terminal authentication information may be transmitted to the user device 300 through one of a plurality of tagging operations, and if another tagging operation is performed, the user may be regarded as having performed the authentication operation.

The terminal authentication information generation module 130 may generate (or extract) terminal authentication information (e.g., terminal one-time information or terminal identification information). The terminal authentication information generation module 130 may also generate the terminal one-time information based on the device identification information (or device one-time information) of the user device 300 or the identification information of the digital system 100 have.

The terminal authentication information acquired by the terminal authentication information generation module 130 may be transmitted to the user device 300. Based on the transmitted terminal authentication information, the user device 300 may generate authentication information have.

The device identification information may be irrelevant to the settlement financial information. For example, when the user device 300 is a payment card, the payment financial information (e.g., a card number) of the payment card may be the device identification information. However, according to the technical idea of the present invention, (For example, UID, etc.) irrelevant to the settlement financial information may be used as the device identification information.

Then, the control module 110 receives the authentication information generated by the user device 300, selectively generates an authentication signal including the terminal authentication information and / or device identification information, The communication module 140 can be controlled and transmitted to the authentication system 200.

Or may include an authentication request in the acknowledgment signal. Alternatively, the confirmation signal may include an authentication signal indicating an authentication result using the user authentication information. It should be understood that the acknowledgment signal is not limited to one information or a continuously transmitted signal, and the acknowledgment signal may be transmitted to the authentication system 200 discontinuously in a plurality of times according to an embodiment.

The authentication system 200 may then perform an authentication procedure based on an acknowledgment signal including the authentication information. If the authentication confirmation process is successful, the authentication system 200 can process the authentication request to the device (for example, the digital system 100 or the data processing device 400) that has output the authentication request . That is, the digital processing system 100 or the data processing apparatus 400 can successfully process the authentication request. For example, if the authentication confirmation process is successful, the authentication system 200 may transmit an authentication result indicating that the authentication of the user is successful to the data processing apparatus 400, the digital system 100, and / or the service system 500 Lt; / RTI >

Meanwhile, the communication module 140 may receive predetermined authentication action request information from the authentication system 200 or from the data processing apparatus 400. [ The authentication action request information may include information for requesting a user to perform an authentication operation, that is, to communicate the digital system 100 and the user device 300. [ For example, in the digital system 100, predetermined software for implementing the technical idea of the present invention can be installed, and the technical idea of the present invention can be implemented only when the software is executed. In this case, the digital system 100 may automatically perform communication with the predetermined authentication system 200 when the software is executed.

The authentication action request information may be displayed on a display device (not shown) included in the digital system 100. The user can confirm the authentication action request information and perform authentication by requesting the digital system 100 and the user device 300 by tagging.

The communication module 140 may receive the authentication action request information from the authentication system 200 or may receive the authentication action request information from the data processing device 400. Such an example will be described later with reference to Figs.

Meanwhile, the control module 110 may determine whether the user device 300 is a device forming a pair with the digital system 100. And transmit the confirmation signal to the authentication system 200 only when the user device 300 is a device forming a pair with the digital system 100. [ Of course, the procedure for authenticating such a pair may be performed by the authentication system 200 or the user device 300 as described above.

Also, the control module 110 requests predetermined user authentication information (e.g., PIN) before or after performing communication with the user device 300, and when the user authentication information is transmitted to the user device 300 (e.g., The terminal authentication information may be generated only when it corresponds to the authentication information (for example, PIN information) of the IC card for payment), or may transmit the confirmation signal including the authentication information acquired from the user device 300. [ It is possible to prevent the non-repudiation even if the user does not perform the process of checking the device one-time information or the terminal one-time information and directly inputting the device one-time information to the digital system 100 through the user authentication information.

If the user authentication using the user authentication information is not performed, the digital system may not transmit the confirmation signal to the authentication system 200. For example, the digital system 100 may receive the user authentication information in advance before communicating with the user device 300. Or may receive the user authentication information from the user after the communication is performed. If the user authentication information does not correspond to the information set in the user device 300 in advance, the confirmation signal may not be transmitted.

According to an embodiment, the user authentication using the user authentication information may be performed by the digital system 100 after the confirmation signal is transmitted. In this case, the digital system 100 may further transmit a predetermined authentication signal indicating the result of user authentication using the user authentication information to the authentication system 200 after transmitting the confirmation signal. Then, the authentication system 200 receiving the authentication signal may finally determine the success or failure of the authentication confirmation procedure. Or the digital system 100 transmits the user authentication information received from the user to the authentication system 200 and determines whether the user authentication information corresponds to the user device 300 by the authentication system 200 .

3 shows a schematic configuration of an authentication system according to an embodiment of the present invention.

3, an authentication system 200 according to an exemplary embodiment of the present invention includes a control unit 210, a communication unit 220, and an authentication unit 230. The authentication system 200 may further include a DB 240.

The configuration of the control unit 210, the communication unit 220, the authentication unit 230, and the DB 240 included in the authentication system 200 includes hardware for performing the technical idea of the present invention, And the functional and structural combination of the software. For example, each of the above configurations may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and may be a code physically connected to one another or a specific type of hardware May be easily deduced to the average expert in the field of the present invention. Thus, each of the above configurations refers to a combination of hardware and software that performs the functions defined herein, and does not mean a specific physical configuration.

Also, the authentication system 200 does not mean any physical device. That is, an average expert in the technical field of the present invention can easily deduce that the authentication system 200 can be implemented by organically combining different physical devices through a network.

The authentication system 200 may be included in the service system 500 or may be implemented in a system separate from the service system 500. In addition, the operating system of the authentication system 200 and the service system 500 may be the same or different.

The control unit 331 can control functions and / or resources of other components included in the authentication system 200 (e.g., the communication unit 220, the authentication unit 230, the DB 240, etc.) .

The communication unit 220 may perform communication with the digital system 100. In particular, the communication unit 220 may receive an acknowledgment signal from the digital system 100.

The authentication unit 230 may generate the server generation key as described above. Further, the authentication confirmation procedure can be performed based on the authentication information included in the confirmation signal. When the authentication information is generated based on the device one-time information and / or the terminal one-time information, the authentication unit 230 can generate server one-time information. Of course, an average expert in the technical field of the present invention can generate the server one-time information by using the same input values and algorithms as the input values and algorithms used when the device one-time information and / I can reason.

