WO2014003406A2 - Système numérique sécurisé pour la nfc, système apparié constituant une paire avec celui-ci et méthode pour obtenir ceux-ci - Google Patents

Système numérique sécurisé pour la nfc, système apparié constituant une paire avec celui-ci et méthode pour obtenir ceux-ci Download PDF

Info

Publication number
WO2014003406A2
WO2014003406A2 PCT/KR2013/005590 KR2013005590W WO2014003406A2 WO 2014003406 A2 WO2014003406 A2 WO 2014003406A2 KR 2013005590 W KR2013005590 W KR 2013005590W WO 2014003406 A2 WO2014003406 A2 WO 2014003406A2
Authority
WO
WIPO (PCT)
Prior art keywords
otp
pair
secure digital
information
digital system
Prior art date
Application number
PCT/KR2013/005590
Other languages
English (en)
Korean (ko)
Other versions
WO2014003406A3 (fr
Inventor
김동진
김대진
심충섭
Original Assignee
주식회사 씽크풀
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 씽크풀 filed Critical 주식회사 씽크풀
Publication of WO2014003406A2 publication Critical patent/WO2014003406A2/fr
Publication of WO2014003406A3 publication Critical patent/WO2014003406A3/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices

Definitions

  • the present invention relates to an NFC secure digital system, a pair system paired with the NFC secure digital system, and a method of providing the same, and more particularly, security authentication information (eg, a security card number or an OTP) that is widely used to authenticate an individual.
  • security authentication information eg, a security card number or an OTP
  • the present invention relates to a system and a method of providing the same, which can dramatically increase security by requiring two independent devices to obtain (One Time Password)).
  • login authentication using login information authentication using a security card
  • authentication using a public certificate authentication using a public certificate
  • OTP One Time Password
  • login authentication is a method of authenticating a person who knows the login information as the user of the account corresponding to the login information without requiring any specific device, and authentication using an authentication certificate uses electronic data called an authentication certificate. Although it must have a digital data, it does not require a separate authentication device other than a system (eg, a user's computer, a mobile phone, etc.) requesting authentication.
  • the accredited certificate may be stored in the system requesting the certificate.
  • the authentication certificate may be stored in a separate device (eg, a mobile storage device such as a USB storage device), but the separate device may be a general data storage device. It is not required.
  • the security card or OTP generating device includes a specific person (in addition to the specific person, legal entities capable of legally independent acts, etc., in the present invention includes all of them in the sense that the specific person or specific person) to authenticate the specific person to the specific person.
  • a user requesting a predetermined service eg, login, financial transaction, etc.
  • the security card is mainly implemented to be easy for users to carry on a wallet or the like, when the information written on the security card is exposed or leaked due to the characteristics of the authentication method, the authentication function through the security card can no longer be expected.
  • authentication via OTP is a method of generating the same one-time password, that is, OTP using the same OTP generating logic (program) while the OTP authentication system and the OTP generating device share the OTP generating key (secret key). Therefore, since the OTP generating device requires a computing device, a storage device, and a power source, the OTP generation device is relatively less portable than the security card. Token-type OTP generating device has a relatively low portability, and recently, a card-type OTP generating device has been implemented and can be carried in a user's wallet. However, the card-type OTP generating device also requires a power source in order to generate the OTP, so it is restricted in the period of use, and it is also necessary to take out the card-type OTP generating device from the wallet and make an OTP generation request.
  • the user finds or pulls out a separate security device (for example, a security card or an OTP generating device) for authentication, not the system, for the security information required by the system requesting the current authentication, and manipulates or confirms it, and then again the system
  • a separate security device for example, a security card or an OTP generating device
  • the conventional OTP generating device has a problem of relatively low portability, and requires a power source, so a problem of having to issue a new OTP generating device when the power is depleted, and the risk of security when an illegal user occupies it is lost. Significantly higher problems exist.
  • the authentication method using a security device for example, a security card or OTP generating device, etc.
  • a security device for example, a security card or OTP generating device, etc.
  • the security device since the security device independently has all the security information (eg, the security card number) or generates the security information (OTP),
  • OTP security information
  • Patent document-Korean patent (Registration No. 10-1147921, "Card type OTP generating device")
  • the technical problem to be achieved by the present invention is not to be able to obtain security information through any one independent security device, but to have both systems (or devices) defined as a pair. It is to provide a system and a method of providing the same so that a user can obtain security information only when there is one.
  • the digital system that has obtained at least some of the security information has completed the use of the security information or the user
  • the present invention provides a system and a method for deleting the acquired information when the control for obtaining the security information is not performed.
  • the pair system stores the security information (for example, security code, that is, security card number)
  • security information for example, security code, that is, security card number
  • the system and a method for providing the security information can be obtained only through a digital system paired with the pair system To provide.
  • the present invention provides a system and a method of providing the same to enable the security card to be stored and used in a mobile like M-OTP and to solve the security problem.
  • the present invention provides a system and method for reinforcing a security function by solving the limitation of the number of such security information.
  • security devices used by service systems eg, financial institutions, websites, etc.
  • service systems eg, financial institutions, websites, etc.
  • security devices eg, a security card or an OTP generating device, etc.
  • the security information can be obtained through the digital system without removing the security device from the wallet, thereby reducing the risk of losing the security device and allowing the user to easily obtain the security information. It is to provide a system and a method thereof.
  • the security digital system, pair system, or both that can participate in the acquisition of security information while being robust to the attack of the secure digital system. It is to provide a system and a method capable of controlling all.
  • Security digital system for solving the above technical problem is a communication system for performing NFC (Near Field Communication) and a pair system for storing at least one of a display device, security code or OTP information,
  • NFC Near Field Communication
  • the communication module is tagged with the pair system at least once, control to receive at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system through the communication module.
  • a control module configured to store registration system information including at least one of identification information of the secure digital system or identification information of the pair system in at least a portion of the security code or the authentication system for authenticating the OTP.
  • the secure digital system or NFC performing NFC communication At least one of the machines is to be corresponding to the registration system information stored in the authentication system characterized in that the authentication can be succeeded by the authentication system.
  • the control module controls at least a portion of the received or generated security code or the OTP to be displayed on the display device, or at least a portion of the received or generated security code or the OTP is displayed on the secure digital system. It may be characterized in that the automatic input to the input UI, or to transmit at least a portion or the OTP of the security code received or generated to a predetermined authentication system.
  • the pair system may store information for specifying a user of the pair system, and authentication may be successful only if the secure digital system corresponds to information for specifying the user.
  • the control module stores identification information of the pair system predefined to pair with the secure digital system, at least a portion of the security code, at least a portion of the OTP information only from the pair system corresponding to the identification information, Alternatively, the OTP may be controlled to receive the OTP based on the OTP information from the pair system.
  • the control module may receive only a request security code requested from a predetermined authentication system among the security codes from the pair system.
  • control module may receive a first OTP generation key included in the OTP information from the pair system, and generate the OTP using the received first OTP generation key. have.
  • the control module When the tagging is performed, the control module further receives OTP generation program information for generating the OTP from the pair system, and generates the OTP using the received OTP generation program information and the first OTP generation key, Before the tagging, the OTP may be generated using the OTP generating program information stored in the secure digital system and the received first OTP generating key.
  • the control module may generate the OTP using the first OTP generation key received from the pair system and a second OTP generation key shared by the secure digital system and the authentication system.
  • the secure digital system may further include a security module for performing a security procedure such that at least a portion of the security code or at least a portion of the OTP information received from the pair system is not stored in the secure digital system.
  • the security module determines at least a portion of the security code or at least a portion of the OTP information received by the NFC communication module, at least a portion of the received security code or when the predetermined time elapses from the determined time. At least a portion of the received security code or at least a portion of the OTP information is deleted if at least a portion of the OTP information is deleted, or if the requested security code of the security code or the OTP is transmitted to the authentication system connected through the network with the secure digital system. Or deleting at least a part of the received security code or at least a part of the OTP information when the requesting security code or the requesting means for requesting the OTP among the security codes is deactivated in the secure digital system.
  • the pair system paired with a secure digital system for solving the technical problem is a storage device for storing at least one of a security code or OTP information and a communication device for performing NFC (Near Field Communication) communication with the secure digital system
  • NFC Near Field Communication
  • At least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information is transmitted to the secure digital system by the communication device to authenticate at least a portion of the security code or the OTP.
  • the authentication system stores registration system information including at least one of identification information of the secure digital system or identification information of the pair system, wherein at least one of the secure digital system or the pair system that has performed the NFC communication is configured to perform the authentication.
  • the authentication can be successful by the authentication system to correspond.
  • the secure digital system performs at least one tagging with a pair system storing at least one of a security code or OTP information, and the secure digital system tags the at least one tag.
  • Receiving at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system, and at least a portion of the security code received from the pair system by the secure digital system Or display the OTP generated based on at least a portion of the OTP received from the pair system or the OTP information received from the pair system, automatically input into a predetermined input UI, or transmit to a predetermined authentication system.
  • At least a part of a code or an authentication system for authenticating the OTP stores registration system information including at least one of identification information of the secure digital system or identification information of the pair system, and performs the NFC communication.
  • authentication may be successful by the authentication system only when at least one of the pair systems corresponds to the registration system information stored in the authentication system.
  • a pair system In a method of providing a pair system paired with a secure digital system for solving the technical problem, a pair system is provided by storing at least one of a security code or OTP information, and the pair system is tagged with the secure digital system at least once. And transmitting, by the pair system, at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information to the secure digital system, at least a portion of the security code.
  • the registration system information including at least one of identification information of the secure digital system or identification information of the pair system is stored in the authentication system for authenticating the OTP, and the secure digital system or the pair system performing the NFC communication. At least one of the authentication system The authentication may be successful by the authentication system only when it corresponds to the registration system information stored in the authentication system.
  • a user may not acquire security information through any one independent security device, but only when the user has both a digital system and a pair system that are determined to form a pair. Since the user can acquire the security information, even if any one system is lost or stolen, the other person cannot obtain the security information.
  • the digital system since the pair system stores or generates the security information, and the digital system can simply receive it, use it for authentication, and immediately delete it, the digital system can provide the security information. It is possible to reduce the risk of leakage or exposure of at least a portion of the security information through a digital system that may occur by storing or generating. Therefore, there is an effect that the risk of leakage of security information, which may occur as the number of systems (or devices) involved in obtaining security information, increases.
  • a pair system or a digital system stores security information (eg, a security code, that is, a security card number)
  • security information eg, a security code, that is, a security card number