In addition, the device one-time information and / or the terminal one-time information may be information generated by using identification information of the corresponding device (or one-time information generated by the corresponding device). That is, the device one-time information may be information generated using up to the terminal identification information (or terminal one-time information). Also, the terminal's one-time information may be information generated by using up to the device identification information (or device one-time information).

In this case, the authentication unit 230 may generate server one-time information by further using identification information (or one-time information) of the corresponding device to authenticate the device one-time information (or terminal one-time information) .

Needless to say, the authentication unit 230 can authenticate a plurality of pieces of the authentication information when the authentication information includes a plurality of pieces of the authentication information. In addition, when the confirmation signal includes additional information other than the authentication information, authentication of the additional information can be performed as described above. Therefore, the authentication confirmation process may include an authentication process of authenticating the corresponding information corresponding to the authentication information, and may further include an authentication process of the additional information. Also, as described above, at least one of authentication of whether the digital system 100 and the user device 300 are paired and / or authentication of the user authentication information set in the user device 300 is selectively As described above.

If the authentication unit 230 has succeeded in the authentication process, the control unit 210 can successfully process the authentication request that is already received or the authentication request included in the confirmation signal. The control unit 210 may send a signal indicating the authentication result to the service system 500 for success processing.

The device identification information of the user device 300 and the terminal identification information of the digital system 100 may be stored in advance in the DB 240 as described above. Information on pair formation of the digital system 100 and the user apparatus 300, that is, information on which digital system 100 and which user apparatus 300 are formed in pairs, that is, pair setting information, Can be. Also, user authentication information corresponding to the user device 300 may be stored in advance.

The communication unit 220 may receive an authentication request from the data processing apparatus 400 or the digital system 100. Needless to say, the authentication request may include identification information (e.g., telephone number) of the digital system 100. Then, the control unit 210 may transmit authentication action request information to the digital system 100 or the data processing apparatus 400 through the communication unit 220. [ The user can confirm the authentication action request information and communicate the digital system 100 and the user device 300. [ Then, the communication unit 220 can receive an acknowledgment signal output from the digital system 100.

Then, the authentication unit 230 may perform the authentication procedure.

For this, the authentication unit 230 may obtain the authentication information from the authentication information. For this purpose, a protocol corresponding to the authentication information generation protocol such as decryption and decoding may be performed. Of course, it is also possible to generate server one-time information corresponding to the digital system 100 and server one-time information corresponding to the user apparatus 300, respectively. To this end, the authentication unit 230 may provide at least one input value (key or seed) for generating one-time information for each digital system 100 and / or for each user equipment 300, Shared with the digital system 100 and / or each user device 300, or may share the manner (or algorithm) of obtaining the at least one key. Of course, a function or algorithm for generating the server one-time information is also the same as the function or algorithm in which the digital system 100 or the user device 300 generates the terminal one-time information or the device 300 one-time information can do.

Meanwhile, when the authentication information corresponding to the authentication information includes the terminal identification information (or device identification information), the authentication unit 230 determines whether the terminal identification information (or the device identification information) (Or device identification information) by judging whether the terminal identification information (or device identification information) corresponds to information previously registered in the terminal identification information It can be judged that the procedure is successful.

The authentication unit 230 determines whether the digital system 100 and the user device 300 form a pair with each other based on information previously registered in the DB 240, The digital system 100 and the user device 300 form a pair to determine that the authentication confirmation procedure is successful.

When the user authentication information (for example, the PIN information of the payment card, etc.) of the user device 300 is received from the digital system 100, the authentication unit 230 transmits the user authentication information to the DB 240) to determine that the authentication check procedure is successful. Or may determine whether the authentication procedure is successful based on the authentication signal received from the digital system 100. [

4 to 9 show data flow of the authentication method using the user apparatus according to the embodiment of the present invention. 4 to 6 illustrate an embodiment in which only the terminal identification information is transmitted from the digital system 100 to the user device 300 through the authentication operation, and FIGS. 7 to 9 illustrate an embodiment in which the user device 300 300) of the mobile station transmits the terminal's one-time information.

FIG. 4 shows a schematic data flow of a user authentication method using a user apparatus according to an embodiment of the present invention.

4 illustrates an example in which an authentication request is made via the digital system 100. Referring to FIG. 4, the digital system 100 may send a predetermined authentication request to the authentication system 200 (S100 ). The authentication request is received through the communication unit 220 of the authentication system 200 and the control unit 210 may transmit the authentication action request information to the communication module 140 of the digital system 100 ). The authentication action request information may be displayed in the digital system 100. [

After confirming the authentication action request information displayed on the digital system 100, the user can communicate with the digital system 100 and the user device 300 (S120). The terminal identification information may be transmitted to the user device 300 through the communication. Then, the user device 300 may generate authentication information based on the terminal identification information and the device authentication information (i.e., device identification information or device one-time information) (S130). According to an embodiment, the user device 300 may generate device one-time information based on the terminal identification information and its identification information received through the communication, and generate the authentication information based on the generated device one-time information have. According to an embodiment, the user device 300 may generate the authentication information further based on the device identification information, apart from the device authentication one-time information.

Then, the digital system 100 can acquire the authentication information generated by the user device 300 from the user device 300 (S140).

The authentication information may be generated based on the device identification information and the terminal identification information. Alternatively, the authentication information may be generated based on device one-time information (in which device one-time information is information generated without using the terminal identification information) and the terminal identification information.

Or the authentication information may be generated on the basis of the device one-time information generated based on the device identification information and the terminal identification information. Of course, at this time, the authentication information may be generated based on the device identification information or the terminal identification information as well as the device one-time information.

Of course, the digital system 100 may generate terminal one-time information (S130-1). The control module 110 of the digital system 100 may control the terminal to generate the one-time information only when the communication is performed. In some cases, the terminal may generate the one-time information before the communication is performed (e.g., when the authentication-action request information is received) (S130-1).

The digital system 100 may include the authentication information and selectively transmit the terminal's one-time information and / or terminal identification information to the authentication system 200 in step S150.

As a result, the digital system 100 may include the authentication information generated by the user device 300 in the confirmation signal, and may generate the terminal's one-time information and / or its own terminal identification information It can be further included in the confirmation signal.

Then, the authentication system 200 can perform an authentication procedure based on the confirmation signal (S160). That is, the authentication procedure for authenticating the authentication information included in the confirmation signal and the authentication procedure for authenticating the terminal one-time information and / or the terminal identification information may be performed.

If the authentication verification procedure is successful, the authentication system 200 may transmit the authentication result to the digital system 100 (S170). Of course, if the digital system 100 accesses a predetermined service system 500 and then transmits the authentication request to the authentication system 200, the authentication system 200 transmits the authentication result to the service system 500 500).

FIG. 5 shows a schematic data flow of an authentication method using a user apparatus according to another embodiment of the present invention.

5, an example of an authentication request is performed by a predetermined data processing apparatus 400. Referring to FIG. 5, the data processing apparatus 400 receives an authentication request including identification information of the digital system 100 To the authentication system 200 (S200).

Or the authentication request includes information capable of specifying the digital system 100 (e.g., identification information of a user, etc.), and based on the information, the authentication system 200 identifies the digital system 100 Information can be judged.

The data processing apparatus 400 may be a computer or the like used by the user of the digital system 100. [ For example, the user can request an authentication online (S200) through a computer or the like, and in response, the authentication system 200 can transmit authentication action request information to the computer (S210-1). The user may perform an authentication operation to confirm the authentication action request information displayed on the computer and to communicate the digital system 100 and the user device 300 in operation S220.

According to an embodiment, the authentication system 200 may transmit authentication action request information to the digital system 100 (S210). Then, the user can perform the authentication operation in response to this (S220).

According to another embodiment, the data processing apparatus 400 may be an affiliate terminal. That is, the user may want to perform settlement. In this case, the authentication request may be a payment request. The user can notify the merchant in the off-line store of the identification information of his or her own digital system 100 or can input the identification information of the digital system 100 himself / herself. Alternatively, at a remote location, the user may request the merchant to perform a payment (authentication) request for a predetermined payment through telephone, messaging, or e-mail. Then, an authentication (payment) request may be transmitted to the authentication system 200 by inputting the identification information of the digital system 100 to the merchant terminal (S200). At this time, the authentication action request information may also be transmitted to the merchant terminal and / or the digital system 100 (S200, S200-1). In response, the user may communicate an authentication action, i.e., the digital system 100 and the user device 300 (S220).

Then, the digital system 100 can acquire the authentication information generated by the user device 300 (S230, S240). The authentication information may be generated based on the device identification information and the terminal identification information. Alternatively, the authentication information may be generated based on device one-time information (in which device one-time information is information generated without using the terminal identification information) and the terminal identification information.

Or the authentication information may be generated based on the device one-time information generated based on the device identification information and the terminal identification information. Of course, at this time, the authentication information may be generated based on the device identification information or the terminal identification information as well as the device one-time information.

Also, the digital system 100 may generate terminal one-time information (S230-1).

The digital system 100 may include at least the authentication information in the authentication system 200 and may include an authentication signal that further includes terminal identification information (or terminal one-time information) of the digital system 100, (S250).

Then, the authentication system 200 may perform an authentication procedure based on the confirmation signal (S260). That is, the authentication process may be performed to authenticate the authentication information included in the confirmation signal. The authentication procedure for authenticating the authentication information may include a procedure for authenticating the information to be authenticated corresponding to the authentication information. In addition, when the confirmation signal includes the terminal identification information (or terminal one-time information), the authentication confirmation procedure may further include a step of authenticating the terminal identification information (or terminal one-time information). Then, the authentication result may be transmitted to the digital system 100 (S270). Or may be transmitted to the data processing apparatus 400 (S270-1). Of course, the authentication result may be transmitted to the service system 500.

Meanwhile, the authentication request according to the embodiment of the present invention may be performed by a person other than the user of the digital system 100. For example, an authentication requester other than the user (that is, a person who performs authentication confirmation) such as a family member, a relative or an acquaintance of the user inputs the identification information of the user to the data processing apparatus 400, (200).

For example, when a non-user (authentication requestor) such as an authentication requestor who is an acquaintance of a user must log in to the user's web account, receives a certificate on behalf of a user, or requires payment by a third party, There may be a case where a service is to be provided from the service system 500. In this case, there has been a risk that information for authentication (for example, login information, authorized certificate password, card number, etc.) has to be informed to the authentication requester.

However, according to the technical idea of the present invention, the authentication request and the authentication operation can be performed in a spatially separated state, and the authentication request can be performed by the user without performing the authentication operation. It is not necessary to inform the user of the information.

Also, in the case of a payment service, when the authentication requester faces the identification information of the user or remotely notifies the affiliation shop side, the affiliate shop sends an authentication request (that is, a payment request ) To the authentication system (200). Of course, at this time, information on the authentication requester (for example, a name of a payment requester, a telephone number, etc.) may be further included, and information on the payment requester may be included in the authentication action request information.

In this case, the authentication system 200 may transmit authentication action request information to the digital system 100 of the user, and an authentication action as described above may be performed by the user. Then, if an authentication confirmation procedure is performed by the authentication system 200 and the authentication confirmation procedure is successful, the authentication (payment) result can be transmitted to the data processing apparatus 400 and the digital system 100.

4 and 5, since only identification information of the digital system 100 is required for an authentication request, there is an ease of requesting an authentication, and in order to perform an authentication operation, (E.g., tagging) the user device 300 with the user device 300. As described above, although the authentication request is easy and the authentication is easy, the security can be very high as described above. Also, as shown in FIG. 4 and FIG. 5, the user can easily determine whether the authentication request is allowed even in the two-channel authentication due to the ease of authentication request and the convenience of the payment confirmation operation. Further, The login information, the authorized certificate password, etc.), and can perform the authentication operation safely.

According to another embodiment, as shown in FIG. 6, when an authentication requestor, not a user, inputs identification information of the digital system 100 to the data processing apparatus (for example, a computer, a mobile terminal of an authentication requestor, , When the authentication requester faces the identification information of the user to the affiliate shop or remotely, the affiliate shop side inputs the identification information of the digital system 100 to the data processing device (for example, the affiliate shop terminal 400) . Then, the data processing apparatus 400 may transmit authentication action request information (that is, payment related information including payment details, etc.) to the digital system 100. Of course, in order to do so, predetermined software for implementing the technical idea of the present invention may be installed in the data processing apparatus 400.