  • the user does not input the requested security information after visually confirming the security information and then enters the digital system. Since it can be obtained through the security information to be input, that is, the time required to confirm the requested security code is reduced and false confirmation is reduced, as well as the number of security codes to be assigned to a specific person on the conventional security card Even more significantly, the time required for authentication using the security information can be reduced rather than increased, so that the security time is increased and the time required for authentication is rather reduced.
  • the pair system stores or generates security information
  • at least a part of the security information can be obtained through a digital system. Therefore, when the pair system is carried in a wallet, the pair system does not need to be taken out of the wallet. In addition to increasing convenience, there is an effect that can reduce the risk of loss or theft.
  • security devices used by service systems eg, financial institutions, websites, etc.
  • service systems eg, financial institutions, websites, etc.
  • security devices eg, a security card or an OTP generating device, etc.
  • the key corresponding to the pair system is used for generating the OTP, but also a key corresponding to the digital system may be used, so that security may be maintained even if the OTP generation key of any one system that may occur may be leaked. .
  • the secure digital system and the pair system communicate through the NFC tagging, there is an effect that can be easily obtained security information.
  • the security information is obtained unnecessarily when tagging that the user does not want, or the security information through tagging while the unauthorized user does not recognize It can reduce the risk of learning.
  • the security card mounted on the secure digital system is output only when the paired system communicates with the secure digital system equipped with the security card or the mobile OTP (M-OTP) generating device through wireless communication such as NFC tagging. Or OTP is generated, there is an effect that can solve the security problem that is the biggest weakness of the mobile security card or OTP generating device.
  • M-OTP mobile OTP
  • registration system information including identification information of a secure digital system and / or a pair system, which can acquire security information according to the technical idea of the present invention, may be stored in advance, so that the registration system information (
  • the registration system information includes not only identification information of a secure digital system and / or a pair system actively registered by the user, but also a secure digital system corresponding to the user based on information extracted or stored in advance in the authentication system; And / or tagging the secure digital system and / or the pair system corresponding to the identification information of the pair system). Therefore, even if the generated information for generating security information is leaked, the security information generated by a system not registered in the authentication system has an effect of preventing the authentication from succeeding.
  • the identification information of both the secure digital system and the pair system is stored as the registration system information in the authentication system, only the secure digital system and the pair system have been registered beforehand so that authentication through the secure information can succeed. It has the effect of bringing up.
  • FIG. 1 is a view showing a schematic system configuration for implementing a secure digital system according to an embodiment of the present invention.
  • FIG. 2 is a view showing a schematic configuration of a secure digital system according to an embodiment of the present invention.
  • FIG. 3 is a diagram illustrating an example of a method in which a secure digital system and a pair system form a pair according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating an example of a method in which a secure digital system and a pair system form a pair according to another embodiment of the present invention.
  • FIG. 5A is a diagram for describing a process of obtaining a request security code by a secure digital system according to one embodiment of the present invention
  • 5B is a diagram for describing a process of acquiring a request security code by a secure digital system according to another embodiment of the present invention.
  • 5C is a diagram for describing a process of acquiring a request security code by a secure digital system according to another embodiment of the present invention.
  • FIG. 6 is a diagram illustrating a method for obtaining an OTP by a secure digital system according to an embodiment of the present invention.
  • FIG. 7 is a schematic flowchart illustrating a process of performing a security procedure by a secure digital system according to an embodiment of the present invention.
  • FIG. 8 is a view showing a schematic configuration of a pair system according to an embodiment of the present invention.
  • FIG. 9 is a diagram illustrating an example in which a secure digital system acquires security information by performing tagging with a pair system according to an embodiment of the present invention.
  • FIGS. 10 to 11 are diagrams illustrating an example in which a secure digital system according to an embodiment of the present invention obtains security information by performing a plurality of tagging.
  • the component when one component 'transmits' data to another component, the component may directly transmit the data to the other component, or through at least one other component. Means that the data may be transmitted to the other component.
  • FIG. 1 is a view showing a schematic system configuration for implementing a secure digital system according to an embodiment of the present invention.
  • a secure digital system 100 and a pair system 200 may be provided.
  • the secure digital system 100 is capable of communicating with the pair system 200 using a predetermined communication protocol, and includes all types of data processing apparatuses having data processing capabilities capable of performing the functions defined herein. It can be defined to mean.
  • the digital system 100 is illustrated only in the form of a mobile phone in FIG. 1, implementation examples of a computer, a laptop, a tablet, an IPTV, a smart TV, a set-top box, a remote control, a home automation device, and the like may vary.
  • the secure digital system 100 may be a system accessible to a wired or wireless network. And a predetermined service system (not shown) can be connected. Then, the service system may request security information for authentication to the secure digital system 100 directly or through a predetermined authentication system 300.
  • a web client for example, a browser, etc.
  • a predetermined application installed in the secure digital system 100
  • It can also be connected through an application. It can be easily inferred by those skilled in the art that the secure digital system 100 and the service system can be connected in various other ways.
  • the authentication system 300 may be the service system or an internal system of the service system, or may exist as a separate system from the service system and may be connected to the service system through a wired / wireless network to correspond to the service. It may be a system that performs.
  • the security information may be, for example, a security code (ie, security card numbers recorded on a security card) or OTP (One TIme Password), but is not limited thereto. Any information that may authenticate a user may be used. Information may be included.
  • a security code ie, security card numbers recorded on a security card
  • OTP One TIme Password
  • the security information may be stored in the pair system 200 or may be predetermined information stored in the pair system 200, that is, information generated by the generated information. That is, the pair system 200 may store the security information itself, or may store generation information for generating the security information.
  • the security information may be obtained through the secure digital system 100 or through the pair system 200.
  • the secure digital system 100 and the pair system 200 are in a paired state or at least one pair must be paired so that the security information is transmitted to the user through the secure digital system 100 or the pair system 200.
  • at least one pairing may mean, for example, that the secure digital system 100 and the pair system 200 perform NFC communication through tagging.
  • pairing may be performed for a relatively short time when tagging is performed.
  • the security information may be information which is not changed since it is predefined such as a security code used for a security card.
  • the pair system 200 may store information for generating the security information when the security information is generated when a predetermined event occurs, such as a real time or a user's request. .
  • One such example may be authentication via OTP.
  • the pair system 200 may store the security information, that is, information (eg, OTP generating program (or logic), OTP generating key, etc.) for generating the OTP in the pair system 200.
  • the information stored in the pair system 200 may be all of information necessary to generate the OTP, or only some of them.
  • the information used to generate the OTP without being stored in the pair system 200 may be information stored in the secure digital system 100 or obtained in real time (eg, time information).
  • the user may obtain the security information (eg, security code or OTP) through the secure digital system 100.
  • the security information may be obtained through the pair system 200.
  • the user may acquire the security information only when the secure digital system 100 and the pair system 200 are paired as described below or at least once.
  • Acquiring the security information by the user means that the security information is provided to the user in a state that the user can recognize, or the security information is automatically inputted by the user even though the user does not recognize the security information. This may mean a case where the security information is transmitted to a predetermined authentication system 300 that is input to the input UI to be requested or requests the security information.
  • the authentication system may mean a system for requesting security information obtained according to the technical idea of the present invention.
  • the authentication system includes not only an authentication server that directly performs authentication of security information obtained by the technical idea of the present invention, but also includes at least one system connected to the authentication server on a path through which the security information is transmitted to the authentication server. It can be defined to mean. For example, when a user makes an online payment, when a predetermined payment system requests security information and the user inputs the security information, the input security information may be transmitted to a predetermined authentication server through the payment system.
  • the payment system and / or the authentication server may be an authentication system of the present invention.
  • the authentication system may be connected to the secure digital system 100 or a separate data processing apparatus 400 used by a user of the secure digital system 100 through a network.
  • a user may access a predetermined service system through the secure digital system 100, and the service system may request security information from the secure digital system 100 for a specific service (eg, login, financial transaction, etc.). . Then, the user may check the security information through the secure digital system 100 or through the pair system 200 according to the technical idea of the present invention.
  • the checked security information can be directly input into the service system.
  • the security information may be obtained through the secure digital system 100, and the obtained security information may be automatically input to an input UI to which security information should be input or transmitted to the service system.
  • the service system may directly transmit the received security information to the authentication server capable of authenticating or performing authentication, through which the security information may be authenticated.
  • the service system may be an authentication system 300.
  • the data processing apparatus 400 may be a system independent of the secure digital system 100.
  • the secure digital system 100 may be a mobile phone, and the data processing device 400 may be a separate computer used by a user of the mobile phone.
  • the user may access the service system through a separate data processing device 400. Then, the service system may request security information from the data processing apparatus 400. Then, a user may obtain security information through the secure digital system 100 or the pair system 200 according to the technical idea of the present invention, and input the obtained security information into the data processing apparatus 400. It may be. In any case, a user must occupy both the secure digital system 100 and the pair system 200 to obtain the security information.
  • the pair system 200 may store a security code. Then, the user may obtain the security code using the secure digital system 100 in which the pair system 200 and the pair are formed.
  • the secure digital system 100 may receive the entire security code from the pair system 200 or may receive only a part of the security code. In case of only partial reception, the secure digital system 100 may receive only a request security code currently requested by the predetermined authentication system 300.
  • At least a part of the security code is the secure digital system when a predetermined event occurs when the secure digital system 100 and the pair system 200 are paired. 100 may be received.
  • the predetermined event may be, for example, when a user inputs a security code request (or request security code request) to the secure digital system 100 or when a user performs a predefined action in the pairing state. It may be an event in which every user or the secure digital system 100 is determined to request security information. Whether the event occurs may be determined by the control module 110.
  • the secure digital system 100 may receive at least a portion of the secure code. That is, at this time, while tagging is performed, it is in a pairing state, and the act of tagging itself may be an event requesting the security code.
  • the user may check all or part of the security code through a display device provided in the secure digital system 100 and directly input a predetermined input UI displayed on the secure digital system 100.
  • a display device provided in the secure digital system 100 and directly input a predetermined input UI displayed on the secure digital system 100.
  • the input UI may be loaded in the data processing apparatus 400. That is, a user may access a service system (not shown) to use a predetermined service using the data processing apparatus 400, and the service system may request predetermined security information.
  • the request for the security information may be performed by the service system to the data processing apparatus 400.
  • the user may acquire the security information using the secure digital system 100 and the pair system 200 while using the data processing apparatus 400.
  • the request for security information may be performed by the authentication system 300.
  • the service system and the authentication system 300 may be the same system or a system connected to each other.
  • the requested security code among the received security codes may be automatically input to the input UI.
  • this case may be the case where the secure digital system 100 loads the input UI.
  • the input request security code may be displayed in a form that the user does not recognize (eg, "**").
  • the request security code is transmitted to the authentication system 300 by selecting a user predetermined UI (for example, the 'confirmation' button, etc.), the authentication system 300 compares the received request security code with the pre-stored information Authentication can be performed.
  • the secure digital system 100 may automatically transmit the requested security code to the authentication system 300 after receiving the request security code from the pair system 200.
  • the secure digital system 100 may request only the request security code from the pair system 200.
  • the secure digital system 100 may receive all of the security codes and display only the corresponding security codes, or automatically input the requested security codes into the input UI.
  • the user may obtain the request security code through the pair system 200.
  • the pair system 200 may include a display device.
  • the pair system 200 and the secure digital system 100 must maintain pairing or perform at least one pairing (ie, tagging, etc.), so that the pair system 200 may be disconnected.
  • the pair system 200 may display all or part of the security code on the display device provided in the pair system 200 only when there is a request for obtaining the security code from the user.
  • a tagging action itself may be a request for obtaining the security code.
  • a user obtains at least a portion of the security code through the secure digital system 100 or at least a portion of the security code through the pair system 200, or in any case while pairing is maintained or at least At least a part of the security code can be obtained only by performing pairing once.
  • the pair system 200 may store OTP information.
  • the OTP information may include at least an OTP generation key.
  • the OTP information may include OTP generation program information.
  • time information may be further used as a key according to the OTP generation algorithm.
  • the OTP generation key may be shared by the pair system 200 and the authentication system 300.
  • the user may obtain an OTP through the secure digital system 100.
  • the secure digital system 100 may obtain at least a portion of the OTP information from the pair system 200 and generate an OTP using at least a portion of the obtained OTP information.
  • the secure digital system 100 may receive the OTP generated by the pair system 200.
  • at least a part of the OTP information or reception of the OTP is in a state in which the pair system 200 and the secure digital system 100 are paired or pairing (eg, tagging) is performed at least once. Can be performed.
  • the secure digital system 100 may receive at least the OTP generation key from the pair system 200.
  • the OTP generation program may be received from the pair system 200 or may be received from the authentication system 300. Then, the secure digital system 100 may generate an OTP using the received OTP generating key and the OTP generating program.
  • additional information may be further used as a generation key for the secure digital system 100 to generate an OTP.
  • time information may be used as an additional key.
  • the secure digital system 100 may further use a secret key shared by itself and the authentication system 300 to generate the OTP. That is, in this case, the secure digital system 100 may include the OTP generation key (hereinafter referred to as a first OTP generation key), which is a secret key received from the pair system 200, and the secure digital system 100 and the authentication system ( An OTP may be generated using a second OTP generated key, which is shared by 300, and two secret keys. In this case, even if either secret key is leaked and the OTP generating program is known, the OTP cannot be generated, thereby increasing the security.
  • the authentication system 300 may know in advance the first OTP generation key, the second OTP generation key, and the OTP generation program information. Then, the generated OTP is displayed through a display device provided in the secure digital system 100, and the user may directly input a predetermined OTP input UI displayed in the secure digital system 100.
  • the generated OTP may be automatically input to the OTP input UI.
  • the input request security code may be displayed in a form that is not recognized by the user (for example, "**"). Then, by selecting a user predetermined UI (for example, 'confirm' or 'send' button, etc.)
  • the OTP is transmitted to the authentication system 300, and the authentication system 300 may perform authentication by comparing the received OTP with the OTP generated by the OTP.
  • the secure digital system 100 may automatically transmit the generated OTP to the authentication system 300 after generating the OTP.
  • Embodiments in which the OTP is automatically input or transmitted may be applied similarly to the embodiment of the security card.
  • the generation of the OTP may be performed by the pair system 200.
  • the pair system 200 may be implemented to generate the OTP only when pairing with the secure digital system 100 is maintained or at least once pairing is performed.
  • the pair system 200 may have to be provided with a power source.
  • a predetermined UI for receiving an OTP generation request from a user may be provided.
  • the pair system 200 may generate the OTP using a first OTP generation key and an OTP generation program stored therein.
  • the second OTP generation key may be received from the secure digital system 100, and an OTP may be generated using the received second OTP generation key.
  • the OTP generated by the pair system 200 may be identified by a user.
  • the pair system 200 may include a predetermined display device. After confirming the displayed OTP, the user may input the OTP into a predetermined OTP input UI loaded in the secure digital system 100 or the data processing apparatus 400.
  • the OTP generated by the pair system 200 may be transmitted to the secure digital system 100 again.
  • the transmitted OTP may be automatically input to an OTP input UI or automatically transmitted to the authentication system 300 through the secure digital system 100.
  • the user may tag the secure digital system 100 and the pair system 200 only once to provide necessary security information. Acquisition via the secure digital system 100 or through the pair system 200. Alternatively, the security information may be obtained to the user only after tagging a plurality of times.
  • the secure digital system 100 tags with the pair system 200
  • the secure digital system 100 performs at least a part of a security code from the pair system 200 through the single tagging, OTP information. At least a portion of the, or OTP.
  • the secure digital system 100 may generate an OTP based on the received information.
  • the pair system 200 may treat the tagging as an OTP generation request signal and generate an OTP, and generate the OTP to the secure digital system 100.
  • the secure digital system 100 transmits request security code identification information for specifying a request security code among the security codes to the pair system 200, and the pair system 200 requests After extracting the request security code using the security code identification information, the request security code may be transmitted to the secure digital system 100. That is, the process of the pair system 200 such as the extraction of the request security code or the generation of the OTP information as described above, and the transmission of the request security code or the transmission of the OTP after the process is performed during one tagging is performed. May be performed.
  • the user may tag the secure digital system 100 and the pair system 200 a plurality of times to obtain finally necessary security information. For example, in the case of tagging once, transmission of the requested security code identification information from the secure digital system 100 to the pair system 200, transmission of an OTP generation request, and the like may be performed as described above. Then, the pair system 200 may extract the request security code or generate OTP information. After the tagging is performed again, the requested security code may be transmitted to the secure digital system 100 or the generated OTP may be transmitted to the secure digital system 100.
  • the process to be performed in order for the secure digital system 100 to obtain security information may be performed in a plurality of times, and may be performed in a plurality of times.
  • the process may be performed each time a plurality of taggings are each performed.
  • Pair authentication process for authenticating whether it is a system and if the authentication is successful, the security code is transmitted from the pair system 200 to the secure digital system 100 may be two processes.
  • the two processes may be performed by one tagging or each process may be performed every time tagging is performed.
  • the pair authentication process may or may not be performed.
  • a process that may be performed may include a pair authentication process and transmission of the request security code identification information. , Extraction of the request security code, and transmission of the extracted request security code. All four processes may be performed while one tagging is performed, or at least one process may be performed each time a plurality of taggings are performed. At this time, the extraction process of the request security code does not necessarily need to be performed while tagging is performed, and may be performed by the pair system 200 itself after tagging is performed. In addition, the pair authentication process may or may not be performed.
  • a process that can be performed includes a pair authentication process, reception of at least a portion of the OTP information, and OTP using the received information. It can be produce. Even in this case, all three processes may be performed while one tagging is performed. Alternatively, a single tagging process may be performed only until reception of a pair authentication process and at least a portion of the OTP information, and OTP generation may be performed by the secure digital system 100 after tagging.
  • the pair authentication process may optionally be performed. Alternatively, the three processes may be dividedly performed while each of a plurality of tagging is performed or after each tagging is performed.
  • a process that may be performed may be a pair authentication process, an OTP generation request transmission, an OTP generation, or a transmission of the generated OTP. Even in this case, all processes may be performed through one tagging or may be dividedly performed through multiple taggings. Each process may be performed while tagging is performed according to the characteristics of the process, or may be performed after tagging is performed.
  • the secure digital system 100 and / or the pair system 200 may perform a pair authentication procedure. That is, a process for acquiring security information as described above may be performed only when tagging is performed with a system determined to be paired in advance.
  • the secure digital system 100 may store identification information of the pair system 200 in advance.
  • a pair authentication procedure may be performed by obtaining and comparing identification information of the pair system 200.
  • identification information of the secure digital system 100 may be stored in the pair system 200.
  • the pair authentication procedure may be performed in a similar manner. In any case, when the secure digital system 100 and / or the pair system 200 previously record identification information of a paired system, a pair authentication procedure may be performed.
  • the secure digital system 100 may be accessible to the security code. However, even in this case, the secure digital system 100 may access the security information in a state in which pairing is maintained with the pair system 200 or in a state in which pairing (eg, tagging) has been performed at least once.
  • the secure digital system 100 receives a request of a specific security card number, that is, a request security code from the security code assigned to the user from the authentication system 300.
  • Means for requesting this request security code eg, web page, frame, or predetermined UI, etc.
  • the user may receive the security code through the data processing apparatus 400 separate from the secure digital system 100.
  • the secure digital system 100 may display the entire stored security code or only the requested security code on the display device provided in the secure digital system 100. Then, the user can check the requested security code of the displayed security code and input it to the input UI.
  • the secure digital system 100 may automatically extract only the request security code and automatically input the input UI.
  • only the requested security code may be extracted and automatically transmitted to the authentication system 300.
  • the secure digital system 100 may identify identification information (for example, 6 :: 51, 14: 75 ** may be input 6, 14 indicating the sequence number, or may receive the identification information from the authentication system 300, and automatically analyzes the information displayed on the secure digital system to identify the identification information. You can also check.
  • identification information for example, 6 :: 51, 14: 75 ** may be input 6, 14 indicating the sequence number, or may receive the identification information from the authentication system 300, and automatically analyzes the information displayed on the secure digital system to identify the identification information. You can also check.
  • the pair system 200 may be simply implemented as any kind of system that can form a pair with the secure digital system 100.
  • the security code or the request security code is secured. It may be displayed on the digital system 100, automatically input to a predetermined UI, or transmitted to the predetermined authentication system 300.
  • the secure digital system 100 may store the generated information, that is, the OTP information in advance.
  • the OTP information may further include OTP generation program information.
  • OTP generation program information when the secure digital system 100 is a smart phone, a conventional technology for generating an OTP is well known as a M-mobile-OTP technology.
  • the OTP information in the present invention may further include a second OTP generation key corresponding to the secure digital system 100.
  • Information about the OTP generation program may be received from the authentication system 300 or other predetermined system (eg, financial institution system, administrative institution system, etc.).
  • the secure digital system 100 may not generate an OTP using only the OTP information stored therein, but the pairing with the pair system 200 is maintained. Or have a technical configuration capable of generating the OTP only during or after pairing (eg, tagging) is performed at least once. By having such a technical configuration, there is an effect that can solve the security problem that was the biggest weakness of the conventional M-OTP technical configuration.
  • the secure digital system 100 may further use time information and the like as a generation key in addition to the second OTP generation key to generate the OTP.
  • the secure digital system 100 may generate an OTP jointly with the pair system 200.