The authentication action request information may include information on the merchant, payment details, and / or information on the payment requester. If the user confirms the authentication action request information and wishes to settle the settlement request corresponding to the authentication action request information, the user can perform the authentication operation as described above. The digital system 100 may then send an acknowledgment signal as described above to the authentication system 200. At this time, the confirmation signal may include not only the authentication information but also information necessary for a payment request (for example, information on a franchisee, payment details, etc.). That is, the confirmation signal may further include an authentication (settlement) request to be transmitted to the authentication system 200.

The authentication system 200 may then perform an authentication procedure based on the acknowledgment signal. The authentication system 200 can transmit the authentication result to the data processing apparatus 400 and / or the digital system 100. [0050] FIG. Of course, in the case of payment, if the authentication confirmation procedure is successful, the authentication system 200 or the service system 500 determines whether or not the payment is approved and transmits the payment result to the data processing apparatus 400 and / (100).

As a result, according to the technical idea of the present invention, it is possible to provide a solution with high security, which is very easy to perform authentication on behalf of a third party authentication requestor.

FIG. 6 shows a schematic data flow of an authentication method using a user apparatus according to another embodiment of the present invention.

6, when the user notifies or inputs the identification information of his / her digital system 100, the data processing apparatus 400 receives the identification information (S300) To the digital system 100 (S310).

For example, when the user notifies the identification information of his / her digital system 100 or inputs the payment information to his / her mobile terminal 400 without providing a payment card to the store, the data processing apparatus 400 may transmit the identification information (S300) and transmits the authentication action request information corresponding to the authentication to the digital system 100 (S310). The digital system 100 can then transmit an acknowledgment signal to the authentication system 200 by communicating the digital system 100 with the user device 300 sitting in the car or in the car, A payment request (i.e., an authentication request) corresponding to the digital signature can also be transmitted to the authentication system 200 by the digital system 100 and settlement can be easily performed. Therefore, in this case, the settlement financial information of the user device 300 as well as the user device 300 may not be transmitted to the merchant, which may be a safe settlement solution.

According to an embodiment, the data processing apparatus 400 and the digital system 100 may perform short-range wireless communication. In this case, the authentication action request information (payment related information) may be transmitted to the digital system 100 by the short distance wireless communication between the data processing apparatus 400 and the digital system 100. At this time, the identification information of the digital system 100 may not need to be input to the data processing apparatus 400.

For example, when the technical idea of the present invention is applied to a payment service, when a settlement amount is input to a data processing apparatus (for example, an affiliate terminal 400), the user inputs the digital system 100 to the data processing apparatus 400 It is possible to perform short-range wireless communication. Then, authentication action request information including payment related information (for example, payment details, merchant store identification information, etc.) including the payment amount may be transmitted to the digital system 100 through the short-range wireless communication at step S310. The user can then remotely communicate the digital system 100 with his / her user device (e.g., the payment IC card 300). With this two short-distance wireless communication, the user can easily make a payment. In this case, the identification information of the digital system 100 of the user is not required to be notified to the merchant, and the settlement financial information of the user device 300 may not be transmitted to the merchant.

When the authentication action request information (payment related information) is transmitted from the data processing apparatus 400 to the digital system 100, information (payment related information) necessary for an authentication request (payment request) May be included. When the authentication action request information is received, the authentication operation may be performed by the user (S320). Then, the authentication information generated by the user device 300 and the authentication request (payment request) may be included in the confirmation signal and transmitted to the authentication system 200 (S320, S330, S330-1, S340, S350 ). That is, the authentication request (payment request) may be output to the authentication system 200 separately before or after the confirmation signal is output to the authentication system 200. Of course, the authentication request (payment request) may be transmitted separately from the acknowledgment signal. In addition, as described above, the digital system 100 may further include the terminal identification information (or terminal one-time information) in the acknowledgment signal as described above. In addition, the embodiment of the authentication information may be as described in FIG. 4 or FIG.

Then, the authentication system 200 can perform an authentication procedure based on the confirmation signal (S360). If the authentication verification process is successful, the authentication result may be transmitted to the digital system 100 (S370-1). Of course, the data may be transmitted to the data processing apparatus 400 (S370). Or to a given service system 500.

7 to 9 show a case where the user device 300 uses the terminal's one-time information of the digital system 100 when generating the authentication information.

First, referring to FIG. 7, the embodiment shown in FIG. 7 can be performed in a manner similar to that shown in FIG. For example, the digital system 100 may transmit a predetermined authentication request to the authentication system 200 (S400). The authentication request is received through the communication unit 220 of the authentication system 200 and the control unit 210 may transmit the authentication action request information to the communication module 140 of the digital system 100 ).

After confirming the authentication action request information, the user can communicate with the digital system 100 and the user device 300 (S420). Upon receipt of the authentication action request information, the digital system 100 may generate terminal one-time information (S410-1). Of course, if the authentication action request information is received and the communication is performed, the terminal may generate the one-time information and transmit the created terminal's one-time information through the communication (S420).

In any case, the terminal's one-time information can be transmitted to the user equipment 300 through the communication.

Then, the user device 300 may generate authentication information (S430).

The authentication information may be generated based on the device identification information and the terminal one-time information. Alternatively, the authentication information may be generated based on device one-time information (in which device one-time information is information generated without using the terminal one-time information) and the terminal one-time information.

Or the authentication information may be generated based on the device one-time information generated based on the device identification information and the terminal one-time information. Of course, at this time, the authentication information may be generated based on not only the device one-time information but also the device identification information or the terminal one-time information. For example, in addition to the device one-time information, the device identification information or the terminal one-time information may be included in the authentication information.

Then, the digital system 100 may acquire the authentication information generated by the user device 300 (S440).

The digital system 100 may further include the terminal one-time information in the confirmation signal as well as the authentication information. Also, the terminal one-time information may be input by the user after being displayed by the digital system 100, and the entered terminal one-time information may be included in the confirmation signal or may be included in the authentication system 200). Or the digital system 100 may further include the terminal identification information in the confirmation signal as additional information.

In this case, if the authentication information is authenticated by the authentication system 200, the terminal's one-time information is authenticated. In addition, the terminal's one-time information or the terminal identification information may be further included in the confirmation signal instead of being used when the authentication information is generated. At this time, the effect that dual authentication is performed on the digital system 100 have.

The digital system 100 may include the authentication information obtained from the user device 300 in the confirmation signal and transmit the authentication information to the authentication system 200 (S450). According to an embodiment, the terminal identification information (or the terminal one-time information) can be further included in the acknowledgment signal as described above.