  • the secure digital system 100 may generate the OTP using a first OTP generation key, which is a secret key corresponding to the pair system 200, with a second OTP generation key.
  • the secure digital system 100 may receive the first OTP generation key from the pair system 200.
  • the tagging may be performed several times, instead of once, so that the secure digital system 100 may generate the OTP.
  • the process performed when each tagging is performed may vary depending on implementation. According to an example, when a particular tagging is performed among the multiple times of tagging, none of the processes to be performed to obtain security information may be performed. In this case, the specific tagging may simply have a meaning of tagging to fill a predetermined plurality of times of tagging.
  • the pair system 200 may be a system or a device capable of communicating with the digital system 100.
  • the pair system 200 may store security information or generation information for generating the security information as described above.
  • the pair system 200 may include a security code and / or OTP information.
  • the pair system 200 may be implemented as an IC card (or smart card) that can store the security code and / or OTP information. That is, the pair system 200 may be a system in which its own power source does not exist. For example, the pair system 200 has a unique computing power and storage capacity, a system in which a predetermined RF communication device for the technical idea of the present invention is added to an IC card or a smart card that a user can perform a financial transaction. Can be.
  • it may be a data processing system including a storage device for storing the security code and / or OTP information, the power source is present.
  • a smart card or tablet PC or a card-type OTP card or security card having a power source may be implemented as the pair system 200.
  • the pair system 200 may be a device capable of selectively providing a security code to a user or generating an OTP.
  • the pair system 200 generates and displays at least a part or OTP of the stored security code only in a state in which pairing with the secure digital system 100 is maintained or at least once paired or after. May be a system. Accordingly, if the pairing is not maintained or at least once paired or after, the pairing system 200 may not provide the security code to the user or generate the OTP.
  • the pair system 200 may simply be a system or device for forming a pair with the secure digital system 100.
  • the pair system 200 simply includes at least a communication device capable of communicating with the secure digital system 100, and provides identification information of the secure digital system 100 or the pair system 200. It may be provided with a storage device for storing.
  • a predetermined communication device for implementing the technical idea of the present invention may be connected to the secure digital system 100 and / or the pair system 200 through a predetermined interface (for example, a USB interface). It may be.
  • a predetermined interface for example, a USB interface
  • the secure digital system 100 is a desktop PC
  • a predetermined communication device for implementing the technical idea of the present invention may be connected to the desktop, and the communication device connected to the desktop is connected to the technical idea of the present invention. It can also function as a pair module.
  • the pair system 200 may simply be a system for forming a pair only with the secure digital system 100 according to the technical idea of the present invention.
  • the pair system 200 may be implemented as a system 220 implemented to have only a minimum of functions capable of pairing with the secure digital system 100, and the pair system 200 may have a predetermined communication.
  • It may be an RF tag or a communication device itself in which a device (eg, an RF communication device (antenna, etc.) is included.
  • the RF tag or communication device eg, RF communication device, etc.
  • the pair system 200 may be implemented to be attached or inserted into a target object such as a predetermined object or device.
  • the pair system 200 may have a predetermined adhesive surface or may have a housing to be fitted to the target object.
  • the target object may be variously determined by a user's selection.
  • the pair system 200 may be a system in which a communication device (for example, an RF communication device) for the pairing function is embedded in an object made for a separate function.
  • a communication device for example, an RF communication device
  • a wide variety of embodiments may be possible, such as a USB storage device, a security card, an OTP generator, a watch, a bracelet, and a smart card.
  • the pair system 200 may be implemented in a wide variety of forms as long as it includes a communication device capable of pairing with the digital system 100.
  • the pair system 200 may be implemented by attaching a predetermined communication device for implementing the technical idea of the present invention to a conventional OTP generating device and performing a function defined herein.
  • the pair system 200 may be implemented by attaching a predetermined storage device, a communication device, and the like to a conventional security card to implement the technical idea of the present invention.
  • Pair formation may refer to a series of processes or procedures in which the secure digital system 100 and the pair system 200 are set to form a pair.
  • the pair system 200 may be a system determined by the manufacturer or distributor of the pair system 200 or the secure digital system 100 to be paired with a specific secure digital system 100 in advance, or by a user.
  • the system may be implemented to be paired with the digital system.
  • the manufacturer of the secure digital system 100 may determine the pair system 200 that may be paired with the digital system 100 in advance.
  • a manufacturer or distributor of the secure digital system 100 may provide a tag device that may be paired with the digital system 100.
  • the object to which the tag device is attached may be implemented as the pair system.
  • a user may select the pair system 200 to be paired with the secure digital system 100.
  • the pair system 200 may be issued to a user by an operator of a financial transaction system or an operator of the authentication system 300.
  • the pair system 200 may be a financial transaction means that can be distributed by a predetermined financial institution.
  • a financial institution that operates a financial transaction system may implement a credit card or a security card as the pair system 200 and issue it to a user.
  • a tag device that may be attached to the pair system 200 or the pair system 200 may be provided by various companies such as an OTP, a security card, a smart card, and the like, or various entities such as an authentication authority. It may be.
  • pair formation may be performed by storing identification information for identifying the paired system 200 or the paired secure digital system 100 that the paired secure system 100 or the paired system 200 pairs. Can be.
  • This procedure can be defined as a pair formation procedure.
  • the pair authentication procedure may be performed before the pairing is formed to implement the technical spirit of the present invention.
  • the pair forming procedure may include a process in which the secure digital system 100 or the pair system 200 receives identification information of the pair system 200 or the digital system 100. That is, the secure digital system 100 and the pair system 200 may perform the pair forming procedure through direct communication (for example, various RF communication or NFC communication). According to an embodiment, the pair forming procedure may be performed by a user through the application or software (eg, an OS) to the digital system 100 or the pair system 200 through the pair system 200 or the digital system ( It may also be performed by inputting the identification information of 100).
  • the application or software eg, an OS
  • the secure digital system 100 or the pair system 200 may store identification information of the pair system 200 or the secure digital system 100, which form a pair in advance, and the information may not be changed. have.
  • the person who wants to acquire the security information can acquire the security information only if he or she owns or occupies both the secure digital system 100 and the pair system 200. Therefore, even if any one system is lost or stolen, the security information used for authentication of the user may not be leaked.
  • the pair system 200 when the pair system 200 is implemented so that the user can arbitrarily attach or insert to a target object such as a predetermined object, etc., it is difficult for others to recognize what the target object is, so that an illegal user may use the security information. It may be difficult to even specify what the pair system 200 is required for obtaining. Therefore, there is also an effect that can prevent the loss or theft of the pair system 200 itself.
  • the user has to communicate with the secure digital system 100 or the pair system 200 and the pair system 200 or the secure digital system 100 previously set as a pair of secure information Or finally, user authentication may succeed.
  • the authentication system 300 may specify a device that can participate in obtaining security information according to the spirit of the present invention or finally succeed in authentication.
  • the registration system information including the information (identification information) may be stored in advance.
  • the authentication system 300 authenticates the security information input from the secure digital system 100 or the data processing apparatus 400, and together with the secure digital system 100 participating in NFC communication to obtain the secure information.
  • the authentication system 300 may determine that user authentication is successful only when the pair system 200 corresponds to information stored in the registration system information.
  • the registration system information is stored in the authentication system 300, only one of the secure digital system 100 or the pair system 200 that can obtain the security information may be specified.
  • security information may be obtained only when two devices formed as pairs exist in advance.
  • the effect may be similar to that of pairing at the user device. have.
  • the secure digital system 100 may be attacked by a malicious attacker, and thus, the paired system 200 formed as a pair even though the paired system 200 formed as a pair does not actually perform NFC communication. If there is a risk that can be disguised as if the NFC communication, but the identification information of the secure digital system 100 and the pair system 200 is stored in advance by the authentication system 300, such a secure digital system 100 ) Has a relatively safe effect on attacks.
  • the predetermined secure digital system 100 and the predetermined pair system 200 may perform NFC communication. Then, the secure digital system 100 may obtain security information according to the technical idea of the present invention.
  • the secure digital system 100 may transmit the secure information obtained to the authentication system 300.
  • the secure digital system 100 may further transmit identification information of the secure digital system 100 and / or identification information of the pair system 200 to the authentication system 300.
  • the authentication system 300 may authenticate the validity of the security information received from the secure digital system 100.
  • the authentication system 300 may determine whether the received security information corresponds to a predetermined security code previously stored in the authentication system 300 or an OTP generated by the authentication system 300. Can be.
  • the authentication system 300 may authenticate the validity of the system participating in the acquisition of the security information. To this end, the authentication system 300 may determine whether the identification information of the received secure digital system 100 and / or the pair system 200 corresponds to registration system information previously stored in the authentication system 300. In addition, the authentication system 300 may finally determine that authentication is successful only when the validity of the system is authenticated. Then, the authentication system 300 or a predetermined service system connected to the authentication system 300 is requested by the data processing apparatus 400 used by the secure digital system 100 or the user of the secure digital system 100. Can provide services.
  • the authentication system 300 may authenticate the validity of the system after authenticating the security information, but may also verify the validity of the security information after first authenticating the validity of the system.
  • Whether or not the paired state may be determined according to whether a communication state between the secure digital system 100 and the pair system 200 satisfies a predetermined criterion.
  • the communication state may depend on the distance between the digital system 100 and the pair system 200.
  • the secure digital system 100 and the pair system 200 may perform wireless communication (eg, RF communication). Therefore, the communication environment between the secure digital system 100 and the pair system 200 may be further affected.
  • wireless communication eg, RF communication
  • the communication state dominates the distance between the secure digital system 100 and the pair system 200. Can be assumed to be affected.
  • the distance is close enough may not be paired.
  • the secure digital system 100 and the pair system 200 may perform communication. Alternatively, even when communication is performed, it may mean that a signal having a predetermined size or more may be transmitted to the secure digital system 100 and / or the pair system 200. That is, in a general communication environment, the secure digital system 100 and the pair system 200 exist within a communication distance that can communicate with each other, or when they exist within a predetermined distance shorter than the communication distance. can do.
  • communication between the secure digital system 100 and the pair system 200 may be performed in various ways. And it is well known that in this manner, the distance and / or environment in which pairing is possible may vary.
  • Communication between the secure digital system 100 and the pair system 200 may be, for example, various embodiments, such as Bluetooth, NFC, infrared communication, optical communication.
  • a communication device for such communication may be provided in the secure digital system 100 and the pair system 200, respectively.
  • the secure digital system 100 and the pair system 200 may perform RF communication.
  • the digital system 100 and the pair system 200 may perform communication using a wireless standard protocol such as Bluetooth, Zigbee, or the like.
  • the pair system 200 may also have its own power supply or may be a system that can receive power from the outside.
  • Zigbee communication there may be an advantage that communication is possible at a lower power than Bluetooth.
  • the secure digital system 100 and the pair system 200 may perform various short range wireless communication (eg, IrDA, UWB, etc.), and according to the type of wireless communication, the secure digital system 100 And the pair system 200 may be provided with a predetermined configuration for the environment required for the corresponding wireless communication.
  • various short range wireless communication eg, IrDA, UWB, etc.
  • the pair system 200 may be a system driven by an RF signal output from the secure digital system 100 without its own power supply. That is, RFID communication or NFC communication may be performed.
  • the pair system 200 may be implemented as an RFID tag or a predetermined device including the RFID tag.
  • the secure digital system 100 may serve as a reader capable of communicating with the RFID tag. Then, the secure digital system 100 may output a predetermined RF signal to search the pair system 200 or receive predetermined information stored in the pair system 200.
  • the communication distance between the digital system 100 and the pair system 200 may vary according to the output power of the secure digital system 100.
  • the pair system 200 may be implemented to be carried in a user's wallet. Then, when the user possesses the secure digital system 100, a communication protocol capable of performing contactless communication with the pair system 200 located in a wallet may be selected to implement the technical idea of the present invention. . In addition, a configuration to which such a communication protocol is applicable may be provided in the secure digital system 100 and the pair system 200.
  • a user can obtain security information through the secure digital system 100 without taking out the pair system 200 from the wallet. Acquiring such security information may be possible only when a pairing state is maintained or when at least one tagging is performed. In the state where the pairing state is maintained, the user may make a predetermined input or request, and then security information may be obtained. Alternatively, tagging itself may be treated as an act of requesting the security information.
  • the secure digital system 100 and the pair system 200 periodically determine whether a pairing state is maintained while performing communication, and the secure digital system 100 and the pair system only when a pairing is required. 200 may be paired through a predetermined pair formation procedure and / or pair authentication procedure.
  • a user may set the secure digital system 100 within a predetermined distance to pair the secure digital system 100 with the pair system 200. Positioning the pair system 200 in the pair system 200 or positioning the pair system 200 within a predetermined distance of the secure digital system 100 may be performed.
  • the secure digital system 100 may include a near field communication (NFC) chip, and the secure digital system 100 and the pair system 200 may perform NFC communication.
  • the user may perform pairing by placing the secure digital system 100 and the pair system 200 within a predetermined distance (eg, 10 cm), that is, tagging.
  • a user may bring the secure digital system 100 close to his wallet. That is, tagging can be performed. Then, the secure digital system 100 is paired with the pair system 200 in the wallet, and at this time, predetermined information for implementing the technical idea of the present invention may be exchanged.
  • security information eg, security code, request security code, or OTP
  • the user may obtain security information (eg, security code, request security code, or OTP) through the secure digital system 100. That is, the security information may be checked through a display device provided in the secure digital system 100.
  • security information may be automatically input to a predetermined UI or transmitted to the authentication system 300. Acquisition of security information may occur automatically when a user performs tagging, or may be acquired only after a predetermined input or request is made through the secure digital system 100 after tagging.
  • the user may finally obtain desired security information only after performing a plurality of tagging. Some of the processes required to obtain security information during or after each tagging may be performed sequentially.
  • the secure digital system 100 may form a pair with the pair system 200.
  • the pair system 200 may be implemented in various forms. For example, it may be implemented by a card 201 including an IC chip, or may be implemented by another digital system 202.
  • the secure digital system 100 may communicate with a predetermined authentication system 300 through a wired or wireless network.
  • the authentication system 300 may communicate with a separate data processing apparatus 400 used by a user of the secure digital system 100 through a wired or wireless network.
  • the authentication system 300 receives security information (eg, security code or OTP) from the secure digital system 100 or the data processing apparatus 400, and / or an authentication server for authenticating the received security information. It may include an authentication server and at least one network system existing on the secure digital system 100 or the data processing apparatus 400.
  • security information eg, security code or OTP
  • the authentication system 300 may record information about a security code assigned to a user. Alternatively, the authentication system 300 may share the first OTP generation key with the pair system 200. In some implementations, the authentication system 300 may share the second OTP generation key with the secure digital system 100.
  • the authentication system 300 may be an authentication system 300 provided for each service system (for example, a web server for providing a web site, a system of a financial institution), or a system in which a plurality of service systems are commonly connected for authentication. It may be.
  • each service system for example, a web server for providing a web site, a system of a financial institution
  • a system in which a plurality of service systems are commonly connected for authentication It may be.
  • the authentication system 300 may generate an OTP in the same manner as the secure digital system 100 or the pair system 200.
  • FIG. 2 is a view showing a schematic configuration of a secure digital system according to an embodiment of the present invention.
  • the secure digital system 100 includes a control module 110 and a communication module 120.
  • the secure digital system 100 may further include a security module 140 and / or a display module 150.
  • the module may mean a functional and structural combination of hardware for performing the technical idea of the present invention and software for driving the hardware.
  • the module may mean a logical unit of a predetermined code and a hardware resource for performing the predetermined code, and does not necessarily mean a physically connected code or a kind of hardware. Can be easily inferred by the average expert in the art.
  • the control module 110 is a function of other components (eg, the communication module 120, the security module 140, and / or the display module 150) included in the secure digital system 100. Or you can control resources.
  • the communication module 120 may be referred to as an NFC communication module when the secure digital system 100 uses NFC communication.
  • the communication module 120 may communicate with the pair system 200 that forms a pair with the secure digital system 100. As described above, the communication protocol used by the communication module 120 may vary.
  • the control module 110 may determine whether the communication module 120 and the pair system 200 are in a pairing state. Alternatively, it may be determined whether pairing has been performed at least once. In the case of determining whether it is in a pairing state, the communication module 120 and the pair system 200 may communicate with each other even when a predetermined distance or more is separated as described above, and the communication module 120 periodically This may be the case when communicating with the pair system 200. As the communication module 120 periodically communicates, the control module 110 may determine whether the communication module 120 is in a pairing state with the pair system 200.
  • the control module 110 may determine whether the communication module 120 has been in a pairing state at least once within a predetermined time.
  • the communication module 120 may perform NFC communication with the pair system 200.
  • the control module 110 may determine that the condition for obtaining the security information (hereinafter, referred to as the 'security information acquisition condition') is satisfied even if tagging is performed only once.
  • the security information acquisition condition is satisfied only by tagging multiple times.
  • predetermined processes for acquiring the security information through the secure digital system 100 or the pair system 200 may be performed thereafter.
  • the tagging is performed a plurality of times, as described above, some of the processes may be performed before a predetermined number of tagging is performed.
  • control module 110 may determine that the security information acquisition condition is satisfied when the communication module 120 is currently in a pairing state with the pair system 200, and within a predetermined time, the communication module ( 120 and the pair system 200 may determine that the security information acquisition condition is satisfied only when pairing is performed at least once. As a result, the control module 110 may determine whether the security information acquisition condition is satisfied.
  • control module 110 may control the user to acquire security information through the secure digital system 100. Alternatively, only some processes for acquiring the security information may be performed before the security information acquiring condition is satisfied.
  • control module 110 may perform a predetermined control to automatically obtain the security information, and to obtain the security information only when a predetermined input or request is received from a user. Can also be controlled.
  • the security information may be, for example, at least a part of a security code assigned to the user, or may be an OTP.
  • the pair system 200 may store the security code information.
  • the pair system 200 may store generation information necessary for generating the OTP, that is, OTP information.
  • the control module 110 may control the communication module 120 to receive at least a portion of the security code.
  • the user may acquire at least a part of the received security code.
  • the user may acquire at least a portion of the security code, as described above, by outputting at least a portion of the security code to the display module 150 provided in the secure digital system 100 so that the user can visually check. It includes case.
  • the control module 110 may receive the entire security code from the pair system 200, or may receive only the required security card number, that is, the requested security code, from the pair system 200.
  • FIG. 5 One such example is shown in FIG. 5.
  • FIG. 5A is a diagram illustrating a process of obtaining a request security code by a secure digital system according to an embodiment of the present invention
  • FIG. 5B is a view illustrating a process of obtaining a request security code by a secure digital system according to another embodiment of the present invention
  • 5C is a diagram for describing a process of obtaining a request security code according to another embodiment.
  • the authentication system 300 may request a predetermined request security code for authenticating a user to the secure digital system 100 (S10).
  • the user may request a service from a predetermined service system (not shown) using the secure digital system 100. Therefore, when a user wants to use a service by accessing a predetermined service system (not shown) using a separate data processing apparatus (eg, PC, laptop, etc.) 400 instead of the secure digital system 100, The authentication system 300 may of course request the request security code to the data processing apparatus 400. The user may then request the request security code to the pair system 200 through the secure digital system 100.
  • a case of accessing the service system (not shown) using the secure digital system 100 will be described as an example.
  • the request security code may mean a security card number selected for current authentication among security codes 10 previously assigned to a user.
  • the secure digital system 100 When the authentication system 300 requests the request security code from the secure digital system 100, the secure digital system 100 has predetermined request means (for example, a page, a frame, a UI, Objects, etc.) may be loaded.
  • predetermined request means for example, a page, a frame, a UI, Objects, etc.
  • the control module 110 may determine whether the current security information acquisition condition is satisfied, and if it is satisfied, may request the security code 10 to the pair system 200 (S20). Then, the communication module 120 may receive the security code 10 (S30). When the security code is received, the control module 110 may display the security code on the display device through the display module 150 (S40). According to the embodiment, only the information required to confirm the request security code or the request security code of the security code may be displayed.
  • the user may input the request security code into a predetermined input UI (eg, reference numeral 13 of FIG. 5C) and request the secure digital system 100 to transmit the request security code to the authentication system 300.
  • a predetermined input UI eg, reference numeral 13 of FIG. 5C
  • the security module 140 included in the secure digital system 100 is secured to delete the received security code when it is determined that the use of the security code is completed or the current user does not intend to use the security code
  • the procedure may be performed (S50).
  • the request means (eg, page) of the security code as shown in FIG. 5C may be deactivated. If deactivated, the requesting means is minimized on the secure digital system 100 and is not recognized by the user, the requesting means is terminated or closed, or is present in a lower layer of another layer on the display layer. This may vary. The case in which the requesting means is deactivated may be defined in advance in the security module 140.
  • the security module 140 may delete the security code automatically received when the security code is received from the pair system 200 by a predetermined time.
  • the security module 140 performs a security procedure so that the information received from the pair system 200 may be temporarily stored in the secure digital system 100 only when necessary and then deleted again. Therefore, the information received from the pair system 200 by a malicious attack after being stored in the secure digital system 100 may be prevented from being leaked or exploited.
  • This security procedure is such that the secure digital system 100 receives the OTP from the pair system 200 or receives information (eg, the first OTP generation key and / or OTP generation program information, etc.) that can generate the OTP. The same applies to the case.
  • information eg, the first OTP generation key and / or OTP generation program information, etc.
  • Figure 5a has been described as a case of receiving the entire security code from the pair system 200 as an example, as shown in Figure 5b, only the information requested from the authentication system 300, that is, the request security code only the pair system 200 Can also be received from.
  • the authentication system 300 may request the request security code 11 from the secure digital system 100 (S11). Then, the requesting means as shown in FIG. 5C may be loaded into the secure digital system 100.
  • the control module 110 may determine whether the security information acquisition condition is satisfied. If it is determined that the contention is satisfied, the control module 110 may request the request security code 11 to the pair system 200 (S21). Then, the secure digital system 100 may receive the request security code 11 from the pair system 200 (S31).