Then, the authentication system 200 may perform an authentication procedure based on the confirmation signal (S460). If the authentication verification procedure is successful, the authentication system 200 may transmit the authentication result, that is, the authentication of the user, to the digital system 100 (S470).

Of course, if the digital system 100 accesses a predetermined service system 500 and then transmits the authentication request to the authentication system 200, the authentication system 200 transmits the authentication result to the service system 500 500).

The embodiment shown in FIG. 8 may be the case where authentication is performed in a manner similar to that shown in FIG.

The data processing apparatus 400 may transmit an authentication request to the authentication system 200 by inputting the identification information of the digital system 100 (S500). In response, the authentication system 200 may transmit authentication action request information to the data processing apparatus 400 (S510-1). The user may perform an authentication operation to confirm the authentication action request information displayed on the data processing device 400 and to communicate the digital system 100 and the user device 300 in operation S520. According to an embodiment, the authentication system 200 may transmit authentication action request information to the digital system 100 (S510).

Then, the user can perform the authentication operation in response thereto (S520).

The digital system 100 can transmit the terminal's one-time information to the user device 300 through the authentication operation (S520), and the user device 300 can generate authentication information in response to the authentication ).

The terminal one-time information is generated by the digital system 100 and may be generated before the authentication action request information is received and the communication, i.e., the authentication action, is performed. Alternatively, when the communication is performed, the terminal's one-time information may be generated, and the terminal's one-time information generated through the communication may be transmitted to the user device 300.

The authentication information may be as described in FIG. That is, the authentication information may be generated based on the device identification information and the terminal one-time information. Alternatively, the authentication information may be generated based on device one-time information (in which device one-time information is information generated without using the terminal one-time information) and the terminal one-time information.

Or the authentication information may be generated based on the device one-time information generated based on the device identification information and the terminal one-time information. Of course, at this time, the authentication information may be generated based on not only the device one-time information but also the device identification information or the terminal one-time information. For example, in addition to the device one-time information, the device identification information or the terminal one-time information may be included in the authentication information.

Then, the digital system 100 may receive the device-specific authentication information generated by the user device 300 through the communication (S540). For example, the digital system 100 can perform both the transmission of the terminal's one-time information and the reception of the generated authentication information through one short-range wireless communication (e.g., tagging).

In addition, the digital system 100 may generate the terminal one-time information and / or the terminal identification information separately from the authentication information (S510-2) and may include the terminal identification information in the confirmation signal.

Then, the digital system 100 may transmit the confirmation signal including the authentication information and optionally the terminal identification information (or the terminal one-time information) to the authentication system 200 (S550).

In response, the authentication system 200 may perform an authentication procedure based on the confirmation signal (S560). If the authentication verification procedure is successful, the authentication system 200 may transmit the authentication result, that is, the authentication of the user, to the digital system 100 (S570). For example, if the authentication information included in the confirmation signal is authenticated by the authentication system 200, it means that the information used to generate the authentication information, that is, the terminal one-time information, is authenticated.

The embodiment shown in FIG. 9 may be the case where authentication is performed in a manner similar to that shown in FIG.

9, when the user notifies or inputs the identification information of the digital system 100 of the user, the data processing apparatus 400 receives the identification information (S600) and then transmits the authentication action request information (Or settlement related information) to the digital system 100 (S610).

When the authentication action request information is received, the digital system 100 transmits the terminal's one-time information to the user device 300, And may receive the generated authentication information based on the terminal's one-time information (S620, S630, S640). Since the embodiment of the authentication information is the same as that described with reference to FIG. 7 and FIG. 8, a detailed description will be omitted.

Also, the digital system 100 may include authentication information and terminal one-time information (or terminal identification information) in the confirmation signal as described above. Then, the digital system 100 may transmit the confirmation signal including the authentication information and optionally the terminal identification information (or the terminal one-time information) to the authentication system 200 (S660). The confirmation signal may further include an authentication request (payment request). Of course, the authentication request (payment request) may be transmitted separately from the acknowledgment signal. That is, the authentication request (payment request) may be output to the authentication system 200 separately before or after the confirmation signal is output to the authentication system 200.

Then, the authentication system 200 may perform an authentication procedure based on the confirmation signal (S660). If the authentication verification process is successful, the authentication result may be transmitted to the digital system 100 (S670-1). Of course, the data may be transmitted to the data processing apparatus 400 (S670). Or to a given service system 500.

FIG. 10 is a diagram illustrating a process of an authentication system performing an authentication procedure according to an embodiment of the present invention. Referring to FIG.

Referring to FIG. 10, the authentication unit 230 of the authentication system 200 may perform an authentication process. The authentication unit 230 may obtain an authentication signal including at least authentication information (S710). When the authentication information is generated based on the device one-time information and / or the terminal one-time information, the authentication unit 230 generates server one-time information (S711) The one-time information and / or the terminal one-time information correspond to the one-time information (S712). Of course, when the authentication information is not generated based on the device one-time information or the terminal one-time information, that is, when the authentication information is generated based on the device identification information and the terminal identification information, Device authentication and terminal authentication (i.e., authentication of digital system 100) may be performed based on the identification information (S720, S730).

Further, in addition to the authentication information, additional information (for example, device identification information or terminal one-time information (or terminal identification information)) may be further included in the confirmation signal by the digital system 100. In this case, the authentication unit 230 may perform device authentication and terminal authentication (i.e., authentication of the digital system 100) (S720, S730).

In addition, the authentication unit 230 may further perform pair authentication for authenticating whether the digital system 100 and the user device 300 participating in the authentication action are a pair, as described above (S740).

If it is determined that the authentication is successful (S760), it is determined that the authentication is unsuccessful (S750).

Also, FIG. 10 shows the case where the authentication of the device identification information, the authentication of the terminal identification information, and the authentication of the pair are sequentially performed, but the order of these authentication can be changed in any way.

11 is a diagram for explaining a process in which a digital system transmits an acknowledgment signal according to an embodiment of the present invention.

11, a user may input user authentication information (e.g., a PIN of a payment card) of the user device 300 through a predetermined application installed in the digital system 100 to perform an authentication operation (S800). Then, the digital system 100 and the user device 300 can communicate with each other (S810). Then, the digital system 100 can receive the device identification information of the user device 300 through the communication (S820).