  • control module 110 may perform a predetermined control so that the user can obtain the request security code as described above.
  • the request security code 11 may be displayed through the display module 150 (S41), automatically input into the input UI 13, or automatically transmitted to the authentication system 300 (S51). .
  • the authentication system 300 may perform authentication by comparing the received information, that is, the previously stored information using the request security code 11.
  • the security module 140 included in the secure digital system 100 may perform a security procedure (S61). That is, when a certain condition is reached, the request security code 11 received from the pair system 200 may be deleted.
  • the authentication system 300 separates the security code identification information (for example, the absence number 12 of FIG. 5C) which can identify the request security code 11 separately from the request S11 of the request security code 11. It may further transmit to the secure digital system 100.
  • the authentication system 300 requests the request security code 11 to the separate data processing apparatus 400 as described above, the request means (eg, FIG. 5c, etc.), a user may input the security code identification information (eg, 12) into the secure digital system 100. Then, the control module 110 can check what the request security code (11).
  • the control module 110 analyzes the request means (eg, image analysis, text recognition, etc.) to determine what the security code identification information is. Therefore, the request security code 11 may be determined accordingly.
  • the request means eg, image analysis, text recognition, etc.
  • control module 110 may go through a pair forming procedure for specifying what the pair system 200 paired with the secure digital system 100 is.
  • pairing may be performed only with the pair system 200 specified through the pair forming procedure.
  • control module 110 may perform a predetermined self authentication procedure and may be paired only when the self authentication procedure is successful.
  • the pairing may refer to a case in which the communication state of the secure digital system 100 and the pair system 200 satisfies a predetermined criterion as described above.
  • the predetermined criterion is when the communication module 120 and the pair system 200 are in a communicable state as described above, or a communication power, that is, a signal between the communication module 120 and the pair system 200. It may be the case that the intensity is more than a predetermined intensity. In general, when the secure digital system 100 and the pair system 200 exist within a communication distance, communication may be possible, and even when within the predetermined distance within the communication distance, it may be determined that pairing is performed. It may be. Alternatively, the predetermined criterion may be a case where a predetermined communication device (eg, an RF communication device) included in the communication module 120 and the pair system 200 performs tagging.
  • a predetermined communication device eg, an RF communication device
  • the tagging may refer to a case in which the communication module 120 and the pair system 200 approach a predetermined distance or less.
  • the pair system 200 and the communication module 120 communicates through NFC
  • the pair system 200 is connected to the secure digital system 100 or the pair system 200 within a distance of about 10 cm. Or a series of acts of proximity to the secure digital system 100.
  • the control module 110 may determine that the pairing is performed.
  • the secure digital system 100 and the pair system 200 may perform a pair forming procedure.
  • a separate pair forming procedure may not be performed.
  • the pair forming procedure may be performed by a user of the secure digital system 100 and / or the pair system 200, and may be provided by a provider of the secure digital system 100 and / or the pair system 200. For example, it may be performed by a manufacturer, a distributor, a financial institution, a security company, and the like in advance.
  • the system in which the secure digital system 100 or the pair system 200 becomes its own pair that is, the pair system 200 or the secure digital system 100. It can be performed through a procedure for transmitting and receiving information about the through communication. Alternatively, the information about the pair system 200 may be input through a predetermined application installed in the secure digital system 100.
  • FIG. 3 is a diagram illustrating an example of a method in which a secure digital system and a pair system form a pair according to an embodiment of the present invention
  • FIG. 4 illustrates a pair of secure digital system and a pair system according to another embodiment of the present invention.
  • FIG. 3 illustrates a case in which the secure digital system 100 and the pair system 200 perform a pair forming procedure through communication
  • FIG. 4 illustrates a predetermined application that may be installed in the secure digital system 100. The case of performing a pair formation procedure is shown.
  • a predetermined pair system 200 may be provided.
  • the pair system 200 may be, for example, an RF communication device itself capable of the RF communication or a device in which a predetermined configuration is added to the RF communication device.
  • the RF tag may transmit its identification information to the secure digital system 100.
  • the secure digital system 100 may initially be unpaired with the pair system 200.
  • the secure digital system 100 and the pair system 200 may be independently used in an unrelated state.
  • the secure digital system 100 or the pair system 200 may be implemented to operate normally only when a pair forming procedure is performed.
  • the secure digital system 100 and the pair system 200 may communicate with each other to perform a pair formation procedure.
  • a user may input a predetermined signal to request the execution of the pair formation procedure to the secure digital system 100 or the pair system 200 in advance.
  • the secure digital system 100 or the pair system 200 may know in advance that a pair forming procedure is performed.
  • the secure digital system 100 and the pair system 200 may communicate with each other.
  • the secure digital system 100 may receive identification information for identifying the pair system 200 from the pair system 200.
  • the secure digital system 100 may transmit identification information of the secure digital system 100 to the pair system 200. Alternatively, both processes may be performed. Then, the transmitted identification information of the pair system 200 or the identification information of the secure digital system 100 may be recorded in the secure digital system 100 or the pair system 200, respectively.
  • the pair formation procedure may be completed.
  • the secure digital system 100 or the pair system 200
  • the pair system 200 then communicates with the pair system 200 (or the digital system 100) corresponding to the identification information recorded therein. If this is possible, pairing may be possible within a certain distance, or when tagging.
  • the communication for transmitting and receiving each other's identification information for this pair formation procedure may be performed if the two systems exist only within a distance that can be paired (hereinafter, pairing distance), but should be closer than within the pairing distance May be performed.
  • the pair formation procedure may not be performed even if the two systems are within a pairing distance (ie, a communicable distance or a shorter predetermined distance).
  • the pair forming procedure may be performed only when the secure digital system 100 and the pair system 200 are close to each other within a predetermined proximity distance (eg, 10 cm, etc.) such as NFC tagging.
  • a digital system capable of forming a pair with the pair system 200 may be limited.
  • a system capable of pairing with the pair system 200 may be only a digital system in the name of the specific user.
  • the secure digital system 100 that may be paired with the pair system 200 may be predefined.
  • the control module 110 included in the secure digital system 100 defines a procedure for checking whether the secure digital system 100 is a system capable of pairing with the pair system 200 as a self-authentication procedure. can do.
  • the control module 110 may use information stored in the authentication system 300 or the pair system 200 to perform a self authentication procedure. That is, information for identifying the secure digital system 100 capable of pairing with the pair system 200 may be stored in the authentication system 300 or the pair system 200.
  • the control module 110 may determine user identification information (eg, name, phone number, etc.) or device identification information (eg, a serial number of a specific hardware) stored in the secure digital system 100. Then, the control module 110 may determine whether the identified information corresponds to the information stored in the authentication system 300.
  • the authentication system 300 may store user identification information (eg, a phone number) or device identification information and owner information corresponding thereto. Then, it is possible to determine who is the owner of the secure digital system 100 using the user identification information, and based on the result of the determination, the control module 110 determines that the secure digital system 100 is connected to the pair system ( It may be determined whether or not pairing with the 200 may be performed.
  • the control module 110 may perform a self authentication procedure for determining whether the information and the owner information correspond to each other.
  • owner information eg, a name, an alias, etc.
  • the self-authentication procedure may be performed by comparing owner identification information stored in the pair system 200.
  • the secure digital system 100 and the pair system 200 may finally form a pair.
  • a pair forming procedure may be performed by directly inputting identification information of a paired system to the secure digital system 100 or the pair system 200.
  • a predetermined application 30 for implementing the technical idea of the present invention may be installed in the secure digital system 100.
  • the application may be downloaded from a predetermined web server operated by the provider or utilization agent of the secure digital system 100 or the pair system 200.
  • the user may execute the application 30, and then the UI as shown in FIG. 4 may be provided to the user. Then, the user may input identification information of the pair system 200 paired with the secure digital system 100 through the UI.
  • the input identification information may be stored in a predetermined storage device, and the communication module 120 may check the stored identification information.
  • the secure digital system 100 is a mobile phone and the pair system 200 is a smart card that can be paired with the secure digital system 100.
  • the secure digital system 100 may download the application 30 to a web site of a card company or a financial institution that provides the smart card or from a predetermined app store. Then, after the user of the secure digital system 100 executes the application 30, the user can perform a pair formation procedure by inputting identification information of the smart card.
  • the pair system 200 may also be a system capable of driving a predetermined application.
  • the pair formation procedure may be performed by inputting identification information of the secure digital system 100 through a predetermined application installed and executed in the pair system 200.
  • the user may select the pair system 200 paired with his or her secure digital system 100, and the pair system 200 capable of implementing the technical idea of the present invention.
  • the pair system 200 paired with the secure digital system 100 may be changed, or a plurality of pairs may be used as a pair system.
  • a system to be paired in advance may be determined by the provider of the secure digital system 100 or the pair system 200.
  • information about the pair system 200 is stored in the secure digital system 100 in advance, or information about the secure digital system 100 is stored in the pair system 200 in advance and sold to a user. Or in circulation.
  • the provider sells or distributes the pair system 200 (or digital system 100) together while selling or distributing the secure digital system 100 (or pair system 200) to a user. can do.
  • the clouding system may manage the customer or the community, or even more, in the case of manufacturers or distributors who want to proceed with the authentication or payment-related business using the technical idea of the present invention.
  • the control module 110 may receive the OTP generated by the pair system 200, the pair system ( After receiving the information necessary for generating the OTP from the 200, the control module 110 may directly generate the OTP. Then, the user can obtain the generated OTP. Also in the case of allowing the OTP to be obtained, the OTP is output to the predetermined display module 150 for display, or automatically entered into a predetermined input UI capable of inputting the OTP, or the generated OTP is authenticated. It may include the case of transmitting to (300).
  • FIG. 6 is a diagram illustrating a method for obtaining an OTP by a secure digital system according to an embodiment of the present invention.
  • control module 110 determines whether the security information acquisition condition is satisfied, and automatically or in response to an OTP generation request input from the user (S12), the control system 110 transmits the request to the pair system 200.
  • the generation information required for generating the OTP may be requested (S22).
  • the generation information may be at least part of the OTP information 20 stored in the pair system 200.
  • the OTP information 20 may include OTP generation program information 21 and / or a first OTP generation key 22.
  • control module 110 may receive the first OTP generation key 22 from the pair system 200 (S32). Meanwhile, the OTP generation program information 21 may be stored in the secure digital system 100.
  • the OTP generation program information 21 stored in the secure digital system 100 may be stored in the secure digital system 100 before requesting the information (S22), and the secure digital system 100 may be authenticated.
  • the OTP generation program information 21 may be received from the system 300 in advance.
  • control module 110 may generate the OTP using the OTP generation program information 21 and the first OTP generation key 22 received from the pair system 200 (S42).
  • the generated OTP may be transmitted to the authentication system 300.
  • the authentication system 300 separately generates an OTP using the OTP generating program information 21 and the first OTP generating key 22 which are owned by the authentication system 300, and generates the OTP and the secure digital system (the OTP generated by the authentication system 300). Authentication may be performed by comparing the OTP received from 100).
  • the security module 140 may perform a security procedure for deleting the generated OTP according to a predetermined condition (S52).
  • the pair system 200 when the control module 110 requests generation information to the pair system 200 (S22), the pair system 200 further sends the OTP generation program information 21 to the secure digital system. It may be transmitted to the 100 (S32-1).
  • control module 110 may generate the OTP using the OTP generation program information 21 and the first OTP generation key 22 received from the pair system 200 (S42).
  • the secure digital system 100 may further generate an OTP using the second OTP generation key 23.
  • the second OTP generation key 23 may be a secret key shared with the authentication system 300.
  • the control module 110 receives the first OTP generation key 22 from the pair system 200 and uses the second OTP generation key 23 that can be obtained from the secure digital system 100.
  • the OTP generating program 21 may generate the OTP using the second OTP generating key 23 as an input variable.
  • the first OTP generation key 22 and the second OTP generation key 23 may be used to generate one new key, and the OTP may be generated using the key as an input variable.
  • the authentication system 300 may also generate the same key as the new key generated by the control module 110 using the first OTP generation key 22 and the second OTP generation key 23. It is desirable to be.
  • the second OTP generation key 23 may be a secret key shared with the authentication system 300 in advance. According to an embodiment, the second OTP generation key 23 may be generated through a predetermined algorithm based on the unique identification information of the secure digital system 100, and the authentication system 300 or the secure digital. It may be generated by at least one of the system 100.
  • the secret key to be generated to generate the OTP may be increased, thereby significantly increasing the security.
  • any one secret key for example, the first OTP generation key 22 or the second OTP generation key 23
  • only one leaked secret key cannot generate the same OTP as the authentication system 300. It is effective.
  • the OTP may be generated by the secure digital system 100 and obtained to the user in various ways.
  • the pair system 200 may generate the OTP using the OTP generation program information 21 and the first OTP generation key 22 stored therein.
  • the control module 110 may receive the OTP generated by the pair system 200.
  • the OTP can be received only when the condition for obtaining security information is satisfied.
  • the secure digital system 100 receives generation information (ie, OTP generation program information 21 and / or first OTP generation key 22) from the pair system 200 to generate the OTP. It may be desirable that the generated information is not stored in the secure digital system 100 as much as possible.
  • generation information ie, OTP generation program information 21 and / or first OTP generation key 22
  • the security module 140 may perform a security procedure by deleting the generated information from the secure digital system 100 when a predetermined condition is met.
  • FIG. 1 A schematic process of this security procedure is shown in FIG. 1
  • FIG. 7 is a schematic flowchart illustrating a process of performing a security procedure by a secure digital system according to an embodiment of the present invention.
  • the secure digital system 100 may receive a request security code 11 or an OTP, that is, security information from the authentication system 300. Then, the secure digital system 100 may be loaded with a predetermined request means (for example, a web page as shown in FIG. 5C, or a predetermined application, a frame, a UI, etc.) (S13).
  • a predetermined request means for example, a web page as shown in FIG. 5C, or a predetermined application, a frame, a UI, etc.
  • control module 110 generates at least a portion of the security information (eg, security code) or the generation information (eg, the first OTP generation key) for generating the security information (eg, OTP) from the pair system 200. (22) and / or OTP generation program information 21) may be requested and received (S23).
  • security information eg, security code
  • generation information eg, the first OTP generation key
  • OTP generation program information 21 may be requested and received (S23).
  • the received information is used by the secure digital system 100, it may be advantageous for security that the received information is not stored in the secure digital system 100.
  • the security module 140 determines whether a predetermined time has elapsed from the time at which the received information is received (S33), and if it is determined that the predetermined time has elapsed, the security module 140 may delete the received information (S53). .
  • the security module 140 may determine whether the request means is deactivated (S43). If it is determined that the request means is deactivated, the security module 140 may delete the received information (S53). As described above, when the request means is deactivated, that is, when the received information is deleted or a condition may be defined in advance by the security module 140.
  • the user may obtain security information necessary for authentication through the secure digital system 100.
  • the secure digital system 100 and the pair system 200 may perform contactless communication.
  • the user can simply obtain the security information through the secure digital system 100 used by the user. Therefore, there is no need to take out the pair system 200 from the wallet of the user.
  • FIG. 8 is a view showing a schematic configuration of a pair system according to an embodiment of the present invention.
  • the pair system 200 communicates with a storage device 211 storing at least one of a security code and / or OTP information and a communication module 120 provided in the secure digital system 100. It may include a communication device 220 that can be performed.
  • the pair system 200 may have a data processing capability by itself, and in this case, a predetermined control device 212 may be further provided.
  • the pair system 200 may be implemented as a smart card including the storage device 211 and the control device 212.
  • the pair system 200 may be a system in which the smart card further includes a communication device 220 for implementing the technical idea of the present invention in the conventional control device 212 and the storage device 211. .
  • the security code and the OTP information may not be stored in the pair system 200. That is, the pair system 200 may simply perform a function of forming a pair with the secure digital system 100. In this case, at least one of the control device 212 and / or the storage device 211 may not be included in the pair system 200.
  • the pair system 200 may include a communication device (eg, an RF communication device, etc.) 220.
  • the communication device 220 eg, an RF communication device, etc.
  • the communication device 220 itself may be the pair system 200.
  • the communication device (eg, the RF communication device, etc.) 220 may include a predetermined RF antenna.
  • the communication device 220 may be implemented with, for example, an RFID tag.
  • the pair system 200 itself may be the RFID tag.
  • the communication device 220 may include an RF reader.
  • the communication device 220 may be implemented to communicate with the communication module 120 included in the secure digital system 100.
  • the digital system 100 or the pair system 200 may generate security information even when pairing is not performed. That is, in a limited situation, the user may acquire security information even if pairing is not performed. This may require some additional authentication to be performed.
  • the user may use the security information under a limited condition, that is, a condition in which additional authentication succeeds. You can also allow them to acquire.
  • the additional authentication may include all types of authentications to perform the security information acquisition procedure only after the additional authentication is performed and succeeded. For example, at least one of authentication using a password, authentication using a secret pattern, authentication using biometric information (eg, fingerprint, iris, etc.), authentication using location information or unique identification information of hardware, and / or a public certificate It may be used as the additional authentication. Other methods of further authentication may vary.
  • the secure digital system 100 and / or the pair system 200 may store a plurality of security information or generated information for generating security information.
  • the pair system 200 may store a plurality of security codes or a plurality of OTP information including the OTP information.
  • the pair system 200 may integrally perform a role of a plurality of conventional security cards or a plurality of OTP generating apparatuses.
  • the plurality of security codes or the plurality of OTP information may be security codes used or distributed by different subjects, respectively.
  • financial institution 1 and financial institution 2 may use different security cards.
  • different OTP generators may be used.
  • the pair system 200 may store security codes or OTP information corresponding to different security cards or different OTP generating devices.
  • the control module 110 included in the secure digital system 100 is a security code selection signal for selecting a specific security code (for example, security code used in financial institution 1) of the plurality of security codes from the user
  • a specific security code for example, security code used in financial institution 1
  • the security code may be selected from the plurality of security codes.
  • the control module 110 may perform a control to receive at least a portion of the selected security code.
  • an OTP information selection signal for selecting specific OTP information (eg, used by financial institution 1) from the plurality of OTP information (eg, OTP information used by financial institution 1 or 2) is input from the user, or
  • an application corresponding to the OTP information for example, an application distributed by the financial institution 1
  • at least part of the OTP information among the plurality of OTP information is received or based on the OTP information. It may be controlled to receive the generated OTP.
  • FIG. 9 is a diagram illustrating an example in which a secure digital system acquires security information by performing tagging with a pair system according to an embodiment of the present invention.
  • the secure digital system 100 may perform one tagging operation (S15) to receive desired security information (eg, the entire security code or the requested security code, OTP) from the pair system 200. There is (S25). Alternatively, at least a portion of generation information for generating the security information, that is, OTP information may be received (S25).
  • desired security information eg, the entire security code or the requested security code, OTP
  • OTP information may be received (S25).
  • the secure digital system 100 may not be able to receive security information or generated information.
  • the pair system 200 may be performed to transmit the entire security code to the secure digital system 100.
  • the secure digital system 100 transmits the requested security code identification information, and the security code stored in the pair system 200 based on the transmitted information.
  • the request security code may be extracted, and the extracted request security code may be received by the secure digital system 100.
  • the secure digital system 100 receives at least a portion of the OTP information, at least a portion of the OTP information may be received by the secure digital system 100 while the tagging S15 is performed. Then, OTP generation is performed by the secure digital system 100.
  • the secure digital system 100 may receive the OTP, while the tagging is performed (S15), an OTP generation request signal is transmitted to the pair system 200, and the pair system 200 responds to the transmission.
  • An OTP may be generated and a process of transmitting the generated OTP to the secure digital system 100 may be performed.
  • the OTP generation request signal may be a tagging action itself or a signal transmitted from the secure digital system 100 to the pair system 200 separately.
  • FIGS. 10 to 11 are diagrams illustrating an example in which a secure digital system according to an embodiment of the present invention obtains security information by performing a plurality of tagging.
  • the secure digital system 100 and the pair system 200 may perform first tagging (S16). While the first tagging is performed (S16) or after the pair authentication procedure (S26) may be performed. If the pair authentication procedure succeeds (or fails), predetermined information indicating that a predefined process can be performed (or not present) at the next tagging, i.e., the second tagging, is provided with the secure digital system 100 and / or the pair. It may be recorded in the system 200.
  • At least a part of the security code, at least a part of the OTP information, or the OTP may be transmitted to the secure digital system 100 while the second tagging is performed (S46).
  • a process called OTP generation based on at least a portion of the received OTP information may be performed by the secure digital system 100.
  • the secure digital system 100 and the pair system 200 may perform first tagging (S17). Then, the secure digital system 100 may transmit the information or the OTP generation request signal that can specify the requested security code to the pair system 200 (S27).
  • a pair authentication procedure may be performed by the secure digital system 100 and / or the pair system 200 during or after the first tagging is performed (S17). According to an embodiment, the pair authentication procedure may be performed through separate tagging before the first tagging.
  • the pair system 200 may extract the request security code or generate an OTP (S37). This process may be performed during or after the first tagging (S17).
  • the secure digital system 100 may receive the request security code or OTP from the pair system 200 (S57).
  • a signal for requesting at least a portion of the OTP information is transmitted to the pair system 200, and when the second tagging is performed (S47), the OTP information At least some may be transmitted to the secure digital system 100.
  • a process to be performed during or after each tagging of the plurality of taggings may be predefined, and each tagging is performed.
  • what processes are performed during or after the process may be defined in various ways depending on the implementation.
  • none of the processes to be performed to obtain security information may be substantially performed.
  • information counting how many taggings have been performed for a predetermined time may be recorded and / or maintained in the secure digital system 100 and / or the pair system 200.
  • a predetermined timer may be provided in the secure digital system 100 and / or the pair system 200 to determine whether the operation is performed within a predetermined time.
  • the method of providing a secure digital system and a pair system may be implemented as computer readable codes on a computer readable recording medium.
  • Computer-readable recording media include all kinds of recording devices that store data that can be read by a computer system. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, hard disk, floppy disk, optical data storage, and the like, and also in the form of carrier waves (e.g., transmission over the Internet). It also includes implementations.
  • the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion. And functional programs, codes and code segments for implementing the present invention can be easily inferred by programmers in the art to which the present invention belongs.
  • the present invention can be applied to various digital systems or a pair system for performing short-range wireless communication with the digital system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

L'invention concerne un système numérique sécurisé pour la communication en champ proche (NFC), un système apparié constituant une paire avec celui-ci et une méthode pour obtenir ceux-ci. Le système numérique sécurisé comprend : un appareil d'affichage ; un module de communication permettant la communication, par NFC, avec un système apparié stockant un code de sécurité et/ou des informations d'OTP ; et un module de commande permettant de commander la réception en provenance du système apparié par le module de communication lorsque le module de communication est étiqueté au moins une fois avec le système apparié de façon qu'au moins une partie du code de sécurité ou des informations d'OTP, ou l'OTP en fonction des informations d'OTP soient reçus.
PCT/KR2013/005590 2012-06-25 2013-06-25 Système numérique sécurisé pour la nfc, système apparié constituant une paire avec celui-ci et méthode pour obtenir ceux-ci WO2014003406A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2012-0067945 2012-06-25
KR1020120067945 2012-06-25

Publications (2)

Publication Number Publication Date
WO2014003406A2 true WO2014003406A2 (fr) 2014-01-03
WO2014003406A3 WO2014003406A3 (fr) 2014-02-20

Family

ID=49783968

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/005590 WO2014003406A2 (fr) 2012-06-25 2013-06-25 Système numérique sécurisé pour la nfc, système apparié constituant une paire avec celui-ci et méthode pour obtenir ceux-ci

Country Status (2)

Country Link
KR (3) KR20140001113A (fr)
WO (1) WO2014003406A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618330A (zh) * 2014-12-26 2015-05-13 小米科技有限责任公司 业务处理方法、装置及终端

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090017099A (ko) * 2007-08-14 2009-02-18 탁승호 일회용 패스워드 생성기능을 가진 스마트카드 및 이를이용한 전자금융거래시스템
KR20090098633A (ko) * 2008-03-13 2009-09-17 주식회사 하나은행 다계좌 이체 처리 방법 및 이를 위한 opt단말
JP2010097512A (ja) * 2008-10-17 2010-04-30 Dainippon Printing Co Ltd 携帯端末のアプリケーションダウンロードシステム及び方法
JP2011002994A (ja) * 2009-06-18 2011-01-06 Toppan Printing Co Ltd Usb型トークン

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090002074A (ko) * 2007-06-04 2009-01-09 한국전자통신연구원 보안성이 향상된 일회용 비밀번호에 기반한 사용자 인증장치 및 방법
JP2009193272A (ja) * 2008-02-13 2009-08-27 Aruze Corp 認証システム及び携帯端末
SK50862008A3 (sk) * 2008-09-19 2010-06-07 Logomotion, S. R. O. Systém na elektronické platobné aplikácie a spôsob autorizácie platby
KR20100077914A (ko) * 2008-12-29 2010-07-08 엘지이노텍 주식회사 무선통신장치 및 그 제어방법
JP5534186B2 (ja) * 2010-03-31 2014-06-25 大日本印刷株式会社 情報処理システム、情報処理サーバ、情報処理方法及び情報処理プログラム等

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090017099A (ko) * 2007-08-14 2009-02-18 탁승호 일회용 패스워드 생성기능을 가진 스마트카드 및 이를이용한 전자금융거래시스템
KR20090098633A (ko) * 2008-03-13 2009-09-17 주식회사 하나은행 다계좌 이체 처리 방법 및 이를 위한 opt단말
JP2010097512A (ja) * 2008-10-17 2010-04-30 Dainippon Printing Co Ltd 携帯端末のアプリケーションダウンロードシステム及び方法
JP2011002994A (ja) * 2009-06-18 2011-01-06 Toppan Printing Co Ltd Usb型トークン

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618330A (zh) * 2014-12-26 2015-05-13 小米科技有限责任公司 业务处理方法、装置及终端
CN104618330B (zh) * 2014-12-26 2018-12-25 小米科技有限责任公司 业务处理方法、装置及终端

Also Published As

Publication number Publication date
KR101399543B1 (ko) 2014-05-27
KR20140000656A (ko) 2014-01-03
WO2014003406A3 (fr) 2014-02-20
KR20140001113A (ko) 2014-01-06
KR20140001112A (ko) 2014-01-06
KR101540301B1 (ko) 2015-07-30

Similar Documents

Publication Publication Date Title
WO2019231252A1 (fr) Dispositif électronique utilisé pour authentifier un utilisateur, et procédé de commande associé
WO2016126052A2 (fr) Procédé et système d'authentification
WO2019221504A1 (fr) Procédé de commande d'un module sécurisé connecté à une pluralité de processeurs et dispositif électronique pour sa mise en œuvre
WO2017039354A1 (fr) Procédé et appareil pour réaliser une transaction de règlement
WO2021025482A1 (fr) Dispositif électronique et procédé pour générer un certificat d'attestation sur la base d'une clé fusionnée
WO2016003200A1 (fr) Procédé et appareil pour l'installation de profil pour carte de circuit integre universelle incorporee
WO2016137277A1 (fr) Dispositif électronique fournissant une fonction de paiement électronique et son procédé de fonctionnement
WO2017099342A1 (fr) Procédé, appareil et système pour fournir des informations de compte temporaire
WO2021049869A1 (fr) Dispositif électronique de véhicule pour réaliser une authentification, dispositif mobile utilisé pour une authentification de véhicule, système d'authentification de véhicule et procédé d'authentification de véhicule
WO2011149214A2 (fr) Procédé d'authentification trifactorielle d'un utilisateur permettant de générer un mot de passe à usage unique (mpu) au moyen d'informations d'iris et système d'authentification mutuelle sécurisé utilisant un module d'authentification mpu de terminal de communication sans fil
WO2016076638A1 (fr) Appareil et procédé de paiement
WO2019132555A1 (fr) Dispositif électronique permettant de transmettre et de recevoir un message comportant un émoji et procédé permettant de commander le dispositif électronique
WO2016068531A1 (fr) Appareil et procédé pour paiement à l'aide d'un module sécurisé
WO2018164486A1 (fr) Dispositif électronique et son procédé de commande de connexion de communication sans fil
WO2023106759A1 (fr) Dispositif et procédé de paiement facile hors ligne du type borne d'impression de photos hybride comprenant une lecture de code qr et une commande de médiation web du type à auto-sélection
WO2018034491A1 (fr) Dispositif primaire, dispositif accessoire et procédés de traitement d'opérations sur le dispositif primaire et le dispositif accessoire
WO2016143962A1 (fr) Terminal et procédé pour faire fonctionner ce terminal
EP3808116A1 (fr) Procédé de transaction ulb et dispositif électronique associé
WO2020105892A1 (fr) Procédé par lequel un dispositif partage une clé numérique
WO2019194428A1 (fr) Dispositif électronique partageant une clé avec un dispositif électronique externe, et procédé de fonctionnement du dispositif électronique
WO2017188497A1 (fr) Procédé d'authentification d'utilisateur à intégrité et sécurité renforcées
WO2021066271A1 (fr) Terminal de communication mobile pour réaliser une authentification personnelle, système d'authentification personnelle et procédé d'authentification personnelle utilisant un terminal de communication mobile
WO2020149500A1 (fr) Procédé et appareil pour l'enregistrement d'une clé partagée
WO2020141773A1 (fr) Système de gestion d'accès et procédé de gestion d'accès l'utilisant
WO2014003406A2 (fr) Système numérique sécurisé pour la nfc, système apparié constituant une paire avec celui-ci et méthode pour obtenir ceux-ci

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13810058

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 13810058

Country of ref document: EP

Kind code of ref document: A2