The digital system 100 may perform user authentication to determine whether the user authentication information input from the user through the communication with the user device 300 corresponds to the information set in the user device 300 in operation S830. If the user authentication is successful, the digital system 100 generates an acknowledgment signal including the authentication information and transmits the acknowledgment signal to the authentication system 200 (S850). Of course, if the user authentication fails (S830), the digital system 100 can terminate the process (S860). It goes without saying that authentication of such user authentication information can be selectively performed.

According to an embodiment, the digital system 100 may perform pair authentication (S840). In step S850, the digital system 100 may transmit an acknowledgment signal to the mobile station 100 in order to verify that the pair authentication is successful.

In order for the digital system 100 to perform pair authentication, the device identification information of the user device 300 forming a pair with the digital system 100 may be registered in the digital system 100 in advance. According to an embodiment of the present invention, identification information or terminal identification information of the digital system 100 forming a pair with the user device 300 may be stored in the storage device of the user device 300. In this case, the digital system 100 may perform pair authentication by checking the information stored in the storage device.

In any case, if the digital system 100 and the user device 300 are not paired devices, the digital system 100 does not send the acknowledgment signal to the authentication system 200, (S860).

11 shows an example in which the user authentication is performed before the pair authentication, but it goes without saying that the pair authentication may be performed first.

Also, in FIG. 11, the user authentication information (e.g., PIN) of the user device 300 may be input at any time after the confirmation signal is transmitted to the authentication system 200 before the authentication confirmation process is terminated. That is, after the digital system 100 transmits the confirmation signal to the authentication system 200, the digital system 100 may receive user authentication information of the user device 300 from the user and authenticate the user. In this case, the digital system 100 may further transmit a predetermined authentication signal indicating the result of user authentication to the authentication system 200. Then, the control unit 210 included in the authentication system 200 may determine the success or failure of the authentication confirmation process after confirming the authentication signal.

According to an embodiment, the digital system 100 transmits user authentication information to the authentication system 200, and the authentication of the user authentication information may be performed by the authentication system 200. In this case, the digital system 100 may transmit the user authentication information to the authentication system 200 at any time before the payment request is approved by the authentication system 200. [ For example, the user authentication information may be included in the confirmation signal, and the user authentication information may be transmitted to the authentication system 200 at any time before or after the transmission of the confirmation signal. Then, the authentication unit 230 included in the authentication system 200 can perform the user authentication using the user authentication information of the user device 300 stored in the DB 240. And, if the user authentication is successful, it may be determined that the authentication confirmation process is finally succeeded.

12 is a diagram showing a schematic configuration of a user apparatus according to an embodiment of the present invention.

Referring to FIG. 12, the user device 300 may include an operation unit 310 and a communication unit 320.

The user device 300 may be implemented in various ways such as a smart card, an IC card, a transportation card, and a payment IC card capable of performing contact or non-contact communication with the digital system 100, as described above.

The computing means 310 may be an IC chip included in the IC card. The communication unit 320 may be implemented by an RF antenna or the like capable of performing communication with the digital system 100.

According to another embodiment, the user device 300 has its own identification information as the device owned by the user, and any type of device capable of communicating with the digital system 100 is possible. For example, the user device 300 may be a device (e.g., an electronic identification card) capable of proving an identity, a communicable OTP device, a transportation card, or a mobile phone of a user different from the digital system 100. In this case, the user equipment 300 may also be connected to various communication means (e.g., NFC chips, Bluetooth devices, RF antennas, etc.) capable of communicating with the digital system 100, ).

The communication means 320 can perform communication with the digital system 100, that is, communication for an authentication operation.

When the communication is performed, the computing means 310 can generate authentication information. The computing means 310 can generate the authentication information based on the identification information of itself, that is, the device identification information and / or the device one-time information and the terminal identification information and / or the terminal one-time information. According to an embodiment, the device one-time information may be generated based on the terminal identification information or the terminal one-time information.

The authentication information generated by the computing means 310 may be transmitted to the digital system 100 via the communication and an acknowledgment signal including the transmitted authentication information may be transmitted by the digital system 100 to the authentication system 100. [ (200). Then, an authentication confirmation procedure in which the transmitted confirmation signal is authenticated by the authentication system can be performed. If the authentication confirmation process is successful, the authentication request output from the data processing apparatus 400 or the digital system 100 to the authentication system 200 or the service system 500 connected to the authentication system 200 Success can be handled.

The authentication method using the user apparatus according to the embodiment of the present invention can be implemented as a computer-readable code on a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, an optical data storage device, and the like in the form of a carrier wave (for example, . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

Claims (31)

The digital system performing communication with a predetermined user device for authenticating the user;
Receiving the authentication information generated by the digital device by the digital device via the communication and transmitting an acknowledgment signal including the authentication information to the authentication system; And
And performing an authentication check procedure in which the transmitted confirmation signal is authenticated,
If the authentication confirmation process is successful, the authentication request output from the predetermined data processing device or the digital system to the authentication system or the service system connected with the authentication system is successfully processed,
The authentication information includes:
Terminal authentication information including terminal identification information of the digital system transmitted to the user apparatus through the digital system or terminal one-time information generated by the digital system, device identification information of the user apparatus, Is generated by the user device based on the device authentication information including the device one-time information of the device.
The information processing apparatus according to claim 1,
The terminal identification information, and the device identification information,
Wherein the authentication information is generated by the user device based on the terminal's one-time information and the device identification information.
The information processing apparatus according to claim 1,
Based on the first device one-time information and the terminal authentication information generated by the user device based on the device identification information,
Wherein the authentication information is generated based on second device one-time information generated by the user device based on the terminal authentication information and the device identification information.
The authentication method according to claim 1,
Further comprising the step of displaying the authentication action request information output by the authentication system which has received the authentication request including the identification information of the digital system output from the data processing apparatus, on the data processing apparatus or the digital system,
And when the authentication action request information is displayed, the digital system uses the user device performing the communication with the user device.
The authentication method according to claim 1,
Further comprising receiving, by the digital system, authentication action request information output from the data processing apparatus that has received the identification information of the digital system,
Wherein the digital system performs the communication with the user device when the authentication action request information is received.
The terminal device according to claim 2, wherein, when the authentication information is generated by the user device based on the terminal identification information and the device identification information, the terminal identification information and the device identification information Characterized in that the authentication confirmation procedure is successful if the acquired terminal identification information and the acquired device identification information are authenticated,
When the authentication information is generated by the user apparatus based on the terminal one-time information and the device identification information, the terminal one-time information and the device identification information are obtained from the authentication information by the authentication system, Wherein the authentication information is authenticated through server one-time information generated by the authentication system so that the information corresponds to the terminal one-time information, and the authentication confirmation procedure is successful if the device identification information is authenticated.
4. The information processing apparatus according to claim 3, wherein when the authentication information is generated based on the first device one-time information generated by the user apparatus based on the device identification information and the terminal authentication information, Wherein the first device one-time information and the terminal authentication information are obtained and authenticated through first server one-time information generated by the authentication system such that the first device one-time information corresponds to the first device one-time information, Characterized in that the authentication confirmation procedure is successful only when the authentication information is authenticated,
When the authentication information is generated based on the second device one-time information generated by the user apparatus based on the terminal authentication information and the device identification information, the authentication system generates the second device one- And the authentication confirmation procedure is successful if the second device one-time information is authenticated through the second server one-time information generated by the authentication system based on the terminal authentication information and the device identification information. Authentication method using a user device.
2. The method of claim 1, wherein transmitting the acknowledgment signal to the authentication system comprises:
The digital system further including the terminal authentication information in the confirmation signal and transmitting the terminal authentication information to the authentication system,
By the authentication system,
Wherein the authentication procedure is successful if the terminal authentication information is authenticated.
The authentication method according to claim 1,
Further comprising the step of the digital system determining whether the user equipment is a preset pair to correspond to the digital system,
And if it is determined that the user device is a predetermined pair, transmits the confirmation signal to the authentication system.
The authentication method according to claim 1,
The digital system or the authentication system requesting a user of the digital system for user authentication information corresponding to the user equipment; And
Further comprising the step of transmitting the input user authentication information in response to the request to the digital system or the data processing apparatus to the authentication system,
Wherein the authentication procedure is successful if the user authentication information is further authenticated by the authentication system.
Receiving an acknowledgment signal from the digital system when the digital system communicates with a predetermined user device, the acknowledgment signal including authentication information generated by the user device;
Performing an authentication verification procedure for the authentication system to authenticate the received confirmation signal; And
The authentication system successively processes the authentication request output from the predetermined data processing apparatus or the digital system to the authentication system or the service system connected to the authentication system,
The authentication information includes:
Terminal authentication information including terminal identification information of the digital system transmitted to the user apparatus through the digital system or terminal one-time information generated by the digital system, device identification information of the user apparatus, Wherein the device authentication information is generated by the user device based on the device authentication information including the device one-time information.
12. The method according to claim 11,
The terminal identification information, and the device identification information,
Wherein the authentication information is generated by the user device based on the terminal's one-time information and the device identification information.
12. The method according to claim 11,
Based on the first device one-time information and the terminal authentication information generated by the user device based on the device identification information,
Wherein the authentication information is generated based on second device one-time information generated by the user device based on the terminal authentication information and the device identification information.
The method according to claim 11, wherein the authentication method using the user device comprises:
The authentication system receiving the authentication request including identification information of the digital system from the data processing apparatus; And
Wherein the authentication system further comprises transmitting authentication action request information to the digital system or the data processing device in response to the reception,
Wherein the authentication system performs the authentication procedure after transmitting the authentication action request information and receiving the confirmation signal from the digital system.
13. The method of claim 12, wherein performing an authentication procedure to authenticate the authentication information based on the acknowledgment signal received by the authentication system comprises:
When the authentication information is generated by the user device based on the terminal identification information and the device identification information, the authentication system obtains the terminal identification information and the device identification information from the authentication information, Successively processing the authentication confirmation process before the identification information and the device identification information are authenticated; or
When the authentication information is generated by the user device based on the terminal one-time information and the device identification information, the authentication system obtains the terminal one-time information and the device identification information from the authentication information, Is authenticated through the server one-time information generated by the authentication system so that the terminal identification information is associated with the terminal's one-time information, and the authentication confirmation process is not performed until the device identification information is authenticated Using authentication method.
14. The method of claim 13, wherein performing an authentication procedure to authenticate the authentication information based on the acknowledgment signal received by the authentication system comprises:
When the authentication information is generated based on the first device one-time information and the terminal authentication information generated by the user apparatus based on the device identification information, the authentication system obtains, from the authentication information, the first device one- Wherein the terminal authentication information is authenticated through first server one-time information generated by the authentication system such that the first device one-time information corresponds to the first device one-time information, Processing the confirmation procedure successfully; or
When the authentication information is generated based on the second device one-time information generated by the user apparatus based on the terminal authentication information and the device identification information, the authentication system obtains the second device one- And successively processing the authentication confirmation procedure so that the second device one-time information is authenticated through the second server one-time information generated by the authentication system based on the terminal authentication information and the device identification information The authentication method using the user device.
12. The method of claim 11, wherein the acknowledgment signal further comprises the terminal authentication information,
Wherein the step of performing an authentication procedure for authenticating the authentication information based on the confirmation signal received by the authentication system comprises:
Authenticating the terminal authentication information included in the confirmation signal; And
And successively processing the authentication confirmation procedure if the terminal authentication information is further authenticated.
The method according to claim 11, wherein the authentication method using the user device comprises:
Further comprising the step of authenticating whether or not the pair is determined by determining whether the digital system to which the authentication signal transmitted the authentication signal and the user apparatus are previously set to correspond to each other,
And determining that the authentication confirmation procedure has succeeded if the pair status is authenticated.
The user device performing communication with the digital system for authentication;
The user device generating authentication information;
Transmitting the authentication information generated by the user device to the digital system;
Transmitting an acknowledgment signal including the transmitted authentication information to the authentication system by the digital system; And
Wherein the authentication confirmation procedure is performed in which the transmitted confirmation signal is authenticated by the authentication system,
If the authentication confirmation process is successful, the authentication request output from the predetermined data processing device or the digital system to the authentication system or the service system connected with the authentication system is successfully processed,
The authentication information includes:
Terminal authentication information including terminal identification information of the digital system transmitted to the user apparatus through the digital system or terminal one-time information generated by the digital system, device identification information of the user apparatus, Wherein the device authentication information is generated by the user device based on the device authentication information including the device one-time information.
The method according to claim 19, wherein the user authentication method using the user device comprises:
Further comprising the step of the user device determining whether the digital system is a preset pair corresponding to the user device,
Wherein the digital system generates the authentication information or transmits the generated authentication information to the digital system when the digital system is a preset pair.
20. The method as claimed in claim 19, wherein the user equipment generates authentication information by:
The user device generating the authentication information based on the terminal identification information and the device identification information; or
And the user device generates the authentication information based on the terminal one-time information and the device identification information.
20. The method as claimed in claim 19, wherein the user equipment generates authentication information by:
Generating the authentication information based on the first device one-time information and the terminal authentication information generated by the user device based on the device identification information; or
And generating the authentication information based on the second device one-time information generated by the user device based on the terminal authentication information and the device identification information.
22. A computer-readable recording medium having recorded thereon a program for performing the method according to any one of claims 1 to 22.
In a digital system,
A user device communication module for communicating with a user device for authenticating the authentication request;
And a control module for transmitting an acknowledgment signal to the authentication system when communication with the user device is performed through the user equipment communication module, wherein the acknowledgment signal includes authentication information generated by the user device,
By the authentication system,
Wherein the authentication request output from the predetermined data processing apparatus or the digital system to the authentication system or the service system connected with the authentication system is successfully processed when the authentication confirmation procedure in which the confirmation signal is authenticated is successful,
The authentication information includes:
Terminal authentication information including terminal identification information of the digital system transmitted to the user apparatus through the digital system or terminal one-time information generated by the digital system, device identification information of the user apparatus, The device authentication information being generated by the user device based on the device authentication information including the device one-time information.
The information processing apparatus according to claim 24,
The terminal identification information, and the device identification information,
Generated by the user device based on the terminal one-time information and the device identification information,
Based on the first device one-time information and the terminal authentication information generated by the user device based on the device identification information,
Based on the terminal authentication information and the device identification information, the second device one-time information generated by the user device.
25. The digital system of claim 24,
And a terminal one-time information generating module for generating the terminal one-time information.
A communication unit for receiving an acknowledgment signal output by the digital system when the digital system communicates with a predetermined user apparatus, the acknowledgment signal including authentication information generated by the user apparatus;
An authentication unit for performing an authentication procedure for authenticating the received confirmation signal; And
And a control unit for successively processing the authentication request output from the predetermined data processing apparatus or the digital system to the authentication system or the service system connected to the authentication system if the authentication confirmation procedure for authenticating the confirmation signal is successful,
The authentication information includes:
Terminal authentication information including terminal identification information of the digital system transmitted to the user apparatus through the digital system or terminal one-time information generated by the digital system, device identification information of the user apparatus, Wherein the authentication information is generated by the user device based on the device authentication information including the device one-time information.
The information processing apparatus according to claim 27,
The terminal identification information, and the device identification information,
Generated by the user device based on the terminal one-time information and the device identification information,
Based on the first device one-time information and the terminal authentication information generated by the user device based on the device identification information,
Wherein the authentication information is generated based on second device one-time information generated by the user device based on the terminal authentication information and the device identification information.
Communication means for performing communication with the digital system;
And calculation means for generating authentication information when the communication is performed through the communication means,
Wherein the authentication information generated by the computing means is transmitted to the digital system, and when an acknowledgment signal including the transmitted authentication information is transmitted to the authentication system by the digital system, the transmitted acknowledgment signal is transmitted by the authentication system An authenticating authentication procedure is performed,
If the authentication confirmation process is successful, the authentication request output from the predetermined data processing device or the digital system to the authentication system or the service system connected with the authentication system is successfully processed,
The authentication information includes:
Terminal authentication information including terminal identification information of the digital system transmitted to the user apparatus through the digital system or terminal one-time information generated by the digital system, device identification information of the user apparatus, The one or more device information being generated by the user device based on device authentication information including device one-time information.
30. The apparatus according to claim 29,
Generates the authentication information based on the terminal identification information and the device identification information,
Generating the authentication information based on the terminal one-time information and the device identification information,
Generates the authentication information based on the first device one-time information generated based on the device identification information and the terminal authentication information, or
And generates the authentication information based on the second device one-time information generated based on the terminal authentication information and the device identification information.
30. The apparatus according to claim 29,
Wherein the digital system determines whether the digital system is a preset pair corresponding to the user apparatus, and if the digital system is a predetermined pair, it generates the authentication information or transmits the generated authentication information to the digital system User device.

KR1020140010339A 2014-01-28 2014-01-28 Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof KR20150089569A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020140010339A KR20150089569A (en) 2014-01-28 2014-01-28 Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140010339A KR20150089569A (en) 2014-01-28 2014-01-28 Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof

Publications (1)

Publication Number Publication Date
KR20150089569A true KR20150089569A (en) 2015-08-05

Family

ID=53885987

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140010339A KR20150089569A (en) 2014-01-28 2014-01-28 Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof

Country Status (1)

Country Link
KR (1) KR20150089569A (en)

Similar Documents

Publication Publication Date Title
US10917405B2 (en) Methods and systems for providing FIDO authentication services
KR101542111B1 (en) Method for payment using card, digital system, and settlment side system thereof
US20230062507A1 (en) User authentication at access control server using mobile device
KR101467242B1 (en) Digital system for pair user authentication, authentication system, and providing method thereof
KR20140020337A (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR101574169B1 (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR20150077379A (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR20160084789A (en) Method for authentication, digital system, and authentication system thereof
KR101835718B1 (en) Mobile authentication method using near field communication technology
KR101491515B1 (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR20140117078A (en) Mobile payment system, mobile terminal, and mobile payment method
KR101603683B1 (en) Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof
KR101621265B1 (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR101875257B1 (en) Mobile authentication and/or moile payment method using near wireless communication with host computer
KR20160084786A (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR20150089569A (en) Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof
KR20140033189A (en) Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof
US11960581B2 (en) Mobile device secret protection system and method
KR20150088571A (en) Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof
KR20150075620A (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR20160111190A (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR20150083562A (en) Method for authentication using user apparatus, digital system, and authentication system thereof
KR20150075569A (en) Method for payment using card, digital system, and settlment side system thereof
KR20150075568A (en) Method for payment using card, digital system, and settlment side system thereof
KR20150072956A (en) Method for payment using card, digital system, and settlment side system thereof

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination