KR101554230B1 - Method for Embodying Once Authentication Code by using Multiple Media Division Authentication - Google Patents

Abstract

According to the present invention, there is provided a method of implementing a disposable authentication code based on a multi-media separation authentication method, the method comprising the steps of: implementing a disposable authentication code through a server communicating with a mobile communication terminal of a user having a program participating in a transaction, The server medium authentication information for receiving a server medium on a server side participating in a transaction based on a disposable authentication code and generating a server medium authentication information for participating in the transaction and implementing a disposable authentication code for the transaction, Authenticating the mobile communication terminal in a state in which the program is executed as a result of authenticating the validity of the server medium authentication information through the program of the mobile communication terminal with the terminal medium on the terminal side participating in the transaction The mobile communication terminal in a state in which the program is executed at the same time Receiving terminal medium authentication information generated through a program of the mobile communication terminal to authenticate the terminal medium on which the one-time authentication code is implemented, and using the terminal medium authentication information received from the program of the mobile communication terminal The mobile communication terminal in the state in which the program is executed is allowed to participate in the transaction and to authenticate the mobile communication terminal as a terminal medium implementing the disposable authentication code for the transaction, A seed value for dynamically generating a disposable authentication code is generated through a program of the authenticated mobile communication terminal when the terminal is authenticated as a terminal medium implementing the disposable authentication code for the transaction at the same time as participating in the transaction, Wherein the seed value is provided as a program of a communication terminal, In a designated storage area of the mobile communication terminal and dynamically generates a disposable authentication code for the transaction using the authentication code generation information including the stored seed value at the time of one-off authentication code based transaction.

Description

[0001] The present invention relates to a method for embodying a multi-media separation authentication based on a multiple media authentication,

The present invention relates to a method of executing a disposable authentication code through a server communicating with a mobile communication terminal of a user having a program participating in a transaction by implementing a disposable authentication code, Generating server medium authentication information for receiving authentication with the server medium, participating in the transaction, transmitting the server medium authentication information to a program of a mobile communication terminal to implement a one-time authentication code for the transaction, Authenticates the validity of the server medium authentication information with the terminal medium on the terminal side participating in the transaction and authenticates the mobile communication terminal in the state in which the program is executed as the terminal medium on the terminal side participating in the transaction, Is authenticated as a terminal medium on the terminal side that implements the one-time authentication code for the transaction The mobile communication terminal having received the terminal medium authentication information generated through the program of the mobile communication terminal and executing the program using the terminal medium authentication information received from the program of the mobile communication terminal, And authenticates the mobile communication terminal as a terminal medium that implements the one-time authentication code for the transaction. The mobile communication terminal in the state in which the program is executed through the terminal medium authentication information, participates in the transaction, And generates a seed value for dynamically generating a disposable authentication code through a program of the authenticated mobile communication terminal when authenticating with a terminal medium implementing the code and provides the seed value to a program of the mobile communication terminal, Stores the seed value in a designated storage area of the mobile communication terminal, And more particularly, to a method of implementing a discrete authentication code based on a multi-media separation authentication method in which a single-use authentication code for the transaction is dynamically generated using authentication code generation information including the stored seed value in code-based transactions.

As the continuous development of information and communication technology, various kinds of transactions, which have been performed in a face-to-face manner through offline, are performed in a non-face-to-face manner using on-line or wireless communication, various non-face authentication methods for authenticating a transaction party in the face- .

The most common authentication method among the non-facing authentication methods is a method of authenticating a transaction party through an ID / PW. However, there is a risk that the ID / PW method can expose the ID / PW due to open communication characteristics. It is not recognized as a reliable non-face authentication method.

Among the non-facing authentication methods, the most reliable authentication method is a method of authenticating a transaction party through a public key certificate provided in a security medium such as an IC (Integrated Circuit) chip. In the public key certificate method, There is an inconvenience that it is always necessary to carry it, and thus it is limitedly used only when high security such as financial transaction or high payment is demanded.

In recent years, a non-face authentication method using a one-time authentication code has been introduced as a non-face authentication method which is as convenient as the ID / PW method and as reliable as the public certificate method.

However, the disposable authentication key scheme has been impaired in convenience due to a two-factor problem that the token generating the disposable authentication code must be separated from the authentication medium. At present, And the inconvenience of having a verification code generator.

An object of the present invention is to provide a method of implementing a disposable authentication code through a server communicating with a mobile communication terminal of a user equipped with a program participating in a transaction, A first step of generating server medium authentication information for receiving authentication with a server medium on the server side and transmitting the server medium authentication information to a program of a mobile communication terminal to implement a disposable authentication code for the transaction while participating in the transaction; The mobile communication terminal that has executed the program as a result of authenticating the validity of the server medium authentication information through the program of the mobile communication terminal is authenticated by the terminal medium on the terminal side participating in the transaction, The terminal of the terminal which implements the disposable authentication code for the transaction A second step of receiving terminal medium authentication information generated through a program of the mobile communication terminal in order to be authenticated as a medium; and a second step of receiving, from the mobile communication terminal, A third step of joining the communication terminal with the terminal medium implementing the one-time authentication code for the transaction at the same time as participating in the transaction; and a third step of authenticating the mobile communication terminal, And generates a seed value for dynamically generating a disposable authentication code through the program of the authenticated mobile communication terminal when the mobile communication terminal authenticates with the terminal medium implementing the disposable authentication code for the transaction, Wherein the program further comprises a fourth step of receiving the seed value A discrete authentication code based on a multi-media separation authentication code for dynamically generating a disposable authentication code for the transaction using the authentication code generation information including the stored seed value at the time of transaction based on the disposable authentication code, And to provide an implementation method.

A method for implementing a discrete authentication code based on a multi-media separation authentication according to the present invention is implemented through a server communicating with a mobile communication terminal of a user having implemented a program participating in a transaction by implementing a disposable authentication code, The server medium authentication information for receiving a server medium on a server side participating in a transaction based on a disposable authentication code and generating a server medium authentication information for participating in the transaction and implementing a disposable authentication code for the transaction, A first step of transmitting authentication information and a mobile communication terminal in a state in which the program is executed as a result of authenticating the validity of the server medium authentication information through a program of the mobile communication terminal, And the mobile communication terminal in a state in which the program is executed, A second step of receiving terminal medium authentication information generated through a program of the mobile communication terminal to authenticate the terminal medium on the terminal side implementing the one-time authentication code for the mobile communication terminal; A third step of joining the mobile communication terminal in a state in which the program is executed using the authentication information to the terminal medium implementing the disposable authentication code for the transaction while participating in the transaction; When the mobile communication terminal in the state in which the program is executed participates in the transaction and at the same time authenticates the terminal medium implementing the disposable authentication code for the transaction, the disposable authentication code is dynamically generated through the program of the authenticated mobile communication terminal And providing the seed value to the program of the mobile communication terminal Wherein the program stores the received seed value in a designated storage area of the mobile communication terminal and transmits the seed value to the disposable authentication code based transaction using disposable authentication code generation information including the stored seed value, And the authentication code is dynamically generated.

In the method for implementing the discrete authentication code based on the multi-media separation authentication according to the present invention, the server medium authentication information includes a server certificate for the server.

The server medium authentication information includes at least one of a server media verifier generated using an algorithm provided in the server, a hash hash function of the generated server media verifier, Value, a random number information dynamically generated through the server, and server information for uniquely identifying the server.

In the method for implementing a discrete authentication code based on the multiple media separation authentication according to the present invention, the terminal medium authentication information includes unique information stored in a memory unit of the mobile communication terminal, unique information stored in an IC chip or USIM And at least one piece of information extracted from the authentication result information returned from the IC chip or USIM in response to a request for authentication to the IC chip or the USIM through the program, A hash value obtained by hashing the generated terminal media verifier, and at least one generated information extracted through the program, among the random number information dynamically generated through the program. .

In the method for implementing the discrete authentication code based on the multi-media separation authentication according to the present invention, the second step may further include receiving a user's personal identification number (PIN) or a password.

In the method for implementing the discrete authentication code based on the multi-media separation authentication according to the present invention, in the fourth step, the mobile communication terminal in the state in which the program is executed is authenticated as a terminal medium for generating a disposable authentication code Generating a terminal medium authentication code corresponding to a result of the authentication, and transmitting the generated terminal medium authentication code to a program of the authenticated mobile communication terminal, The mobile communication terminal is stored in the designated storage area of the mobile communication terminal through the program of the mobile communication terminal and the mobile communication terminal in the state in which the program is executed at the time of the disposable authentication code based transaction participates in the transaction and generates the disposable authentication code for the transaction And is used for authenticating with a terminal medium.

The authentication code generation information may include at least one information stored in an IC chip or an USIM interfaced with the memory unit or the mobile communication terminal of the mobile communication terminal, And further comprising:

delete

According to the present invention, the wireless terminal always possessed by the transaction party is used as the one-time authentication code generator, and the wireless terminal is provided with only the disposable authentication code generating function, or the first part disposable authentication After the first partial disposable authentication code generation information for generating a disposable authentication code and a part of the disposable authentication code are provided, the wireless terminal (or the media authentication server 1 And the medium authentication server 2) and the medium authentication for the media authentication server 2 and the medium authentication server 2), it is advantageous to conveniently implement and use a reliable one-time authentication code.

1 is a diagram showing a system configuration for implementing a one-time authentication code through medium authentication according to an embodiment of the present invention.
2 is a diagram illustrating a wireless terminal functional configuration for implementing a combined disposable authentication code via medium authentication according to an embodiment of the present invention.
3 is a diagram showing a configuration of a system for implementing a combination type disposable authentication code through medium authentication according to an embodiment of the present invention.
4 is a diagram illustrating a medium authentication process for implementing a combined disposable authentication code according to an embodiment of the present invention.
5 is a diagram illustrating a configuration of a combination type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
FIG. 6 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
FIG. 7 is a diagram illustrating a configuration of a method for implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
8 is a diagram illustrating a wireless terminal functional configuration for implementing a combined disposable authentication code through medium authentication according to another embodiment of the present invention.
9 is a diagram showing a configuration of a system for implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
10A and 10B are diagrams illustrating a medium authentication process for implementing a combined disposable authentication code according to another embodiment of the present invention.
11 is a diagram illustrating a configuration of a combination type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
12 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
13 is a diagram illustrating a configuration of a combination type disposable authentication code implementation process through media authentication according to another embodiment of the present invention.
14 is a diagram illustrating a wireless terminal functional configuration for implementing a combined disposable authentication code through medium authentication according to another embodiment of the present invention.
FIG. 15 is a diagram showing a system configuration of a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
16A and 16B are diagrams showing a medium authentication process for implementing a combined disposable authentication code according to another embodiment of the present invention.
17 is a diagram illustrating a configuration of a combination type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
FIG. 18 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
FIG. 19 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
20 is a diagram illustrating a wireless terminal functional configuration for implementing a combined disposable authentication code through medium authentication according to an embodiment of the present invention.
FIG. 21 is a diagram showing a system configuration of a combination type disposable authentication code by medium authentication according to an embodiment of the present invention.
22 is a diagram illustrating a medium authentication process for implementing a combined disposable authentication code according to an embodiment of the present invention.
FIG. 23 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
FIG. 24 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
FIG. 25 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
26 is a diagram illustrating a wireless terminal functional configuration for implementing a combined disposable authentication code through medium authentication according to another embodiment of the present invention.
FIG. 27 is a diagram showing a system configuration of a combination type disposable authentication code by medium authentication according to another embodiment of the present invention. FIG.
28A and 28B are diagrams illustrating a medium authentication process for implementing a combined disposable authentication code according to another embodiment of the present invention.
FIG. 29 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
FIG. 30 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
31 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
32 is a diagram illustrating a wireless terminal function configuration for implementing a combined disposable authentication code through medium authentication according to another embodiment of the present invention.
33 is a diagram showing a configuration of a system for implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.
34A and 34B are diagrams showing a medium authentication process for implementing a combined disposable authentication code according to another embodiment of the present invention.
FIG. 35 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
FIG. 36 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
FIG. 37 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
38 is a diagram illustrating a wireless terminal functional configuration for implementing a hybrid type disposable authentication code through medium authentication according to an embodiment of the present invention.
FIG. 39 is a diagram showing a configuration of a mixed type disposable authentication code implementation system through medium authentication according to an embodiment of the present invention.
40 is a diagram illustrating a medium authentication process for implementing a hybrid type disposable authentication code according to an embodiment of the present invention.
41 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
FIG. 42 is a view showing a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
43 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
44 is a diagram illustrating a wireless terminal functional configuration for implementing a hybrid type disposable authentication code through medium authentication according to another embodiment of the present invention.
45 is a diagram showing a system configuration of a mixed type disposable authentication code by medium authentication according to another embodiment of the present invention.
46A and 46B are diagrams showing a medium authentication process for implementing a hybrid type disposable authentication code according to another embodiment of the present invention.
47 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
FIG. 48 is a view showing a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
49 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
50 is a diagram illustrating a wireless terminal functional configuration for implementing a hybrid type disposable authentication code through medium authentication according to another embodiment of the present invention.
51 is a diagram showing a configuration of a system for implementing a hybrid type disposable authentication code through medium authentication according to another embodiment of the present invention.
52A and 52B are diagrams showing a medium authentication process for implementing a hybrid type disposable authentication code according to another embodiment of the present invention.
53 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.
54 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.
FIG. 55 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. The configuration is omitted as much as possible, and a functional configuration that should be additionally provided for the present invention is mainly described. Those skilled in the art will readily understand the functions of components that have been used in the prior art among the functional configurations that are not shown in the following description, The relationship between the elements and the components added for the present invention will also be clearly understood.

In order to efficiently explain the essential technical features of the present invention, the following embodiments will appropriately modify, integrate, or separate terms to be understood by those skilled in the art to which the present invention belongs , And the present invention is by no means thereby limited. That is, each means constituting the present invention may be a server (or terminal) provided on the system shown in the following embodiments, or a predetermined function constituent part provided in at least one server (or terminal) Or may be a combination of at least two or more function units included in one or more servers (or terminals). In addition, although the server (or terminal) shown in the following embodiments includes at least two or more functional components for the sake of convenience of the present invention, the functional components shown in the server (or terminal) The present invention can be applied to two or more servers (or terminals) that are matched with the above-described means and are different depending on the role and function of each function configuration unit and the operator (or operating agency) of the server (or terminal) No.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram showing a system configuration for implementing a one-time authentication code through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 1 illustrates that the wireless terminal 120 implementing the one-time authentication code may be provided with only a one-time authentication code generation function, or may be provided with a first part disposable authentication code generation Or if the first partial disposable authentication code generation information for generating a disposable authentication code and a part of the disposable authentication code are provided in the wireless terminal 120, the media authentication server 1 (1) 100 and the medium authentication server 2 (105) in the second medium authentication processing in cooperation with the medium authentication server (2) 105. The medium authentication server (105) to implement a combined type / completion type / mixed type disposable authentication code through the wireless terminal (120). If a person skilled in the art is familiar with the present invention, It will be appreciated that various implementations of the system configuration for implementing the disposable authentication code through the media authentication may be inferred by referring to and / or modifying the aspect 1, but the present invention includes all of the above- The technical features thereof are not limited only by the method shown in FIG.

According to one embodiment of the present invention, when the wireless terminal 120 includes only a disposable authentication code generating function, the wireless terminal 120 may communicate with the media authentication server 1 (100) The medium authentication server (1) 100 or the medium authentication server (2) (105) processes the medium authentication in the first medium authentication processing in association with the medium authentication server (2) It is preferable that the wireless terminal 120 provides the authentication code generation information for generating the combined type / completion type / mixed type disposable authentication code in the wireless terminal 120 in response to the second authentication, And generates the completed type disposable authentication code through the medium authentication through the creation information.

Alternatively, the media authentication server (1) 100 or the medium authentication server (2) 105 may transmit the combination / completion / mixed type disposable authentication code to the wireless terminal 120 in response to the first or second medium authentication In this case, the wireless terminal 120 processes the received disposable authentication code into a completed disposable authentication code through the media authentication.

According to another embodiment of the present invention, when the first partial disposable authentication code generation information for generating a part of the disposable authentication codes is provided to the wireless terminal 120, (1) 100 or (2) 105 in the second medium authentication processing in cooperation with the medium authentication server (1) 100 and the medium authentication server The medium authentication server (2) 105 generates second partial disposable authentication code generation information for generating the remaining part of the disposable authentication codes to the wireless terminal 120 in response to the first and second medium authentication, In this case, the wireless terminal 120 generates the first partial disposable authentication code through the first partial disposable authentication code generation information, and generates the first partial disposable authentication code based on the program code, My After generating the second partial disposable authentication code through the two-part disposable authentication code generation information, combines the first and second partial disposable authentication codes to generate a combined disposable authentication code through the medium authentication.

Alternatively, the medium authentication server (1) 100 or the medium authentication server (2) 105 generates a second partial disposable authentication code to the wireless terminal 120 in correspondence with the first or second medium authentication Wherein the wireless terminal 120 generates a first partial disposable authentication code through the first partial disposable authentication code generation information and transmits the first partial disposable authentication code to the first partial disposable authentication code, And generates a combination type disposable authentication code through the medium authentication by combining the disposable authentication codes.

According to another embodiment of the present invention, when the disposable authentication code generation function and the first partial disposable authentication code generation information for generating a part of the disposable authentication code are provided, (1) 100 or (2) 105 in the second medium authentication processing in cooperation with the medium authentication server (1) 100 and the medium authentication server The medium authentication server (2) 105 is provided with second partial disposable authentication code generation information for generating the remaining part of the disposable authentication code to the wireless terminal 120 in correspondence with the first to second medium authentication In this case, the wireless terminal 120 generates the first partial disposable authentication code through the first partial disposable authentication code generation information, and generates the second partial disposable authentication code through the second partial disposable authentication code generation information, To After that generated, characterized in that to the first to the second portion combining a one-time authentication code generated for a combined one-time authentication codes via the medium certificate.

Alternatively, the medium authentication server (1) 100 or the medium authentication server (2) 105 generates a second partial disposable authentication code to the wireless terminal 120 in correspondence with the first or second medium authentication Wherein the wireless terminal 120 generates a first partial disposable authentication code through the first partial disposable authentication code generation information and transmits the first partial disposable authentication code to the first partial disposable authentication code, And generates a combination type disposable authentication code through the medium authentication by combining the disposable authentication codes.

Here, the media authentication server (1) 100 may be a communication company server connected to the wireless terminal 120, a financial service server providing a non-face authentication function based on a disposable authentication code for the wireless terminal 120, Or a card issuer server or a financial transaction or payment related server or web server. The media authentication server (2) 105 may be configured to include the media authentication server (1) 100 A financial company server, a credit card company server, a financial transaction or payment settlement server, and a Web server.

When the combined type / completion type / mixed type disposable authentication code is generated through any one of the above-described methods, the wireless terminal 120 transmits the generated combined type / completion type / mixed type disposable authentication code to the wireless terminal 120 And outputting the result to the output terminal.

Hereinafter, the combined type / completion type / mixed type disposable authentication code may be used in the disposable authentication processing process between the wireless terminal 120 and the disposable authentication code authentication server on the communication network, or a disposable authentication code Is input through the input medium 115 (for example, a desktop computer, a notebook computer, a kiosk, etc.), and is used in the disposable authentication processing process between the disposable authentication code input medium 115 and the disposable authentication code authentication server on the communication network .

2 is a diagram illustrating a functional configuration of a wireless terminal 120 that implements a combined disposable authentication code via medium authentication in accordance with an embodiment of the present invention.

2 is a block diagram of a mobile communication terminal connected to a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (N > = 2) number of digits to the wireless terminal 120. The N (N &gt; = 2) number of digits If n (1 < = n < N) digits partial disposable authentication code generation information for generating n (1 < n &lt; N) digits partial disposable authentication code included in the combined disposable authentication code is provided, (1 < = n < N) digits of the N (N> = 2) number of combinations of disposable authentication codes corresponding to the authentication are transmitted from the wireless terminal 120, n <N) Generate one-time authorization code And the partial disposable authentication code of (Nn) digits is generated through the medium authentication server (1) 100 as a result of the second medium authentication through the medium authentication server (2) 105 after the first medium authentication, (1 < n < N) digits of the partial disposable authentication code and (Nn) digits of the number of digits after generating the partial disposable authentication code generation information received from the authentication server (2) And the partial disposable authentication code is combined to implement an N-digit combination disposable authentication code.

In the present invention, the combination type disposable authentication code with N (N> = 2) digits is referred to as a "combination type disposable authentication code" or "authentication code (N)" for convenience, The disposable authentication code is referred to as a "first partial disposable authentication code" or "authentication code (n)" for convenience, and the partial disposable authentication code of the (Nn) (Nn) &quot;.

2, a terminal device (for example, HSDPA (High-Speed Downlink Packet (HSDPA)) which implements the combination type disposable authentication code through the medium authentication can be used as long as it is familiar to those skilled in the art. A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, The present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the spirit and scope of the invention.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna And a battery 220, and internally includes a predetermined modem chip (for example, a modem chip) having a function of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, Frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 2, the wireless terminal 120, which implements the combination type disposable authentication code through the media authentication, includes a controller 200 corresponding to the modem chip structurally, a screen output unit 200 corresponding to an LCD (Liquid Crystal Display) A sound processing unit 210 corresponding to the microphone / speaker, a key input unit 215 corresponding to the keypad, a radio processing unit 240 corresponding to the antenna and various RF modules, A memory unit 225 and a battery 220 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may include an IC chip 235 (for example, a financial IC (hereinafter, referred to as a &quot; financial IC &quot;) (Universal Subscriber Identity Module) or the like) and an IC chip reader 230 for reading / writing predetermined information (or data) to the IC chip 235 .

The control unit 200 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and is provided with a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory element. A bus (BUS) for inputting / outputting program data, and a predetermined electronic circuit (or an integrated circuit) provided for the bus. The memory unit 225 or the memory device (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 is conveniently provided in the control unit 200 (Not shown) and at least one or more system management routines (e.g., power management routines, channel (forward / backward) management), and the like. (Not shown), and various functional configurations to be implemented in the wireless terminal 120 are realized by the controller 200. [0040] As shown in FIG.

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 200, and the mobile terminal 120 is operated by the processor so that the wireless terminal 120 can receive the system setting detailed state, the pilot channel obtaining detailed state, the synchronization channel obtaining detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

After performing the booting procedure, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the controller 200, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the combination type disposable authentication code through the medium authentication is such that the wireless terminal 120 can be started (i.e., started) through a predetermined key input in an operation mode corresponding to the " Or realized).

The screen output unit 205 is a function configuration unit for a screen for checking operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. One or more And a driver for driving the screen output device. The control unit 200 may output at least one key data input through the key input unit 215 in association with the control unit 200, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to the embodiment of the present invention, the screen output unit 205 displays a menu screen corresponding to the function of implementing the combination type disposable authentication code through the medium authentication, a function processing screen for implementing the combination type disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 210 processes a sound input and output in each operation mode of the wireless terminal 120. The function processing unit 210 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to an embodiment of the present invention, the sound processing unit 210 may generate a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 210 may be operable to reproduce at least one sound content or multimedia content provided in (or downloaded from) the mobile terminal 120 in at least one operation mode including the " It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 215 may include a key input unit having at least one key button including a predetermined number key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 200, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the control unit 200 The control unit 200 reads out predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (e.g., corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (managing) at least one key data to the key event) And is a command to execute a predetermined function defined characterized in that the shipping dock.

According to an embodiment of the present invention, the key input unit 215 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 215 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to perform various functions provided in the display unit 120. [

According to the embodiment of the present invention, the key input unit 215 performs a function of a key input unit for inputting at least one key data corresponding to a function of implementing the combination type disposable authentication code through the medium authentication .

The radio processing unit 240 is a functional unit for connecting a radio channel to a base station on a mobile communication network based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (e.g., a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode or a Power Control in response to each operation mode of the wireless terminal 120 in association with the controller 200. The wireless terminal 120 may be a mobile terminal, Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 240 may perform a radio frequency signal transmission / reception function (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to a function of implementing a combination- Amplification, filtering, and the like).

In particular, the radio processing unit 240 processes the information or signal transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement the combined disposable authentication code through the media authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 shown in FIG. 2 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processor 240 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x-based wireless network, the wireless processing unit 240 may be configured to include a wireless communication function configuration The present invention is not limited to this configuration, and may include a wireless communication function configuration for accessing the IEEE 802.16x-based wireless network and implementing the combined disposable authentication code through the media authentication.

The IC chip reader 230 may include an IC chip 235 mounted on or removed from the wireless terminal 120 through an IC chip 235 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or the ISO / IEC 7816 standard, the function of exchanging at least one piece of information (or data or command) with the ISO / IEC 7816 standard, the financial IC chip 235, (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 235 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the standard including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 235 mounted or detached from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal (Input / output interface) for communicating (e.g., exchanging commands or data) with the IC chip reader unit 230 through contact points such as CLK, ground GND, programming power supply VPP, or input / output A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating internal resources of the IC card is stored in the IC chip reader 230. The IC chip reader 230 receives a predetermined When the power is supplied, the COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 235, and the clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And controls the exchange of information or data between the IC chip 235 and the IC chip reader 230 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 235 storage information (for example, program code and data for IC chip 235) for implementing a combination type disposable authentication code through medium authentication is stored in the memory of IC chip 235 The storage information of the IC chip 235 may include a storage unit (not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer's wireless terminal. And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) comprising an instruction call code that interacts with the instruction set of the COS and an execution code that is processed by the processor unit (Not shown) is provided with a processing unit (not shown) corresponding to the client wireless terminal. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 235 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a chip serial number (CSN) is stored, The IC chip 235 storage information for the present invention includes the protection area and the COS control area. The storage area for the IC chip 235 includes a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service (EF) file containing substantial information or data. The IC chip 235 storage information for the present invention also includes the file structure as described above.

According to the embodiment of the present invention, the IC chip 235 stores at least the user authentication IC chip 235 storage information for authenticating the validity of the user of the wireless terminal 120 or the terminal authentication IC chip 235 storage information It is preferable that one or more of them are provided.

The user authentication IC chip 235 storage information or the terminal authentication IC chip 235 storage information is used to store the user authentication information input through the key input unit 215 into the IC chip 235 authentication code It is preferable that the authentication result information of the terminal medium IC chip 235 is returned after the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated using the identification information A technical feature that the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated through the IC chip 235 authentication code in the IC chip 235, The user of the wireless terminal 120 (or the wireless terminal 120) knows the technical characteristics of returning the authentication result information of the terminal medium IC chip 235 corresponding to the authentication result. .

In addition, the memory provided in the IC chip 235 may generate an authentication code (n) for generating the authentication code (n) in order to implement the combination type disposable authentication code through the medium authentication instead of the memory unit 225 (N) of the combination type disposable authentication codes having N (N > = 2) digits, the authentication code (n) generating information is capable of storing information (e.g., a seed value for generating an authentication code and a seed value for generating a partial disposable authentication code of n (1 < = n < N) digits.

The memory unit 225 may include a storage medium that stores at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium that records a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

According to the embodiment of the present invention, the memory unit 225 generates authentication code (n) generation information (e.g., authentication code (n)) for generating the authentication code (n) n) for generating a seed value).

Here, the authentication code (n) generation information includes a seed value for generating a partial disposable authentication code of n (1 <= n <N) digits among N (N> = 2) .

In addition, the memory unit 225 may include a media authentication server (not shown) for the media authentication server (1) 100 that authenticates the terminal medium corresponding to the wireless terminal 120 to implement the combined disposable authentication code through the media authentication, (100) information (for example, address information of the medium authentication server (1) 100, unique information of the medium authentication server (1) 100) (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)).

According to another embodiment of the present invention, the authentication code (n) generation information can be stored in a memory on the IC chip 235, and the present invention is characterized in that the generation information of the authentication code (n) ) Stored in a memory on the network.

Referring to FIG. 2, the wireless terminal 120 implementing the combination type disposable authentication code through the medium authentication includes an information input unit for receiving user authentication information through the key input unit 215.

The information input unit outputs the user authentication information input interface in cooperation with the screen output unit 205 to implement the combination type disposable authentication code through the medium authentication, The authentication processing unit 245 requests the user to input the user authentication information to the user authentication information interface through the key input unit 215. [ do.

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be stored in the wireless terminal 120 through the user authentication IC chip 235 storage information provided in the IC chip 235 (or the USIM) or the terminal authentication IC chip 235 storage information, And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 2, when the combined type disposable authentication code is implemented through the terminal medium authentication, the wireless terminal 120 generates terminal medium authentication information based on the user authentication information input through the information input unit , And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processing unit 240 to process the medium corresponding to the wireless terminal 120 to be first authenticated , The media authentication server (1) (100) receives the terminal medium authentication code from the medium authentication server (1) (100) at the terminal medium authentication and transmits the received terminal medium authentication code to the medium authentication server An authentication processing unit 245 for transmitting the media authentication request to the media authentication server 2 105 and processing the media corresponding to the wireless terminal 120 to be second authenticated; (Nn) Provided with a receiving unit 250 for receiving information characterized by comprising.

In the case of implementing the combination type disposable authentication code through the terminal medium authentication, the authentication processing unit 245 inputs the authentication information through the information input unit to process the terminal medium in the media authentication server (1) 100 on the communication network And generates the terminal medium authentication information based on the user authentication information.

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the media authentication server on the communication network for authenticating the terminal medium for the wireless terminal 120 The authentication processing unit 245 transmits the user authentication information and the unique information of the mobile terminal 120 such as MIN (Mobile Identification Number) information or ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the authentication processing unit 245 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120. [

Alternatively, the authentication processing unit 245 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 235 (or USIM) through the user authentication IC chip 235 storage information or the terminal authentication IC chip 235 storage information The authentication processing unit 245 may transmit the authentication information to the IC chip reader 230 through the IC chip reader unit 230. The authentication processing unit 245 may include at least one personal identification number (PIN) or password for authenticating the validity of the user of the wireless terminal 120, Information to the user authentication IC chip 235 storage information or the terminal authentication IC chip 235 storage information provided in the IC chip 235 (or the USIM) to perform authentication so as to authenticate the IC chip 235, When the authentication result information of the terminal medium IC chip 235 through the user authentication information is returned from the authentication result information 235 (or USIM) of the terminal 200, authentication result information of the returned terminal medium IC chip 235, The terminal medium authentication information including the .

For example, the authentication processing unit 245 may generate the terminal medium authentication information by concatenating the authentication result information of the terminal medium IC chip 235 with the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit 245 may hash the at least one of the authentication result information of the terminal medium IC chip 235 and the unique information of the wireless terminal 120 as a one-way hash function, and XORs the one or more information to generate a terminal media verifier , The terminal medium verifier, the terminal medium IC chip (235) authentication result information, and the wireless terminal (120) unique information to generate the terminal medium authentication information.

The terminal medium IC chip 235 may include at least one additional information item to be included in the terminal medium authentication information in addition to the authentication result information of the terminal medium IC chip 235 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal media authentication information generation factor for generating terminal media authentication information to be transmitted to the media authentication server on the communication network, The authentication processing unit 245 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (e.g., random number value generated by the terminal ), XOR-operation of at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier, Generates terminal medium authentication information including authentication information, at least one random number information, and unique information of the wireless terminal 120 Is preferred, those skilled in the art according to the intention of the authentication processing unit 245 is able to cut the more hash verification terminal medium.

For example, the authentication processing unit 245 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processing unit 245 transmits the terminal medium authentication information to the media authentication server (1) 100 on the communication network It is preferable to encrypt it with at least one encryption key provided in the memory unit 225 (or the IC chip 235).

When the terminal medium authentication information is generated as described above, the authentication processing unit 245 transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processing unit 240 And the media authentication server (1) (100) performs first authentication of the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 235 (or USIM) through the user authentication IC chip 235 storage information or the terminal authentication IC chip 235 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And transmits the authentication information to the IC chip 235 based on the user authentication information stored in association with the unique information of the wireless terminal 120 in a storage medium provided to (or associated with) the media authentication server (1) ) (Or USIM) (Or the terminal medium IC chip 235) authentication information through the same logic as the user authentication IC chip 235 storage information or the terminal authentication IC chip 235 storage information (235) authentication information included in the terminal medium IC chip (235) authentication information included in the terminal medium IC chip (235) authentication information and the terminal medium IC chip (235) authentication information included in the terminal medium authentication information And verifies the validity of the terminal medium.

If at least one of the authentication result information of the terminal medium IC chip 235 and the unique information of the wireless terminal 120 is hashed as a one-way hash function and the terminal media verifier is included in the terminal medium authentication information, The media authentication server (1) (100) transmits at least one or more pieces of authentication information of the terminal medium IC chip (235) provided in the storage medium and unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the medium authentication server (1) (100) generates (or extracts) a terminal medium authentication code corresponding to the terminal medium authentication result, And the authentication processing unit 245 receives the terminal medium authentication code from the medium authentication server (1) (100).

Then, the authentication processing unit 245 transmits the received terminal medium authentication code to the medium authentication server (2) 105 through a communication network.

According to the embodiment of the present invention, the authentication processing unit 245 generates the terminal medium authentication information through the user authentication information and transmits the same (or the same) method as that transmitted to the media authentication server (1) 100 (For example, concatenating the terminal medium authentication code with the unique information of the wireless terminal 120 or generating a terminal medium verifier including the terminal medium authentication code and the unique information of the wireless terminal 120) It is preferable to transmit the terminal authentication code to the media authentication server (2) 105. If the terminal medium authentication information is generated by the terminal authentication method, The detailed description thereof will be omitted for the sake of simplicity.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code (Or extracts) the authentication code (Nn) generation information for generating the authentication code (Nn) and transmits the generated authentication code (Nn) to the wireless terminal 120. In response thereto, And receives the authentication code (Nn) generation information through the network.

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the medium authentication server 2 (105) (Nn) for generating the authentication code (Nn) through the authentication code (Nn) generation information to the wireless terminal (120) in response to the terminal medium authentication, The receiving unit 250 further receives the program code Nn for generating the authentication code Nn through the wireless communication unit 240 through the authentication code Nn generating information.

Alternatively, when the program code for generating the authentication code (n) is not provided to the wireless terminal 120 through the authentication code (n) generation information, the medium authentication server (2) (105) It is preferable to further transmit the program code (n) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in response to the authentication, ) Further comprises a program code (n) for generating the authentication code (n) through the wireless processing unit (240) through the authentication code (n) generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code Nn to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code Nn to the wireless terminal 120. In response to the authentication code Nn, The authentication code Nn is received via the authentication code Nn.

Referring to FIG. 2, the wireless terminal 120 generates an authentication code (n) through authentication code (n) generation information in association with the memory unit 225, And an authentication code generation unit (255) for generating an authentication code (Nn) through the authentication code (Nn) generation information.

If the authentication code generating unit 255 is provided with the program code n for generating the authentication code n, the authentication code generating unit 255 generates the authentication code (n) stored in the memory unit 225 (n) is generated by the output processing unit 265. The output processing unit 265 generates the authentication code (n) using the authentication code (n) Codes Nn may be combined and generated at any time before the authentication code N is generated, and the present invention is not limited by the generation time of the authentication code n.

On the other hand, when the authentication code generating unit 255 is provided with the program code n for generating the authentication code n, the authentication code generating unit 255 generates a program code n, (n) generated using the authentication code (n) generation information stored in the memory unit 225 through the authentication code (n).

If the authentication code generating unit 255 is provided with the program code Nn for generating the authentication code Nn, the authentication code generating unit 255 may generate the authentication code Nn through the receiving unit 250 Nn) generation information is received, the authentication code generation unit 255 generates an authentication code Nn of (Nn) digits using the received authentication code (Nn) generation information.

On the other hand, when the program code Nn for generating the authentication code Nn is not provided to the authentication code generation unit 255, the authentication code generation unit 255 generates the authentication code Nn through the reception unit 250, (Nn) generation information is received, the authentication code generation unit 255 generates (Nn) using the received authentication code (Nn) generation information through the program code (Nn) received through the reception unit 250, It is preferable to generate the authentication code Nn of the number of digits.

According to another embodiment of the present invention, when the authentication code Nn is directly received through the receiver 250, the authentication code generator 255 may omit generating the authentication code Nn, The present invention is not limited thereto.

A person skilled in the art will recognize that the authentication code generation unit 255 may generate a technical feature (for example, an authentication code) for generating an authentication code (n) of n digits using the authentication code (n) (Nn) digits of the authentication code (Nn) using the authentication code (Nn) generation information, the detailed description thereof will be omitted for the sake of convenience.

2, the wireless terminal 120 includes a code combination unit 260 for generating an authentication code N by combining the authentication code n and the authentication code Nn, And an output processing unit (265) for outputting the generated authentication code (N) in association with the authentication code (205).

When the authentication code (n) and the authentication code (Nn) are generated by the authentication code generation unit 255, the code combination unit 260 combines the authentication code (n) and the authentication code (Nn) And generates a digit number authentication code (N).

According to an embodiment of the present invention, the code combining unit 260 preferably generates an N-digit authentication code N by concatenating the authentication code n and the authentication code Nn.

For example, if the authentication code (n) is "123" and the authentication code (Nn) is "456", the code combination unit 260 concatenates the authentication code (n) It is preferable to generate code (N) "123456 &quot;.

According to another embodiment of the present invention, the code combining unit 260 may generate an N-digit verification code N by ORing the verification code n and the verification code Nn, (N) and the authentication code (Nn) are designated, the code combining unit 260 inserts the corresponding code in the place of the authentication code (n) and the authentication code (Nn) It is preferable to generate the code N.

For example, if the authentication code (n) is "103050" and the authentication code (Nn) is "020406", the code combining unit 260 performs OR operation of the authentication code (n) It is preferable to generate the authentication code (N) "123456 &quot;.

Alternatively, if the authentication code n is "1? 3? 5?" And the authentication code Nn is "? 2? 4? 6" (N) "123456" by inserting each code into the position of the position of the authentication code (Nn) and the authentication code (Nn).

According to another embodiment of the present invention, the code combining unit 260 substitutes the authentication code n and the authentication code Nn into at least one code generation function (e.g., a hash function) It is preferable to generate the authentication code (N) of the code generation function, and the present invention is not limited by the code generation function type and the algorithm.

When the authentication code N and the authentication code Nn are combined to generate an N-digit authentication code N, the output processing unit 265 associates with the screen output unit 205, (N) of the wireless terminal (120) to a predetermined area on the screen of the wireless terminal (120).

According to an embodiment of the present invention, the output processing unit 265 outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in cooperation with the screen output unit 205, To output the generated N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit 265 outputs the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in cooperation with the screen output unit 205 And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 3 is a diagram showing a configuration of a system for implementing a combination type disposable authentication code through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 3 illustrates the case where the wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 2, (N > = 2) digits of N (N &gt; = 2) number of disposable authentication codes are implemented, and those skilled in the art will be able to refer to FIG. 3 The present invention may be embodied in many other forms of implementation of the combined disposable authentication code implementation system configuration through the medium authentication and / or modification, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 3, the system for implementing a combination type disposable authentication code through medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 2, a wireless terminal 120 connected to the wireless terminal 120, A media authentication server (1) (100) for performing a first terminal medium authentication for the wireless terminal (120) and transmitting a terminal medium authentication code to the wireless terminal (120) in response to the first medium authentication result , An authentication code (Nn) for generating second authentication code (Nn) to the wireless terminal (120) in response to the second medium authentication result, And a media authentication server (2) (105) for providing the authentication information (Nn) generation information or generating an authentication code (Nn) of (Nn) digits and providing it to the wireless terminal (120).

In order to implement the combination type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 may include authentication code (n) generation information in the memory unit (or IC chip) to implement the N (N> = 2) digit combined disposable authentication codes, (1 < = n < N) number of authentication codes (n) through the generation information.

Also, the wireless terminal 120 receives the terminal medium authentication code from the media authentication server (1) 100 as a result of the first terminal medium authentication, and transmits the received terminal medium authentication code to the media authentication server 2) &lt; / RTI &gt;

Also, the wireless terminal 120 may generate authentication code (Nn) generation information (Nn) for generating an authentication code (Nn) from the media authentication server (2) 105 as a result of the second terminal media authentication, And a function of generating an authentication code (Nn) of (Nn) digits from the server through the received authentication code (Nn) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 as a result of the terminal medium authentication.

When the authentication code N of the n digits is generated and the authentication code Nn of the number Nn is generated, the wireless terminal 120 combines the authentication code n and the authentication code Nn into N (N), and outputs the generated authentication code (N) to the screen of the wireless terminal (120).

In FIG. 3, the wireless terminal 120 has a technical feature of generating an authentication code (Nn) of n digits and an authentication code (Nn) of n digits and a technical feature of generating the authentication code (n) The technical features of generating an N-digit authentication code (N) in combination will be described with reference to FIG. 2, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) (325) for further storing the terminal medium authentication rule information through information. The storage medium (1) (325) And the authentication code generation rule information for generating the terminal medium authentication code is further stored in association with each other.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, It is preferable that one or more of the terminal authentication rules are stored in the storage medium (1) 325 when the terminal authentication rule is implemented in the form of a program code in the media authentication server (1) 100, , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 325, and thus the present invention is not limited thereto.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 355 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code And the storage medium (2) 355 generates authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) The authentication code generation rule information for generating the authentication code Nn to be transmitted to the terminal 120 is further stored in association with each other.

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) When the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 355, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 or a rule for generating the authentication code (Nn) to be transmitted to the wireless terminal 120 (2) (355 (5)), if the authentication code generation rule is implemented in the form of a program code in the media authentication server (2) 105, The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

When the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information according to another embodiment of the present invention, the storage medium (2) 355 includes user authentication information (not shown), a wireless terminal 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (n) or the authentication code (Nn) is not provided to the wireless terminal 120, the media authentication server (2) (N) for generating the authentication code (n) or the program code (Nn) for generating the authentication code (Nn) according to a platform (e.g., a program interpreter, an operating system, 120) and a program code D / B 360 for classifying and storing the program codes D / B 360 for each platform.

(N) for generating the authentication code (n) according to a platform of a plurality of wireless terminals 120, or the authentication code (Nn) if it is known to those skilled in the art to which the present invention belongs And the detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 includes an interface unit 300 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 300 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to one embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system), the interface unit 300 transmits, And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected with the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 3, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An authentication information receiving unit 305 for receiving the terminal medium authentication information in association with the interface unit 300 when the terminal unit 300 transmits the terminal medium authentication information, An authentication code generation unit 315 for generating a terminal medium authentication code when the terminal medium is authenticated; and an authentication code generation unit 315 for generating a terminal medium authentication code, And an authentication code transmitting unit (320) for transmitting the terminal medium authentication code to the wireless terminal (120).

When the wireless terminal 120 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 305 transmits the terminal medium authentication information to the interface unit 300 When the terminal medium authentication information is encrypted, the authentication information receiving unit 305 decrypts the encrypted terminal medium authentication information through the decryption key. .

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authentication unit (1) 310 checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, 120 authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal media authentication information, (1) 325, which is stored in the storage medium (1) (325), compares the user authentication information stored in association with the unique information of the wireless terminal (120) and the user authentication information included in the terminal medium authentication information, Hyosung is certified.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1 ) 310 transmits at least one of the user authentication information provided in the storage medium (1) 325 and the unique information of the wireless terminal 120 confirmed through the communication session to the same method as the terminal media verifier And XORing the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, , The terminal medium authentication unit (1) 310 checks the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Provided in the IC chip (or USIM) based on the user authentication information stored in the storage medium (1) (325) provided in (or linked to) the wireless terminal (120) User authentication IC chip storage information, Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or stores the terminal medium IC chip authentication information when the terminal medium IC chip authentication information is stored in the storage medium (1) 325) And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit (1) 310 transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 325 and the unique information of the wireless terminal 120 confirmed through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication unit (1) 310 transmits the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 325 stored in the terminal medium authenticating unit (1) 310 and stored in association with the unique information of the wireless terminal 120, And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the directional hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above-described methods, the authentication code generation unit 315 generates (or extracts) the terminal medium authentication code through the authentication code generation rule information do.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 315, the authentication code transmission unit 320 transmits the generated terminal medium authentication code in association with the interface unit 300 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

According to the present invention, the media authentication server (2) 105 comprises an interface unit 330 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 330 receives terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system), the interface unit 330 transmits, And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 3, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server 2 (105) An authentication code receiving unit 335 for receiving the medium authentication code, a terminal medium authentication unit 2 (340) for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal 120, (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) or generating the authentication code (Nn) to be transmitted to the wireless terminal (120) And a transmission unit 330 for transmitting the generated authentication code Nn generation information (or authentication code Nn) to the wireless terminal 120 in cooperation with the interface unit 330. [ (350).

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the generated terminal medium authentication code through the communication channel, the authentication code receiving unit 335 transmits the terminal medium authentication code to the interface unit 330 When the terminal medium authentication code is encrypted, the authentication code receiving unit 335 decrypts the encrypted terminal medium authentication code through a decryption key. .

The terminal medium authentication unit (2) 340 then authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generator 345 generates (Nn) generation information for generating an authentication code (Nn) from the wireless terminal 120 through the authentication code generation rule information Or extraction).

According to another embodiment of the present invention, the information generation unit 345 generates (or extracts) the authentication code (Nn) generation information through the authentication code generation rule information, and generates the authentication code (Nn) (Nn) to be transmitted to the wireless terminal (120).

When the authentication code (Nn) generation information is generated (or extracted) through the information generating unit 345 according to an embodiment of the present invention, the transmitting unit 350 transmits And transmits the generated authentication code Nn to the wireless terminal 120. In response to the generated authentication code Nn, the wireless terminal 120 transmits the generated authentication code Nn to the wireless terminal 120 .

When the authentication code Nn is generated (or extracted) through the information generating unit 345 according to another embodiment of the present invention, the transmitting unit 350 may generate the authentication code Nn in association with the interface unit 330, And transmits the authentication code (Nn) to the wireless terminal (120).

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the transmitter 350 transmits the program code Dn / It is preferable to further transmit the program code Nn to the wireless terminal 120 for generating the authentication code Nn through the authentication code Nn generation information in cooperation with the B 360.

Alternatively, when the wireless terminal 120 is not provided with the program code (n) for generating the authentication code (n) through the authentication code (n) generation information, the transmitter 350 transmits the program code D It is preferable to further transmit the program code Nn for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in association with the authentication code / B 360.

4 is a diagram illustrating a medium authentication process for implementing a combined disposable authentication code according to an embodiment of the present invention.

In more detail, FIG. 4 illustrates a wireless terminal 120 function configuration in which the combined disposable authentication code is implemented includes a wireless terminal 120 functional configuration shown in FIG. 2, A method for performing a first medium authentication with a media authentication server (1) (100) and a second medium authentication with a medium authentication server (2) (105) on a combined disposable authentication code implementation system, Those skilled in the art will be able to refer to and modify various aspects of the media authentication process for implementing the combined disposable authentication code, The present invention is not limited to the above-described embodiments, and various modifications and changes may be made without departing from the scope of the present invention.

4, the media authentication server 1 (100) on the combined disposable authentication code implementation system shown in FIG. 3 is referred to as a "server 1" for convenience, and the medium authentication server (2) Quot; server 2 &quot;.

4, the wireless terminal 120 checks whether a menu (or a key button) for implementing a combined type disposable authentication code through media authentication is input (400), and if the menu When a menu (or a key button) is input (405), the wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, and if user authentication information is inputted through the interface (410).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is confirmed in step 415 that the user authentication information is input, the wireless terminal 120 uses the user authentication information to authenticate the terminal medium corresponding to the wireless terminal 120 in the server 1 And generates terminal medium authentication information (420).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated (425), the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 via the communication channel (430).

Thereafter, the server 1 reads the terminal medium authentication information in cooperation with the storage medium 1 (325), and performs a first authentication process on the terminal medium (435).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The server 1 confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and includes the specific information of the wireless terminal 120 and the terminal medium authentication information (Or connected) to the server 1 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 and verifying the validity of the wireless terminal 120 Authenticating the validity of the terminal medium by comparing user authentication information stored in association with unique information and user authentication information included in the terminal medium authentication information.

If the terminal 1 includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal medium authentication information, the server 1 may include a terminal media verifier, And hashes at least one of the user authentication information provided in the storage medium (1) 325 and the unique information of the wireless terminal 120 identified through the communication session in the same manner as the terminal media verifier, Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server 1 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal authentication information, and transmits the terminal authentication information to the server 1 , Verifies the validity of the wireless terminal (120) by comparing the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (Or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium (1) (325) In addition (Or storing the terminal medium IC chip authentication information when the terminal medium IC chip authentication information is stored in the storage medium (1) 325) through the same logic as the terminal authentication IC chip storage information ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and the terminal media verifier is included in the terminal medium authentication information, 1) transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 325 and the unique information of the wireless terminal 120 confirmed through the communication session to the same terminal medium verifier And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The server 1 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 to the terminal 1, (1) 325 provided in (or linked to) the server 1 by comparing the unique information of the wireless terminal 120 included in the medium authentication information to authenticate the validity of the wireless terminal 120 The user authentication information stored in association with the unique information of the wireless terminal 120 is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value (The random number value included in the media authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) to generate the terminal media authenticator, The validity of the terminal medium is verified by comparing the terminal medium verifier included in the medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated (440), the server 1 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (445) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

When the terminal medium authentication information is authenticated (440), the server 1 generates a terminal medium authentication code in association with the storage medium (1) 325 and transmits it to the wireless terminal 120 through the communication channel (450).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel (455).

Thereafter, the server 2 reads the terminal medium authentication code in association with the storage medium 2 (355) and performs a second authentication process on the terminal medium (460).

If the terminal medium authentication code is not authenticated (465), the server 2 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (470) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

On the other hand, if the terminal medium authentication code is authenticated (465), the server 2 generates authentication code (Nn) information for generating a combined disposable authentication code through the process shown in FIG. 5, FIG. 6, And transmits the generated authentication code Nn to the wireless terminal 120.

FIG. 5 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to an embodiment of the present invention.

5 is a flowchart illustrating a media authentication process performed by the media authentication server 1 (FIG. 3) on the combined disposable authentication code implementation system shown in FIG. 3 in the wireless terminal 120 shown in FIG. 2 through the medium authentication process shown in FIG. 100, and the medium authentication server 2 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result, Generates the authentication code (n) through the authentication code (n) generation information at the wireless terminal 120 and transmits the authentication code (Nn) through the received authentication code (Nn) (N) by combining the authentication code (n) and the authentication code (Nn), and if the person skilled in the art is familiar with the present invention, 5 &lt; / RTI &gt; to &lt; RTI ID = 0.0 &gt; and / It is to be understood that the present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the spirit and scope of the invention.

5, the process of generating the authentication code (n) through the authentication code (n) generation information included in the wireless terminal 120 is transmitted from the medium authentication server (2) 105 to the authentication code The process of generating the authentication code (n) is not limited to the authentication code (n) and the authentication code (n) It is possible to perform at any stage before combining the authentication code Nn.

Hereinafter, in FIG. 5, the medium authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 3 is referred to as a "server" for convenience.

Referring to FIG. 5, after the media authentication is performed through the media authentication process shown in FIG. 4, the server, in cooperation with the storage medium 2 355, (Nn) generation information for generating an authentication code (Nn) for generating the authentication code (Nn) from the wireless terminal 120 (500) and transmits the authentication code (Nn) generation information to the wireless terminal 120 via the communication channel The wireless terminal 120 receives the authentication code (Nn) generation information through the communication channel (510), and transmits the generated authentication code (Nn) to the wireless terminal 120 through the authentication code Generates the authentication code (n), and generates the authentication code (Nn) through the received authentication code (Nn) generation information (515).

If the authentication code n and the authentication code Nn are generated 520, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 through the disposable authentication process through the wireless terminal 120 or at least the authentication code N is transmitted to the wireless terminal 120 And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 6 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.

6 is a flowchart illustrating a media authentication process performed by the media authentication server 1 (FIG. 3) on the combined disposable authentication code implementation system shown in FIG. 3 in the wireless terminal 120 shown in FIG. 2 through the medium authentication process shown in FIG. The medium authentication server 2 105 generates the authentication code Nn as the medium authentication result directly after the medium authentication through the medium authentication server 2 100 and the medium authentication server 2 105, The wireless terminal 120 generates the authentication code n through the authentication code n generation information and transmits the generated authentication code n and the received authentication code Nn 6 is a flowchart illustrating a process for implementing an authentication code N in combination with a media authentication method according to an embodiment of the present invention. Referring to FIG. 6, It is possible to infer various ways of practicing Would, in the present invention are made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 6.

For example, in FIG. 6, the process of generating the authentication code (n) through the authentication code (n) generation information included in the wireless terminal 120 is transmitted from the medium authentication server (2) (N) is received, the present invention is not limited thereto. The process of generating the authentication code (n) may include generating the authentication code (n) (Nn) are combined with each other.

Hereinafter, in FIG. 6, the medium authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 3 is referred to as a "server" for convenience.

Referring to FIG. 6, after media authentication is performed through the media authentication process shown in FIG. 4, the server associates with the storage medium 2 (355) (Nn) generation information for generating an authentication code (Nn) from the generated authentication code (Nn), and generates an authentication code (Nn) through the generated authentication code (Nn) information (605).

If the authentication code Nn is generated 610, the server transmits the authentication code Nn to the wireless terminal 120 through the communication channel 615 and correspondingly transmits the authentication code Nn to the wireless terminal 120 Receives the authentication code Nn through the communication channel 620 and generates the authentication code n through the authentication code n information generated by the wireless terminal 120 at step 625, .

If the authentication code n is generated 630, the wireless terminal 120 generates an authentication code N by combining the authentication code n and the authentication code Nn (635) The authentication code N is transmitted to the wireless terminal 120 through the disposable authentication process through the wireless terminal 120 or the at least one disposable authentication code input And is used for a one-time authentication process through the medium.

FIG. 7 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 7 illustrates a media authentication server 1 (FIG. 2) on the combined disposable authentication code implementation system shown in FIG. 3, at the wireless terminal 120 shown in FIG. 2 through the media authentication process shown in FIG. 100) and the medium authentication server (2) 105, the medium authentication server (2) 105 generates the authentication code (Nn) generation information as the medium authentication result, and the generation When the program code Nn for generating the authentication code Nn is transmitted to the wireless terminal 120 through the authentication code Nn generation information and the authentication code Nn generation information, Generates an authentication code (n) through the authentication code (n) generation information, generates an authentication code (Nn) based on the authentication code (Nn) generation information based on the received program code (Nn) (N) by combining the authentication code (n) and the authentication code (Nn) Those skilled in the art will be able to refer to and / or modify this FIG. 7 to deduce various implementations of the combined disposable authentication code implementation process through media authentication However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 7, a process of generating the authentication code (n) through the authentication code (n) generation information provided in the wireless terminal 120 is transmitted from the medium authentication server (2) The process of generating the authentication code (n) is not limited to the authentication code (n) and the authentication code (n) It is possible to perform at any stage before combining the authentication code Nn.

In FIG. 7, the media authentication server (2) 105 provides the program code Nn to the wireless terminal 120 for convenience. However, the present invention is not limited thereto, (N) is not provided in the wireless terminal 120, the media authentication server (2) 105 may further include the program code (n) in the wireless terminal 120 I will reveal.

Hereinafter, in FIG. 7, the medium authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 3 is referred to as a "server" for convenience.

Referring to FIG. 7, after media authentication is performed through the media authentication process shown in FIG. 4, the server transmits the media authentication information to the wireless terminal 120 (Nn) generation information for generating an authentication code Nn in response to the program code D / B 360 and generating a program code Nn to be transmitted to the wireless terminal 120 in conjunction with the program code D / And transmits the authentication code (Nn) generation information and the program code Nn through the communication channel (705).

In the case where the program code n is not provided to the wireless terminal 120 according to the embodiment of the present invention, the server transmits the program code to be transmitted from the program code D / B 360 to the wireless terminal 120 n), and then transmits the program code (n) through the communication channel, so that the present invention is not limited thereto.

The wireless terminal 120 receives the authentication code Nn generation information and the program code Nn through the communication channel 710 and generates an authentication code n included in the wireless terminal 120 And generates the authentication code Nn based on the authentication code Nn based on the program code Nn 715. The authentication code Nn is generated based on the authentication code Nn.

If the authentication code n and the authentication code Nn are generated 720, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 through the disposable authentication process through the wireless terminal 120 or at least the authentication code N is transmitted to the wireless terminal 120 And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 8 is a diagram illustrating a functional configuration of a wireless terminal 120 that implements a combined disposable authentication code through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 8 illustrates a case where a mobile communication terminal accessing a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (N > = 2) number of digits to the wireless terminal 120. The N (N &gt; = 2) number of digits If n (1 < = n < N) digits partial disposable authentication code generation information for generating n (1 < n &lt; N) digits partial disposable authentication code included in the combined disposable authentication code is provided, (1 < = n < N) digits of the N (N> = 2) combination of disposable authentication codes corresponding to the server medium authentication associated with the authentication is provided to the wireless terminal 120 The portion of n (1 <= n <N) (Nn) digits are generated by the one-time authentication code generation information, and the partial one-time authentication code is generated through the first medium authentication server (2) 105 via the medium authentication server (1) (1 < = n &lt; N) digits after being generated through partial disposable authentication code generation information of (Nn) digits received from the medium authentication server (2) 105 as a server medium result associated with authentication, FIG. 5 is a diagram showing an embodiment of implementing an N-digit combination type disposable authentication code by combining a disposable authentication code and a partial disposable authentication code of (Nn) digits.

In the present invention, the combination type disposable authentication code with N (N> = 2) digits is referred to as a "combination type disposable authentication code" or "authentication code (N)" for convenience, The disposable authentication code is referred to as a "first partial disposable authentication code" or "authentication code (n)" for convenience, and the partial disposable authentication code of the (Nn) (Nn) &quot;.

The present invention is applicable to other terminal devices (for example, HSDPA (High-Speed Downlink Packet (HSDPA), etc.) implementing the combination type disposable authentication code through the medium authentication by referring to and / A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, The present invention is not limited to the above-described embodiments, but may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna And a battery 820. A predetermined modem chip (for example, a modem chip) including a function of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, Frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 8, the wireless terminal 120 implementing the combination type disposable authentication code through the medium authentication includes a controller 800 corresponding to the modem chip, a screen output unit 802 corresponding to an LCD (Liquid Crystal Display) A sound processing unit 810 corresponding to a microphone / speaker, a key input unit 815 corresponding to a keypad, a radio processing unit 840 corresponding to an antenna and various RF modules, A memory unit 825, and a battery 820 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may include an IC chip 835 mounted on or removed from the wireless terminal 120 for providing various financial services And an IC chip reader unit 830 for reading / writing predetermined information (or data) to / from the IC chip 835 .

The control unit 800 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and is provided with a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory element. And a bus (BUS) for inputting / outputting program data and a predetermined electronic circuit (or an integrated circuit) provided for the bus. The memory unit 825 or the memory device (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 is conveniently provided in the control unit 800 (Not shown) and at least one or more system management routines (e.g., power management routines, channel (forward / backward) management), and the like. (Not shown), and various functional configurations to be implemented in the wireless terminal 120 are realized by the controller 800. [0031] The wireless terminal 120 may be a wireless terminal,

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 800), the wireless terminal (120) performs a predetermined boot procedure to load the system configuration detailed state, the pilot channel acquisition detailed state, the synchronization channel acquisition detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

After performing the booting procedure, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the control unit 800, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the combination type disposable authentication code through the medium authentication is such that the wireless terminal 120 can be started (i.e., started) through a predetermined key input in an operation mode corresponding to the " Or realized).

The screen output unit 805 is a function configuration unit for screening operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. The screen output unit 805 includes one or more LCDs And a driver for driving the screen output device. The control unit 800 outputs at least one key data input through the key input unit 815 in association with the control unit 800, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to an embodiment of the present invention, the screen output unit 805 displays a menu screen corresponding to the function of implementing the combination type disposable authentication code through the medium authentication, a function processing screen for implementing the combination type disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 810 is a functional unit for processing input and output of sound in each operation mode of the wireless terminal 120. The function processing unit 810 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to an embodiment of the present invention, the sound processing unit 810 may receive a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 810 may be operable to reproduce at least one sound content or multimedia content provided (or downloaded) from the wireless terminal 120 in at least one operation mode including the "mobile station call waiting state & It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 815 may include a key input unit having at least one key button including a predetermined numeric key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the control unit 800, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the control unit 800 The control unit 800 reads out predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (e.g., corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (managing) at least one key data to the key event) And is a command to execute a predetermined function defined characterized in that the shipping dock.

According to an embodiment of the present invention, the key input unit 815 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 815 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to perform various functions provided in the display unit 120. [

According to an embodiment of the present invention, the key input unit 815 preferably performs a function of key input means for inputting at least one key data corresponding to the function of implementing the combination type disposable authentication code through the medium authentication .

The radio processing unit 840 is a functional unit for the radio terminal 120 to connect a radio channel to a base station on a mobile communication network based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (e.g., a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode, or a Power Control in response to each operation mode of the wireless terminal 120 in cooperation with the controller 800. In addition, Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 840 performs radio frequency signal transmission and reception functions (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the combination type disposable authentication code through the medium authentication. Amplification, filtering, and the like).

In particular, the radio processing unit 840 may process the information or signal transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement the combined disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 shown in FIG. 8 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processor 840 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to a wireless network based on IEEE 802.16x, the wireless processing unit 840 may be configured to include a wireless communication function configuration that implements a combination type disposable authentication code The present invention is not limited to this configuration, and may include a wireless communication function configuration for accessing the IEEE 802.16x-based wireless network and implementing the combined disposable authentication code through the media authentication.

The IC chip reader 830 may include an IC chip 835 mounted on or removed from the wireless terminal 120 through an IC chip 835 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or a combination of at least one information (or data or command) with the ISO / IEC 7816 standard or the ISO / IEC 7816 standard, (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 835 through an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the specification including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 835 mounted on or removed from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal (Input / output interface) for communicating (e.g., exchanging commands or data) with the IC chip reader unit 830 through contact points such as a clock signal CLK, ground GND, programming power supply VPP, or input / A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating internal resources of an IC card is stored in the IC chip reader 830 through a power supply (VCC) contact point of the input / When the power is supplied, the COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 835, and a clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And controls the exchange of information or data between the IC chip 835 and the IC chip reader unit 830 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 835 storage information (for example, program code and data for IC chip 835) for implementing a combination type disposable authentication code through medium authentication is stored in the memory of IC chip 835 The storage information of the IC chip 835 may include a storage unit (not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer's wireless terminal. And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) comprising an instruction call code that interacts with the instruction set of the COS and an execution code that is processed by the processor unit (Not shown) is provided with a processing unit (not shown) corresponding to the client wireless terminal. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 835 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a CSN (Chip Serial Number) is stored, And the IC chip 835 storage information for the present invention includes the protection area and the COS control area. In this case, It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service And an element file (EF) containing actual information or data. The IC chip 835 storage information for the present invention also includes the file structure as described above.

According to the embodiment of the present invention, the IC chip 835 may store the user authentication IC chip 835 storage information or the terminal authentication IC chip 835 storage information for authenticating the validity of the user of the wireless terminal 120 It is preferable that one or more of them are provided.

The user authentication IC chip 835 storage information or the terminal authentication IC chip 835 storage information is used to store the user authentication information inputted through the key input unit 815 to the IC chip 835 authentication code (Or the wireless terminal 120) using the identification information of the terminal medium IC chip 835 as identification information of the terminal medium IC chip 835 and return the authentication result information of the terminal medium IC chip 835, A technical feature that the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated through the IC chip 835 authentication code in the IC chip 835, Since the user of the wireless terminal 120 (or the wireless terminal 120) knows the technical characteristic of returning the authentication result information of the terminal medium IC chip 835 corresponding to the authentication result, a detailed description thereof will be omitted for the sake of simplicity. .

The IC chip 835 may store the server authentication IC chip 835 storage information for authenticating the validity of the medium authentication server 1 100 or the medium authentication server 2 105, As shown in FIG.

The storage information of the server authentication IC chip 835 may be stored in the storage medium of the medium authentication server 1 100 through the server medium 1 IC chip 835 authentication information received from the medium authentication server 1 (2) IC chip (835) authentication information received from the medium authentication server (2) (105), or after returning authentication result information of the server medium (1) It is preferable to return the authentication result information of the server medium 2 IC chip 835 after validating the validity of the medium authentication server 2 105 through the authentication server 105. In the technical field of the present invention, (1) 100 authentication information through the IC chip 835 authentication information of the server medium 1 IC chip 835 and the media authentication server 1 (100) (1) a technical feature that returns the IC chip 835 authentication result information corresponding to the authentication result of the server medium (2) IC chip (835) (2) IC chip 835 authentication result information corresponding to the authentication result of the medium authentication server (2) 105 and the technical characteristic of authenticating the medium authentication server 2 (105) The detailed description thereof will be omitted for the sake of convenience.

In addition, the memory provided in the IC chip 835 generates an authentication code (n) for generating the authentication code (n) in order to implement the combination type disposable authentication code through the medium authentication instead of the memory unit 825 (N) of the combination type disposable authentication codes having N (N > = 2) digits, the authentication code (n) generating information is capable of storing information (e.g., a seed value for generating an authentication code and a seed value for generating a partial disposable authentication code of n (1 < = n < N) digits.

Alternatively, the memory provided in the IC chip 835 may store server authentication information in order to implement the combined disposable authentication code through the medium authentication in place of the memory unit 825, And is provided on the IC chip 835 in the form of a server certificate provided in the IC chip 835.

The memory unit 825 may be a storage medium for storing at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

According to the embodiment of the present invention, the memory unit 825 may generate authentication code (n) generation information (e.g., authentication code (n)) for generating the authentication code (n) n) for generating a seed value).

Here, the authentication code (n) generation information includes a seed value for generating a partial disposable authentication code of n (1 <= n <N) digits among N (N> = 2) .

In addition, the memory unit 825 may include a media authentication server (not shown) for the media authentication server (1) 100 that authenticates the terminal medium corresponding to the wireless terminal 120 to implement the combination type disposable authentication code through the media authentication, (100) information (for example, address information of the medium authentication server (1) 100, unique information of the medium authentication server (1) 100) (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)).

According to another embodiment of the present invention, the authentication code (n) generation information can be stored in a memory on the IC chip 835, and the present invention is characterized in that the generation information of the authentication code (n) ) Stored in a memory on the network.

Referring to FIG. 8, the wireless terminal 120 implementing the combined disposable authentication code through the medium authentication includes an information input unit for receiving user authentication information through the key input unit 815.

The information input unit outputs the user authentication information input interface in cooperation with the screen output unit 805 to implement the combination type disposable authentication code through the medium authentication, And requests the user to input user authentication information for implementing the disposable authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 815. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be transmitted to the wireless terminal 120 through the user authentication IC chip 835 storage information or the terminal authentication IC chip 835 storage information provided in the IC chip 835 (or the USIM) And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 8, when the combined type disposable authentication code is implemented through server medium authentication performed in association with the terminal medium authentication, the wireless terminal 120 transmits the user authentication information input through the information input unit to the base And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the wireless processing unit 840 to transmit the terminal medium authentication information to the medium corresponding to the wireless terminal 120 (1) authentication information from the media authentication server (1) (100), and reads the authentication information of the server medium (1) A server authentication unit (1) (850) for authenticating the server medium and transmitting the server medium (1) authentication result information to the media authentication server (1) (100) in cooperation with the wireless processing unit (840) In association with the radio processing unit 840, Receives the terminal medium authentication code corresponding to the server medium (1) authentication result information from the medium authentication server (1) (100), and transmits the received terminal medium authentication code to the medium authentication server (2) (2) 855 for processing the medium corresponding to the wireless terminal 120 to be secondly authenticated so that the media authentication server 2 (105) And a receiving unit (860) for receiving authentication code (Nn) generation information corresponding to the medium (2) authentication result information.

According to another embodiment of the present invention, when the terminal 120 receives the terminal medium authentication code corresponding to the server medium 1 authentication result information from the medium authentication server (1) 100, (2) 855 is transmitted to the authentication processing unit (1) 845 through the terminal medium authentication code in a similar (or identical) manner to the first authentication method of the medium corresponding to the wireless terminal 120 (Or the same) as the method of authenticating the medium corresponding to the wireless terminal 120 and authenticating the server medium by the server authentication unit (1) 850 in the server authentication unit 2 (not shown) (1) 845 and the server authentication unit (1) 850, if it is possible to authenticate the server medium in one way and have a general knowledge in the technical field of the present invention, The authentication processing unit 2 (855) and the server authentication unit 2 (not shown) Since there can be deduced the technical features for authenticating the member and the media server, a detailed description thereof in this Figure 8 it will be omitted for convenience.

When the combined disposable authentication code is implemented through the server medium authentication performed in conjunction with the terminal medium authentication, the authentication processing unit (1) 845 transmits the terminal medium in the medium authentication server (1) 100 on the communication network And generates the terminal medium authentication information based on the user authentication information input through the information input unit to process the authentication information.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 It is preferable that the authentication processing unit (1) 845 generates terminal medium authentication information including the user authentication information and the unique information of the wireless terminal (120).

For example, the authentication processing unit (1) 845 preferably generates the terminal medium authentication information by concatenating the user authentication information with the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 845 may generate a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the authenticator, the user authentication information, and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 835 (or USIM) via the user authentication IC chip 835 storage information or the terminal authentication IC chip 835 storage information The authentication processing unit (1) 845 transmits the authentication result to the IC chip reader unit 830 through the IC chip reader unit 830 when the authentication processing unit (1) 845 includes at least one PIN or password for authenticating the validity of the user of the wireless terminal 120 The user authentication information is provided to the user authentication IC chip 835 stored in the IC chip 835 (or the USIM) or the terminal authentication IC chip 835 storage information to be authenticated, When the IC chip 835 (or the USIM) returns the authentication result information of the terminal medium IC chip 835 through the user authentication information, the authentication result information of the terminal medium IC chip 835 and the authentication result information of the wireless terminal 120 ) Terminal medium authentication information including unique information .

For example, the authentication processing unit (1) 845 preferably generates the terminal medium authentication information by concatenating the authentication result information of the terminal medium IC chip 835 with the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 845 may have at least one of the authentication result information of the terminal medium IC chip 835 and the unique information of the wireless terminal 120 be hashed as a one-way hash function, And generates the terminal medium authentication information by concatenating at least one of the terminal medium verifier, the terminal medium IC chip 835 authentication result information, and the wireless terminal 120 specific information.

The terminal medium IC chip 835 may include at least one additional information item to be included in the terminal medium authentication information in addition to the authentication result information of the terminal medium IC chip 835 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ) Or a secret number, the authentication processing unit (1) 845 hashashes the user authentication information through a one-way hash function, and transmits the hashed user authentication information, at least one random number value (For example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function), and generates a terminal media verifier The terminal medium authentication information including the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 And the authentication processing unit (1) 845 can further hash the terminal media verifier according to the intention of a person skilled in the art.

For example, the authentication processing unit 1 (845) concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, It is preferable to generate the medium authentication information.

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processing unit (1) 845 transmits the terminal medium authentication information to the medium authentication server (1) 100 on the communication network securely (Or the IC chip 835) with the encryption key included in the memory unit 825 (or the IC chip 835).

When the terminal medium authentication information is generated as described above, the authentication processing unit 1 (845) associates the generated terminal medium authentication information with the wireless processing unit 840 to the medium authentication server (1) 100 on the communication network And the media authentication server (1) (100) authenticates the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 835 (or USIM) via the user authentication IC chip 835 storage information or the terminal authentication IC chip 835 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And transmits the authentication information to the IC chip 835 based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium provided to (or associated with) the media authentication server (1) ) (Or USIM) (Or the terminal medium IC chip 835) authentication information through the same logic as the user authentication IC chip 835 storage information or the terminal authentication IC chip 835 storage information (835) authentication information included in the terminal medium IC chip 835 authentication information included in the terminal medium IC chip 835 authentication information and the terminal medium IC chip 835 authentication information included in the terminal medium authentication information And verifies the validity of the terminal medium.

If at least one of the authentication result information of the terminal medium IC chip 835 and the unique information of the wireless terminal 120 is hashed as a one-way hash function and the terminal media verifier is included in the terminal medium authentication information, The media authentication server (1) (100) transmits at least one of the authentication information of the terminal medium IC chip (835) provided in the storage medium and the unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal authentication information is authenticated through any one of the above-described methods, the media authentication server (1) (100) authenticates the medium authentication (1) based on the server authentication information stored in the storage medium (Or extracts) the server medium authentication information (1) for authenticating the medium corresponding to the server (1) (100).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit 825 (or an IC chip 835 or USIM) provided in the wireless terminal 120 And the server authentication information is stored in the server certificate included in the memory unit 825 (or the IC chip 835, or USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information is transmitted to a server (not shown) authenticated by the user authentication IC chip 835 stored in the IC chip 835 (or USIM) And the authentication information of the medium IC chip 835.

According to another embodiment of the present invention, the server authentication information is preferably matched with information (for example, user authentication information) input through the key input unit 815 provided in the wireless terminal 120. [

When the server authentication information is matched with the server authentication information stored in the memory unit 825 (or the IC chip 835 or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The media authentication server (1) (100) preferably generates the server medium authentication information (1) including the server authentication information and the medium authentication server (1) (100) information.

For example, the media authentication server (1) (100) preferably concatenates the server authentication information and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

Alternatively, the media authentication server (1) 100 may have at least one of the server authentication information and the medium authentication server (1) 100 information hashed as a one-way hash function, and then XORed to generate a server medium verifier , The server medium verifier, the server authentication information, and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

(1) 100, at least one additional information item to be included in the server medium authentication information (1) and at least one additional information item to be included in the server medium authentication information (1) It is possible to deduce a technical feature of including the information in the server medium authentication information 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, the server authentication information is authenticated by the user authentication IC chip 835 storage information provided in the IC chip 835 (or USIM) included in the wireless terminal 120, When the IC chip 835 includes authentication information of the IC chip 835, the media authentication server 1 100 transmits the server authentication information from the wireless terminal 120 to the server 835 (or USIM) The server medium IC chip 835 authentication information and the server medium IC chip 835 authentication information are generated in the server medium IC chip 835 authentication information form for processing to be authenticated by providing the authentication IC chip 835 as storage information, It is preferable to generate the server medium authentication information (1) including information.

For example, the medium authentication server (1) 100 preferably generates the server medium authentication information (1) by concatenating the server medium IC chip 835 authentication information and the medium authentication server (1) 100 information Do.

Alternatively, the media authentication server (1) 100 may have at least one of the server medium IC chip 835 authentication information and the medium authentication server (1) 100 information be hashed as a one-way hash function, and XORed The server medium verifier, the server medium IC chip 835 authentication information, and the medium authentication server 1 (100) information to generate the server medium authentication information (1) .

The server medium IC chip 835 and the medium authentication server 1 100 may be provided with at least one or more than one server medium IC chip 835 to be included in the server medium authentication information 1, The additional information item and the additional information may be included in the server medium authentication information (1). The present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 815 provided in the wireless terminal 120, (1) 100 hashash the server authentication information through a one-way hash function, and transmits the hashed server authentication information, at least one random number value (e.g., a random number value generated by the server) (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium verifier, and the generated server medium verifier and the server It is preferable to generate the server medium authentication information 1 including authentication information, at least one or more random number information, and the medium authentication server 1 (100) information, and the medium authentication server 1 ( 100) It is possible to further hash the underlying server media verifier.

For example, the media authentication server (1) 100 may include the server medium verifier (or the hashed server medium verifier), the server authentication information, at least one random number information, and the medium authentication server (1) And generate the server medium authentication information (1) by concatenation.

The server authentication information (1) may include at least one of the server authentication information, at least one random number information, and the media authentication server (1) (100) information in addition to the server authentication information It is possible to deduce a technical feature that the additional information item (e.g., a prime number) and the additional information are included in the server medium authentication information (1), and the present invention includes all the inferable information items do.

In addition, those skilled in the art will be able to deduce various methods of generating the server medium authentication information (1) based on the server authentication information, in addition to the above-described embodiments, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

When the server medium authentication information (1) is generated through any one of the above-described methods, the medium authentication server (1) (100) transmits the server medium authentication information (1) 120 with at least one encryption key for secure transmission.

When the server medium authentication information (1) is generated as described above, the medium authentication server (1) (100) transmits the server medium authentication information (1) to the wireless terminal (120) The server authentication unit 1 850 receives the server medium authentication information 1 from the medium authentication server 1 100. When the server medium authentication information 1 is encrypted , And decrypt the encrypted server medium authentication information (1) through at least one decryption key.

The server authentication unit (1) 850 reads the server medium authentication information (1) and authenticates the server medium when the server medium authentication information (1) is received. The server medium authentication information It is preferable that the encrypted server medium authentication information (1) is decrypted through at least one decryption key when the encrypted server medium authentication information (1) is encrypted.

When the server authentication information is matched with the server authentication information stored in the memory unit 825 (or the IC chip 835 or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The server authentication unit 1 850 receives the medium authentication server 1 information 100 stored in the memory unit 825 or the medium authentication information 1 through the communication session information for receiving the server medium authentication information 1, (1) (100) information with the medium authentication server (1) (100) information included in the server medium authentication information (1) to verify the validity of the medium authentication server (1) And compares the server authentication information stored in the memory unit 825 (or the IC chip 835 or the USIM) with the server authentication information included in the server medium authentication information 1 to authenticate the validity of the server medium .

If at least one of the server authentication information and the medium authentication server (1) 100 information is hashed in the server medium authentication information (1) by a one-way hash function and XOR operation is performed, The server authentication unit 1 550 transmits the server authentication information included in the memory unit 825 (or the IC chip 835 or the USIM) to the medium authentication server 1 (100) Information of the server medium verifier and the server medium verifier in the same manner as the server medium verifier and then XORs the server medium verifier to generate a server medium verifier and compares the server medium verifier and the server medium verifier to verify the validity of the server medium And the like.

According to another embodiment of the present invention, the server authentication information is authenticated by the user authentication IC chip 835 storage information provided in the IC chip 835 (or USIM) included in the wireless terminal 120, The server authentication unit 1 550 stores the information of the medium authentication server 100 stored in the memory unit 825 or the server medium authentication information 1 (1) 100) information included in the server medium authentication information (1) by comparing the information of the medium authentication server (1) (100) identified by the communication session information for receiving the medium authentication server The server medium IC chip 835 authenticates the validity of the server medium IC chip 835 included in the server medium authentication information 1 and transmits the server medium IC chip 835 authentication information included in the server medium authentication information 1 to the IC chip 835 The server medium IC chip 835 is provided with the server authentication IC chip 835 storage information to authenticate the server medium IC chip 835 authentication information, When the authentication result information is returned, the authentication result information of the server medium IC chip 835 is read and the validity of the server medium IC chip 835 is authenticated.

If one or more pieces of information of the server medium IC chip 835 authentication information and the medium authentication server (1) 100 information are hashed by the one-way hash function in the server medium authentication information (1) The server authentication unit 1 (850) transmits authentication information of the server medium IC chip 835 provided in the storage medium and information of the medium authentication server (1) 100 confirmed through the communication session The server medium verifier and the server medium authenticator, and verifies the validity of the server medium verifier by comparing the server medium verifier and the server medium authenticator It is preferable to further comprise

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 815 provided in the wireless terminal 120, (1) 850 receives the media authentication server 1 (100) information stored in the memory unit 825 (or the media authentication server (1) (100) information with the medium authentication server (1) 100 information included in the server medium authentication information (1) to authenticate the validity of the medium authentication server (1) (Hash) a server authentication information stored in a storage medium provided in (or linked to) the media authentication server (1) 100 through a one-way hash function, and transmits the hashed server authentication information, at least one random number value A random number value included in the server medium authentication information (1)), (1) (100) information (or the medium authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium authenticator, and the server medium authentication information And verifying the validity of the server medium by comparing the included server medium verifier with the generated server medium verifier.

Those skilled in the art will be able to deduce various methods of authenticating the server medium authentication information 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

When the server medium authentication information 1 is authenticated through any one of the above-described methods, the server authentication unit 1 (850) associates the server medium 1 authentication result (1) with the radio processing unit 840 Information to the media authentication server (1) (100).

When the server medium 1 authentication result information is received, the media authentication server (1) 100 generates (or extracts) a terminal medium authentication code corresponding to the authentication result of the server medium (1) The authentication processing unit 2 (855) receives the terminal medium authentication code from the medium authentication server (1) (100).

Then, the authentication processing unit 2 (855) transmits the received terminal medium authentication code to the medium authentication server (2) 105 through a communication network.

According to the embodiment of the present invention, the authentication processing unit 2 (855) generates the terminal medium authentication information through the user authentication information and transmits the same to the media authentication server (1) (100) (For example, concatenating the terminal medium authentication code with the unique information of the wireless terminal 120) or creating a terminal media verifier including the terminal medium authentication code and the unique information of the wireless terminal 120 The terminal authentication information may be transmitted to the media authentication server 2 105. If the terminal authentication information is generated by the terminal authentication method, The technical features of processing the code will be inferred, and a detailed description thereof will be omitted for the sake of convenience.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code (Or extracting) the authentication code Nn generation information for generating the authentication code Nn to the wireless terminal 120 and correspondingly the receiver 860 transmits the authentication code Nn to the wireless processor 840 And receives the authentication code (Nn) generation information through the network.

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the medium authentication server 2 (105) (Nn) for generating the authentication code (Nn) through the authentication code (Nn) generation information to the wireless terminal (120) in response to the terminal medium authentication, The receiving unit 860 further receives a program code Nn for generating the authentication code Nn through the wireless communication unit 840 through the authentication code Nn generation information.

Alternatively, when the program code for generating the authentication code (n) is not provided to the wireless terminal 120 through the authentication code (n) generation information, the medium authentication server (2) (105) It is preferable to further transmit the program code (n) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in response to the authentication, ) Further comprises a program code (n) for generating the authentication code (n) through the wireless processing unit (840) through the authentication code (n) generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code Nn to be included in combination with the authentication code N of the wireless terminal 800 and transmits the authentication code Nn to the wireless terminal 120. In response to the authentication code Nn, The authentication code Nn is received via the authentication code Nn.

Referring to FIG. 8, the wireless terminal 120 generates an authentication code (n) through authentication code (n) generation information in association with the memory unit 825, And an authentication code generation unit (865) for generating an authentication code (Nn) through the authentication code (Nn) generation information.

If the program code n for generating the authentication code n is provided to the authentication code generation unit 865, the authentication code generation unit 865 generates the authentication code (n) stored in the memory unit 825 (n) is generated by using the output information of the authentication code (n) by the output processing unit (875), and the authentication code (n) Codes Nn may be combined and generated at any time before the authentication code N is generated, and the present invention is not limited by the generation time of the authentication code n.

On the other hand, when the authentication code generation unit 865 is provided with the program code n for generating the authentication code n, the authentication code generation unit 865 generates the program code n, which is received through the reception unit 860, (n) generated using the authentication code (n) generation information stored in the memory unit 825 through the authentication code (n).

If the program code Nn for generating the authentication code Nn is provided to the authentication code generation unit 865, the authentication code generation unit 865 generates the authentication code Nn through the reception unit 860 Nn) generation information is received, the authentication code generation unit 865 generates an authentication code Nn of (Nn) digits using the received authentication code (Nn) generation information.

If the program code Nn for generating the authentication code Nn is not provided to the authentication code generation unit 865, the authentication code generation unit 865 generates an authentication code Nn through the reception unit 860, (Nn) generation information is received, the authentication code generation unit 865 generates the authentication code (Nn) using the received authentication code (Nn) generation information through the program code (Nn) received through the reception unit 860, It is preferable to generate the authentication code Nn of the number of digits.

According to another embodiment of the present invention, when the authentication code Nn is directly received through the receiver 860, the authentication code generator 865 may omit generating the authentication code Nn, The present invention is not limited thereto.

Those skilled in the art will appreciate that the authentication code generation unit 865 may generate a technical feature for generating an authentication code n of n digits using the authentication code n generation information, (Nn) digits of the authentication code (Nn) using the authentication code (Nn) generation information, the detailed description thereof will be omitted for the sake of convenience.

8, the wireless terminal 120 includes a code combining unit 870 for generating an authentication code N by combining the authentication code n and the authentication code Nn, And an output processing unit (875) for outputting the generated authentication code (N) in association with the authentication code (805).

When the authentication code (n) and the authentication code (Nn) are generated by the authentication code generation unit 865, the code combination unit 870 combines the authentication code (n) and the authentication code (Nn) And generates a digit number authentication code (N).

According to an embodiment of the present invention, the code combining unit 870 preferably generates an N-digit authentication code N by concatenating the authentication code n and the authentication code Nn.

For example, if the authentication code (n) is "123" and the authentication code (Nn) is "456", the code combining unit 870 concatenates the authentication code (n) It is preferable to generate code (N) "123456 &quot;.

According to another embodiment of the present invention, the code combining unit 870 generates an N-digit authentication code N by performing an OR operation on the authentication code n and the authentication code Nn, (n) and the authentication code Nn are designated, the code combining unit 870 inserts the corresponding code at the position of the authentication code n and the authentication code Nn, It is preferable to generate the code N.

For example, if the authentication code (n) is "103050" and the authentication code (Nn) is "020406", the code combination unit 870 ORs the authentication code (n) and the authentication code It is preferable to generate the authentication code (N) "123456 &quot;.

If the authentication code n is "1? 3? 5?" And the authentication code Nn is "? 2? 4? 6", the code combining unit 870 generates the authentication code n, (N) "123456" by inserting each code into the position of the position of the authentication code (Nn) and the authentication code (Nn).

According to another embodiment of the present invention, the code combining unit 870 substitutes the authentication code (n) and the authentication code (Nn) into at least one code generation function (e.g., a hash function) It is preferable to generate the authentication code (N) of the code generation function, and the present invention is not limited by the code generation function type and the algorithm.

When the N number of authentication codes N are generated by combining the authentication code n and the authentication code Nn, the output processing unit 875 generates an N number of digitized authentication codes N in cooperation with the screen output unit 805, (N) of the wireless terminal (120) to a predetermined area on the screen of the wireless terminal (120).

According to one embodiment of the present invention, the output processing unit 875 outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in cooperation with the screen output unit 805, To output the generated N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit 875 outputs the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in association with the screen output unit 805 And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 9 is a diagram showing a system configuration of a combination type disposable authentication code by medium authentication according to another embodiment of the present invention.

In more detail, FIG. 9 illustrates a case where the wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 8, (N > = 2) digits of the disposable authentication code is implemented in the authentication system according to the first embodiment of the present invention. The present invention may be embodied in all of the above modes of practicing the present invention, and it is to be understood that the present invention is not limited to the above-described embodiments, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 9, the system for implementing a combination type disposable authentication code through the medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 8, a wireless terminal 120 connected to the wireless terminal 120, A media authentication server (1) (100) for performing a first terminal medium authentication for the wireless terminal (120) and transmitting a terminal medium authentication code to the wireless terminal (120) in response to the first medium authentication result , An authentication code (Nn) for generating second authentication code (Nn) to the wireless terminal (120) in response to the second medium authentication result, And a media authentication server (2) (105) for providing the authentication information (Nn) generation information or generating an authentication code (Nn) of (Nn) digits and providing it to the wireless terminal (120).

In order to implement the combination type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 may include authentication code (n) generation information in the memory unit (or IC chip) to implement the N (N> = 2) digit combined disposable authentication codes, (1 < = n < N) number of authentication codes (n) through the generation information.

Also, the wireless terminal 120 receives the terminal medium authentication code from the media authentication server (1) 100 as a result of the first terminal medium authentication, and transmits the received terminal medium authentication code to the media authentication server 2) &lt; / RTI &gt;

In addition, the wireless terminal 120 transmits an authentication code (Nn) for generating (Nn) digit authentication code (Nn) from the media authentication server (2) 105 in response to the server medium authentication associated with the terminal medium authentication (Nn) generation information from the server and generating an authentication code (Nn) of (Nn) digits from the server through the received authentication code (Nn) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 in response to the server medium authentication associated with the terminal medium authentication .

When the authentication code N of the n digits is generated and the authentication code Nn of the number Nn is generated, the wireless terminal 120 combines the authentication code n and the authentication code Nn into N (N), and outputs the generated authentication code (N) to the screen of the wireless terminal (120).

9 shows a technical characteristic of generating the authentication code Nn of the n-digit authentication code n and the (Nn) digit in the wireless terminal 120 and the authentication code Nn and the authentication code Nn The technical features of generating an N-digit authentication code N by combining the authentication code N will be described with reference to FIG. 8, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) (100) associates and stores user authentication information for authentication of the terminal medium with unique information of the wireless terminal (120) (Or interlocking) a storage medium (1) 940 for further storing terminal media authentication rule information through unique information. The storage medium (1) 940 includes a server medium 1 ) Authentication information (1) for generating the authentication information, or further associates and stores the authentication code generation rule information for generating the terminal medium authentication code.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, It is preferable that one or more media authentication rules are stored in the storage medium (1) 940 when the media authentication server (1) 100 has implemented the terminal media authentication rules in the form of a program code , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 940, and thus the present invention is not limited thereto.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 970 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code The storage medium 2 (970) generates authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) when the terminal medium is authenticated, The authentication code generation rule information for generating the authentication code Nn to be transmitted to the terminal 120 is further stored in association with each other.

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) When the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 970, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 or a rule for generating the authentication code (Nn) to be transmitted to the wireless terminal 120 It is preferable that at least one rule for generating the authentication code generation rule is defined in the form of a program code in the media authentication server 2 105, The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

When the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information according to another embodiment of the present invention, the storage medium (2) 970 may store user authentication information (not shown), a wireless terminal 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (n) or the authentication code (Nn) is not provided to the wireless terminal 120, the media authentication server (2) (N) for generating the authentication code (n) or the program code (Nn) for generating the authentication code (Nn) according to a platform (e.g., a program interpreter, an operating system, 120), and a program code D / B 975 for classifying and storing the program codes.

(N) for generating the authentication code (n) according to a platform of a plurality of wireless terminals 120, or the authentication code (Nn) if it is known to those skilled in the art to which the present invention belongs And the detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 includes an interface unit 900 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 900 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system), the interface unit 900 transmits, And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 9, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An authentication information receiving unit 905 for receiving the terminal medium authentication information in association with the interface unit, a terminal authentication unit 905 for reading the received terminal medium authentication information and authenticating the terminal medium corresponding to the wireless terminal 120, An authentication information generation unit (915) for generating authentication information of a server medium (1) to be transmitted to the wireless terminal (120) upon authentication of the terminal medium; An authentication information transmission unit 920 for transmitting authentication information of the server medium 1 to the wireless terminal 120 and server medium authentication result information for the server medium 1 authentication information from the wireless terminal 120 An information receiving unit 925 for receiving, An authentication code generation unit 930 for generating a terminal medium authentication code when receiving the server medium authentication result information, and an authentication code generation unit 930 for transmitting the generated terminal medium authentication code to the wireless terminal 120 in cooperation with the interface unit 900 And an authentication code transmitting unit 935. [

When the wireless terminal 120 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 905 transmits the terminal medium authentication information to the wireless terminal 120, It is preferable that the authentication information receiving unit 905 decrypts the encrypted terminal medium authentication information through the decryption key when the terminal medium authentication information is encrypted.

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal media authentication unit (1) 910 confirms the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, And authenticates the validity of the wireless terminal 120 and compares the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (1) (940), which is stored in association with the unique information of the wireless terminal (120), with the user authentication information included in the terminal medium authentication information, Hyosung is certified.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1) 910 transmits at least one of the user authentication information provided in the storage medium (1) 940 and the unique information of the wireless terminal 120 confirmed through the communication session to the same And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 910 confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) based on user authentication information stored in association with the unique information of the wireless terminal 120 in a storage medium 1 (940) provided in (or linked to) User authentication IC chip storage information, Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or stores the terminal medium IC chip authentication information when the terminal medium IC chip authentication information is stored in the storage medium (1) 940) And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit (1) 910 transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 940 and the unique information of the wireless terminal 120 confirmed through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication unit (1) 910 transmits the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 940 stored in the terminal medium authenticating section (1) 910 and authenticated to the terminal medium authenticating section (1) 910 and stored in association with the unique information of the wireless terminal 120 And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the directional hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above-described methods, the authentication information generating unit 915 generates the authentication information based on the server authentication information (1) stored in the storage medium (1) (Or extracts) server medium (1) authentication information for authenticating a medium corresponding to the medium authentication server (1) (100) at the terminal (120).

According to an embodiment of the present invention, the server authentication information 1 is preferably matched with server authentication information 1 stored in a memory unit (or IC chip or USIM) provided in the wireless terminal 120 And the server authentication information 1 may be stored in a server certificate included in the memory unit (or an IC chip or a USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information (1) is a server medium IC chip (1) authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal And authentication information.

According to another embodiment of the present invention, the server authentication information 1 may be matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120.

When the server authentication information 1 matches with the server authentication information 1 stored in the memory unit (or IC chip or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The authentication information generation unit 915 preferably generates the server medium 1 authentication information including the server authentication information 1 and the medium authentication server 1 information.

For example, the authentication information generation unit 915 preferably generates the server medium (1) authentication information by concatenating the server authentication information (1) and the medium authentication server (1) (100) information.

Alternatively, the authentication information generation unit 915 may have at least one of the server authentication information (1) and the media authentication server (1) (100) information hashed as a one-way hash function, and then XORed to generate a server media verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server authentication information (1), and the medium authentication server (1) (100) information.

(1) authentication information to be included in the server medium (1) authentication information in addition to the server authentication information (1) and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention. And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, the server authentication information (1) is authenticated by the user authentication IC chip storage information provided in the IC chip (or USIM) provided in the wireless terminal 120, The authentication information generation unit 915 provides the server authentication information 1 from the wireless terminal 120 as the server authentication IC chip storage information provided in the IC chip (or USIM) (1) authentication information including the server medium IC chip authentication information and the medium authentication server (1) (100) information is generated in the form of server medium IC chip authentication information for processing to authenticate the server medium Do.

For example, the authentication information generation unit 915 preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the medium authentication server (1) 100 information.

Alternatively, the authentication information generation unit 915 may have at least one of the server medium IC chip authentication information and the medium authentication server (1) 100 information be hashed as a one-way hash function, and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server medium IC chip authentication information, and the medium authentication server (1) 100 information.

The server medium IC chip authentication information and at least one or more additional information items to be included in the server medium 1 authentication information other than the medium authentication server (1) 100 information, if the person skilled in the art is familiar with the present invention And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, when the server authentication information 1 is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, The hash unit 915 hashes the server authentication information 1 through the one-way hash function and transmits the hashed server authentication information 1, at least one random number value (e.g., a random number value generated by the server) Generates a server media verifier by performing at least one XOR operation on the media authentication server (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) (1) authentication information including the server authentication information (1), at least one or more random number information, and the medium authentication server (1) (100) information, according to the intention of a person skilled in the art, Authentication information generating unit 915, It is possible to further hash the server media verifier.

For example, the authentication information generating unit 915 may generate the authentication information including the server medium verifier (or hashed server medium verifier), the server authentication information 1, at least one random number information, the medium authentication server 1 To generate the authentication information of the server medium (1).

(1) authentication information other than the server authentication information (1), at least one random number information, and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention It is possible to deduce at least one additional information item (for example, a prime number) and the additional information in the authentication information of the server medium 1, and the present invention can be applied to a case in which all the additional information items .

In addition, those skilled in the art will be able to deduce various methods of generating the server medium (1) authentication information based on the server authentication information (1), in addition to the above- And the present invention is characterized in that it includes all of the above-mentioned embodiments to be inferred.

When the server medium 1 authentication information is generated as described above, the authentication information transmitting unit 920 transmits the authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit Corresponding to the server medium (1), the wireless terminal (120) authenticates the server medium (1) authentication information and then authenticates the server medium (1) And transmits the result information.

The information receiving unit 925 receives the server medium authentication result information for the server medium 1 authentication information from the wireless terminal 120 when the wireless terminal 120 authenticates the server medium, Upon receiving the server medium authentication result information, the authentication code generation unit 930 generates (or extracts) the terminal medium authentication code using the authentication code generation rule information.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 930, the authentication code transmission unit 935 transmits the generated terminal medium authentication code in cooperation with the interface unit 900 The wireless terminal 120 transmits the terminal authentication code to the wireless terminal 120 through the communication network. The wireless terminal 120 transmits the terminal authentication code to the media authentication server 2 (105) through the communication network.

According to the present invention, the media authentication server (2) 105 includes an interface unit 945 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 945 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the medium authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system), the interface unit 945 transmits, And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

9, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 transmits the terminal authentication code to the terminal A terminal medium authentication unit (955) for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal (120), an authentication code receiving unit (950) for receiving the medium authentication code, (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) or generating the authentication code (Nn) to be transmitted to the wireless terminal (120) And transmits the generated authentication code Nn generation information (or authentication code Nn) to the wireless terminal 120 in cooperation with the interface unit 945. [ (965).

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication code through the communication channel, the authentication code receiving unit 950 receives the terminal medium authentication code, And receives the terminal medium authentication code in association with the encrypted terminal medium authentication code. When the terminal medium authentication code is encrypted, the authentication code receiving unit 950 preferably decrypts the encrypted terminal medium authentication code through a decryption key .

After that, the terminal medium authentication unit (2) 955 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generation unit 960 generates authentication code (Nn) generation information for generating an authentication code (Nn) from the wireless terminal 120 through the authentication code generation rule information Or extraction).

According to another embodiment of the present invention, the information generation unit 960 generates (or extracts) the authentication code (Nn) generation information through the authentication code generation rule information, and generates the authentication code (Nn) (Nn) to be transmitted to the wireless terminal (120).

When the authentication code Nn generation information is generated (or extracted) through the information generation unit 960 according to an embodiment of the present invention, the transmission unit 965 transmits the authentication code Nn generation information to the interface unit 945, And transmits the generated authentication code Nn to the wireless terminal 120. In response to the generated authentication code Nn, the wireless terminal 120 transmits the generated authentication code Nn to the wireless terminal 120 .

When the authentication code Nn is generated (or extracted) through the information generation unit 960 according to another embodiment of the present invention, the transmission unit 965 generates the authentication code Nn in association with the interface unit 945, And transmits the authentication code (Nn) to the wireless terminal (120).

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the transmitter 965 transmits the program code Dn / It is preferable to further transmit the program code Nn to the wireless terminal 120 for generating the authentication code Nn through the authentication code Nn generation information in cooperation with the B 975.

Alternatively, when the wireless terminal 120 does not include the program code (n) for generating the authentication code (n) through the authentication code (n) generation information, the transmitter 965 transmits the program code D It is preferable to further transmit the program code Nn to the wireless terminal 120 for generating the authentication code (n) through the authentication code (n) generation information in association with the authentication code (B) 975.

FIGS. 10a and 10b illustrate a medium authentication procedure for implementing a combined disposable authentication code according to another embodiment of the present invention.

In more detail, FIGS. 10a and 10b illustrate a case where the wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 8, (1) 100 on the combined disposable authentication code implementation system shown in FIG. 9, and performing a second medium authentication with the medium authentication server (2) 105 Those skilled in the art will be able to refer to and / or modify the drawings 10a and 10b to derive various implementations of the media authentication process for implementing the combined disposable authentication code However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited to those of the embodiments shown in FIGS. 10a and 10b.

Hereinafter, the media authentication server (1) 100 on the combined disposable authentication code implementation system shown in FIG. 9 in the figures 10a and 10b is referred to as a "server 1" for convenience and the medium authentication server 2 Quot; server 2 "for the sake of convenience.

Referring to FIGS. 10A and 10B, the wireless terminal 120 checks whether a menu (or a key button) for implementing a combination type disposable authentication code through media authentication is input (1000), and if the combination disposable authentication code When a menu (or a key button) to be implemented is input 1005, the wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, (1010).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is confirmed in step 1015 that the user authentication information is input, the wireless terminal 120 uses the user authentication information to authenticate the terminal medium corresponding to the wireless terminal 120 in the server 1 Terminal medium authentication information is generated (1020).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated (1025), the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 via the communication channel (1030).

Then, the server 1 reads the terminal medium authentication information in cooperation with the storage medium 1 (940), and authenticates the terminal medium (1035).

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server on the communication network to authenticate the terminal medium for the wireless terminal 120, The server checks the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 and the wireless terminal 120 included in the terminal medium authentication information, Authenticates the validity of the wireless terminal 120 by comparing the unique information and transmits the user authentication information stored in the storage medium 1 940 stored in the server in association with the unique information of the wireless terminal 120 And authenticates the validity of the terminal medium by comparing the information with user authentication information included in the terminal medium authentication information.

If the terminal media verifier is included in the terminal media authentication information, the server hashes the at least one of the user authentication information and the unique information of the wireless terminal 120 into the one-way hash function and XORs the terminal authentication information, 1) 940 and the unique information of the wireless terminal 120 confirmed through the communication session, in the same manner as the terminal media verifier, and performs an XOR operation on the at least one information, Generating an authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and if the authentication information includes the at least one personal identification number (PIN) Authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information and stores the stored (or linked) The user authentication IC chip storage information provided in the IC chip (or USIM), or the user authentication IC chip storage information provided in the IC chip (or USIM), based on the user authentication information stored in association with the unique information of the wireless terminal 120, (Or extracts the terminal medium IC chip authentication information when the terminal medium IC chip authentication information is stored in the storage medium (1) 940) through the same logic as the authentication IC chip storage information, And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR operation is performed on the terminal medium authentication information, The terminal medium IC chip authentication information included in the storage medium 1 (940) and the unique information of the wireless terminal 120 confirmed through the communication session, is hashed in the same manner as the terminal medium verifier And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to a server on the communication network, The server verifies the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and transmits the unique information of the wireless terminal 120, which is included in the terminal medium authentication information, The wireless terminal 120 may compare the unique information of the wireless terminal 120 to authenticate the validity of the wireless terminal 120 and store the unique information of the wireless terminal 120 in the storage medium 1 (940) The user authentication information stored in association with the user authentication information is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value (e.g., Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated 1040, the server 1 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel 1045, The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

If the terminal medium authentication information is authenticated 1040, the server 1 transmits the server medium from the wireless terminal 120 based on the server authentication information 1 stored in the storage medium 1 (940) The server medium 1 authentication information for authentication is generated (1050).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, The server authentication information is preferably stored in a server certificate included in the memory unit (or IC chip or USIM).

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 .

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through a key input unit provided in the wireless terminal 120. [

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) authentication information including information on the server (1) and the server (1).

For example, the server preferably generates the server medium (1) authentication information by concatenating the server authentication information and the server (1) information.

Alternatively, the server may generate a server media verifier by hashing at least one of the server authentication information and the server (1) information into a one-way hash function and performing an XOR operation on the server verifier, (1) authentication information by concatenating at least one piece of information of the server medium (1).

(1) authentication information and at least one additional information item to be included in the authentication information of the server medium (1) and the additional information in addition to the server authentication information and the server (1) information, (1) It is possible to deduce a technical feature to be included in the authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The server transmits the server authentication information to the server authentication IC chip storage information provided in the IC chip (or USIM) at the wireless terminal 120 to form a server medium IC chip authentication information , And generates the server medium (1) authentication information including the server medium IC chip authentication information and the server (1) information.

For example, the server preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the server (1) information.

Alternatively, the server hashes the server medium IC chip authentication information and the server 1 information with a one-way hash function, and then performs an XOR operation to generate a server medium verifier. The server medium verifier, the server medium IC It is preferable that at least one chip authentication information and server 1 information are concatenated to generate authentication information of the server medium 1.

The server medium 1 may include at least one additional information item to be included in the authentication information of the server medium 1 and the additional information in addition to the server medium IC chip authentication information and the server 1 information, It is possible to deduce a technical characteristic included in the authentication information of the server medium 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, (For example, a random number value generated by the server), the server 1 information (or the server 1 information (or the server 1 hashed by the one-way hash function) (1) information), and generates a server medium verifier, the server medium verifier including at least one server authentication information, at least one random number information, and server information (1) 1) it is desirable to generate authentication information, and it is possible for the server to further hash the server media verifier according to the intent of the person skilled in the art.

For example, the server generates server medium (1) authentication information by concatenating the server medium verifier (or hashed server medium verifier) with the server authentication information, at least one or more random number information, and server .

(1) authentication information other than the server authentication information, the at least one random number information, and the server (1) information, the at least one additional information item (for example, , A prime number) and the additional information are included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

In addition, those skilled in the art will be able to deduce various methods of generating the authentication information of the server medium 1 based on the server authentication information in addition to the above-described embodiment, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

If the server medium 1 authentication information is generated 1055, the server 1 transmits the server medium 1 authentication information to the wireless terminal 120 through a communication channel (1060) The wireless terminal 120 authenticates the server medium through the server medium 1 authentication information (1065).

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information and compares the server authentication information stored in the memory unit (or IC chip or USIM) with the server authentication information included in the server medium (1) authentication information, And verifies the validity of the server medium.

If the server medium verifier is included in the authentication information of the server medium 1, the wireless terminal 120 may have a hash function of at least one of the server authentication information and the server 1 information, Hashes at least one of the server authentication information provided in the memory unit (or the IC chip or the USIM) and the server 1 information confirmed through the communication session in the same manner as the server medium verifier Generating a server medium authenticator by performing an XOR operation on the server medium authenticator, and comparing the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The wireless terminal 120 transmits the server 1 information stored in the memory unit (or the server 1 information confirmed through the communication session information for receiving the server medium 1 authentication information) (1) information included in the authentication information of the medium (1) to authenticate the validity of the server (1), and transmits the server medium IC chip authentication information included in the server medium (Or USIM) to authenticate the server medium IC chip authentication information, and when the server medium IC chip authentication result information is returned, the server medium IC chip authentication result information is read To the server medium It characterized in that to authenticate the validity.

If one or more pieces of information of the server medium IC chip authentication information and the server (1) information are hashed as a one-way hash function and XOR is performed in the server medium (1) authentication information to include a server medium verifier, (120) transmits at least one or more pieces of server medium IC chip authentication information provided in the storage medium (1) (940) and server (1) information confirmed through the communication session to the server medium verifier To generate a server medium authenticator, and to compare the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, the wireless terminal 120 (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information to authenticate the validity of the server (1), and transmits the server authentication information stored in the storage medium (1) (940) provided to the server (1) through a one-way hash function Hashed by the hashed server authentication information, at least one random number value (e.g., a random number value included in the server medium (1) authentication information), the server 1 information Server 1 information) by at least one XOR operation The server medium authenticator is generated, and the validity of the server medium is verified by comparing the server medium verifier included in the server medium (1) authentication information with the generated server medium authenticator.

Those skilled in the art will be able to deduce various methods of authenticating the authentication information of the server medium 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

If the server medium is not authenticated (1070) through the authentication information of the server medium (1), the wireless terminal 120 generates server medium authentication error information and outputs it to the screen (1075) And ends the process of implementing the combination type disposable authentication code.

If the server medium is authenticated (1070) through the authentication information of the server medium (1), the wireless terminal 120 transmits server medium authentication result information to the server (1) through the communication channel (1080) In response, the server 1 generates a terminal medium authentication code in association with the storage medium 1 (940) and transmits it to the wireless terminal 120 through the communication channel (1085).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel (1090).

Then, the server 2 reads the terminal medium authentication code in conjunction with the storage medium 2 (970), and performs a second authentication process on the terminal medium (1092).

If the terminal medium authentication code is not authenticated (1094), the server (2) generates terminal medium authentication error information and transmits it to the wireless terminal (120) through the communication channel (1096) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

On the other hand, when the terminal medium authentication code is authenticated (1094), the server 2 generates an authentication code (Nn) for generating a combined disposable authentication code through the process shown in FIG. 11, FIG. 12 or FIG. Information or an authentication code (Nn) to the wireless terminal (120).

FIG. 11 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 11 is a diagram illustrating a media authentication server (FIG. 8) on the combined disposable authentication code implementation system shown in FIG. 9, from the wireless terminal 120 shown in FIG. 8 through the media authentication process shown in FIGS. 10a and 10b 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result Generates the authentication code (n) through the authentication code (n) generation information at the wireless terminal 120 and transmits the authentication code (n) to the wireless terminal 120 through the authentication code (N) and then combining the authentication code (n) and the authentication code (Nn) to implement the authentication code (N). If the person skilled in the art is familiar with the present invention , Referring to and / or modifying Figure 11, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

For example, in FIG. 11, a process of generating the authentication code (n) through the authentication code (n) generation information provided in the wireless terminal 120 is transmitted from the media authentication server (2) The process of generating the authentication code (n) is not limited to the authentication code (n) and the authentication code (n) It is possible to perform at any stage before combining the authentication code Nn.

Hereinafter, in FIG. 11, the medium authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 9 is referred to as a "server" for convenience.

Referring to FIG. 11, after the media authentication is performed through the media authentication process shown in FIGS. 10A and 10B, the server, in association with the storage medium 2 (970) The terminal 120 generates (1100) authentication code (Nn) generation information for generating an authentication code (Nn) and transmits the authentication code (Nn) generation information to the wireless terminal 120 via the communication channel The wireless terminal 120 receives the authentication code Nn generation information through the communication channel 1110 and generates an authentication code n included in the wireless terminal 120 Generates the authentication code (n) through information, and generates the authentication code (Nn) through the received authentication code (Nn) generation information (1115).

If the authentication code n and the authentication code Nn are generated 1120, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is output to the wireless terminal 120 in step 1130 and the generated authentication code N is output on the screen of the wireless terminal 120 in step 1130. Thereafter, And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 12 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.

More specifically, FIG. 12 illustrates a media authentication server (FIG. 9) on the combined disposable authentication code implementation system shown in FIG. 9, from the wireless terminal 120 shown in FIG. 8 through the media authentication process shown in FIGS. 10a and 10b 1) 100 and the medium authentication server (2) 105, the media authentication server (2) 105 directly generates the authentication code (Nn) as the medium authentication result, (N) from the authentication code (n) generation information at the wireless terminal 120 and transmits the generated authentication code (n) and the received authentication code (n) to the wireless terminal 120 Nn) to implement the authentication code (N). Those skilled in the art will be able to refer to and / or modify the FIG. 12 to determine the combined disposable Various implementation methods for the authentication code implementation process Would be chuhal, the present invention is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 12.

For example, in FIG. 12, the process of generating the authentication code (n) through the authentication code (n) generation information included in the wireless terminal 120 is transmitted from the medium authentication server (2) (N) is received, the present invention is not limited thereto. The process of generating the authentication code (n) may include generating the authentication code (n) (Nn) are combined with each other.

Hereinafter, in FIG. 12, the media authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 9 is referred to as a "server" for the sake of convenience.

Referring to FIG. 12, after media authentication is performed through the medium authentication process shown in FIGS. 10A and 10B, the server, in association with the storage medium 2 (970) The terminal 120 generates (1200) authentication code (Nn) generation information for generating an authentication code (Nn), and generates an authentication code (Nn) through the generated authentication code (Nn) ).

If the authentication code Nn is generated 1210, the server transmits the authentication code Nn to the wireless terminal 120 through the communication channel 1215 and correspondingly transmits the authentication code Nn to the wireless terminal 120 Receives the authentication code Nn through the communication channel 1220 and generates the authentication code n through the authentication code n information generated by the wireless terminal 120 .

If the authentication code n is generated 1230, the wireless terminal 120 generates 1235 an authentication code N by combining the authentication code n and the authentication code Nn, (N) to the wireless terminal 120 on the screen of the wireless terminal 120 in step 1240. The authentication code N is then transmitted to the wireless terminal 120 through the one-time authentication process through the wireless terminal 120, And is used for a one-time authentication process through the medium.

FIG. 13 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to still another embodiment of the present invention.

In more detail, FIG. 13 illustrates a media authentication server (FIG. 9) on the combined disposable authentication code implementation system shown in FIG. 9, from the wireless terminal 120 shown in FIG. 8 through the media authentication process shown in FIGS. 10a and 10b 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result And transmits a program code Nn for generating an authentication code Nn through the generated authentication code Nn and the authentication code Nn to the wireless terminal 120, 120) generates an authentication code (n) through the authentication code (n) generation information and generates an authentication code (Nn) through the authentication code (Nn) generation information based on the received program code The authentication code N is obtained by combining the authentication code n and the authentication code Nn, If the person skilled in the art is familiar with the process of implementing the present invention, referring to and / or modifying FIG. 13, various methods of implementing the combination type disposable authentication code through the medium authentication However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 13, the process of generating the authentication code (n) through the authentication code (n) generation information provided in the wireless terminal 120 is transmitted from the medium authentication server (2) The process of generating the authentication code (n) is not limited to the authentication code (n) and the authentication code (n) It is possible to perform at any stage before combining the authentication code Nn.

In FIG. 13, the program code Nn is provided to the wireless terminal 120 by the medium authentication server (2) 105 for convenience. However, the present invention is not limited thereto, (N) is not provided in the wireless terminal 120, the media authentication server (2) 105 may further include the program code (n) in the wireless terminal 120 I will reveal.

Hereinafter, in FIG. 13, the media authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 9 is referred to as a "server" for convenience.

Referring to FIG. 13, after media authentication is performed through the media authentication process shown in FIGS. 10A and 10B, the server, in cooperation with the storage medium 2 (970) The terminal 120 generates (1300) authentication code (Nn) generation information for generating an authentication code (Nn) and transmits the generated program code to the wireless terminal 120 in association with the program code D / B 975 (Nn), and transmits the authentication code (Nn) generation information and the program code Nn through the communication channel (1305).

(N) is not provided to the wireless terminal 120 according to an embodiment of the present invention, the server transmits the program code n (n) to be transmitted from the program code D / B 975 to the wireless terminal 120 ), And then transmits the program code (n) through the communication channel, so that the present invention is not limited thereto.

The wireless terminal 120 receives the authentication code Nn generation information and the program code Nn through the communication channel 1310 and generates an authentication code n included in the wireless terminal 120 And generates the authentication code Nn based on the authentication code Nn based on the program code Nn in operation 1315.

If the authentication code n and the authentication code Nn are generated 1320, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 through the disposable authentication process through the wireless terminal 120 or at least the authorization code N is transmitted to the wireless terminal 120 And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 14 is a diagram illustrating a functional configuration of a wireless terminal 120 that implements a combined disposable authentication code via medium authentication according to another embodiment of the present invention.

In more detail, FIG. 14 illustrates a case where a mobile communication terminal accessing a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (N > = 2) number of digits to the wireless terminal 120. The N (N &gt; = 2) number of digits When n (1 < = n < N) digits of partial one-time authentication code generation information for generating n (1 <= n <N) digits partial one-time authentication code included in the combined one- (1 < = n < N) digits of the N (N> = 2) combination type disposable authentication codes after authenticating the terminal medium after authenticating the terminal medium, n (1 <= n <N) part of the number of digits (Nn) digits are generated by the authentication code generation information and the partial one-time authentication code is generated by the second medium authentication through the first medium authentication server (2) 105 via the medium authentication server (1) 100 (Nn) digits received from the media authentication server (2) 105 as a result of the terminal media authentication associated with the authentication information And a partial disposable authentication code of (Nn) digits are combined to implement an N-digit combination disposable authentication code.

In the present invention, the combination type disposable authentication code with N (N> = 2) digits is referred to as a "combination type disposable authentication code" or "authentication code (N)" for convenience, The disposable authentication code is referred to as a "first partial disposable authentication code" or "authentication code (n)" for convenience, and the partial disposable authentication code of the (Nn) (Nn) &quot;.

Those skilled in the art will appreciate that other terminal devices (e.g., HSDPA (High-Speed Downlink Packet (HSDPA), etc.) implementing the combination type disposable authentication code through medium authentication A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, The present invention is not limited to the above-described embodiments, and various modifications and changes may be made without departing from the scope of the present invention.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna And a battery 1420. A predetermined modem chip (for example, a modem chip) including a function of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, A frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 14, the wireless terminal 120 implementing the combination type disposable authentication code through the medium authentication includes a controller 1400 corresponding to the modem chip, a screen output unit (not shown) corresponding to a LCD (Liquid Crystal Display) A sound processing unit 1410 corresponding to a microphone / speaker, a key input unit 1415 corresponding to a keypad, a radio processing unit 1440 corresponding to an antenna and various RF modules, A memory unit 1425, and a battery 1420 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may further include an IC chip 1435 mounted on or removed from the wireless terminal 120 for providing various financial services (or settlement services) And an IC chip reader unit 1430 for reading / writing predetermined information (or data) to / from the IC chip 1435 .

The control unit 1400 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and is provided with a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory element. A bus (BUS) for inputting / outputting program data, and a predetermined electronic circuit (or an integrated circuit) provided for the bus (BUS), and the memory unit 1425 or the memory device (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 may be stored in the control unit 1400 for convenience The program routine of the controller 1400 basically includes an operating system routine (not shown) and at least one system management routine (e.g., a power management routine, a channel (forward / backward) A control routine, a handoff routine, etc.), and the control unit 1400 realizes various functional configurations to be implemented in the wireless terminal 120.

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 1400), the wireless terminal 120 performs a predetermined boot procedure to load the system configuration detailed state, the pilot channel acquisition detailed state, the synchronization channel acquisition detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

After performing the booting procedure, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the controller 1400, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the combination type disposable authentication code through the medium authentication is such that the wireless terminal 120 can be started (i.e., started) through a predetermined key input in an operation mode corresponding to the " Or realized).

The screen output unit 1405 is a function configuration unit for screening operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. One or more And a driver for driving the screen output device. The control unit 1400 may output at least one key data input through the key input unit 1415, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to the embodiment of the present invention, the screen output unit 1405 may include a menu screen corresponding to a function for implementing the combination type disposable authentication code through the medium authentication, a function processing screen for implementing the combination type disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 1410 is a functional unit for processing input and output of sound in each operation mode of the wireless terminal 120. The function processing unit 1410 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to the embodiment of the present invention, the sound processing unit 1410 may receive sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 1410 may be operable to reproduce at least one sound content or multimedia content provided (or downloaded) from the wireless terminal 120 in at least one operation mode including the "mobile station call waiting state & It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 1415 may include a key input unit having at least one key button including a predetermined number key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 1400, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the controller 1400, The control unit 1400 reads predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (e.g., corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (or managing) at least one key data to the key event) And reads a command for executing a predetermined function matched and defined.

According to an embodiment of the present invention, the key input unit 1415 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 1415 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call waiting state" among the operation modes of the wireless terminal 120, It is preferable to perform various functions provided in the display unit 120. [

According to the embodiment of the present invention, the key input unit 1415 preferably performs a function of key input means for inputting at least one key data corresponding to a function of implementing the combination type disposable authentication code through the medium authentication .

The radio processing unit 1440 is a functional unit for connecting a radio channel to a base station on a mobile communication network that operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (e.g., a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode, or a Power Control in response to each operation mode of the wireless terminal 120 in cooperation with the controller 1400. [ Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 1440 performs radio frequency signal transmission and reception functions (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the combination type disposable authentication code through the medium authentication. Amplification, filtering, and the like).

Particularly, the radio processing unit 1440 processes information or signals transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement a combined disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

According to another embodiment of the present invention, if the wireless terminal 120 shown in FIG. 14 is a wireless terminal device connected to a HSDPA-based wireless network, the wireless processor 1440 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x-based wireless network, the wireless processing unit 1440 may be configured to include a wireless communication function configuration that implements a combined one- The present invention is not limited to this configuration, and may include a wireless communication function configuration for accessing the IEEE 802.16x-based wireless network and implementing the combined disposable authentication code through the media authentication.

The IC chip reader unit 1430 may include an IC chip 1435 mounted on or removed from the wireless terminal 120 through an IC chip 1435 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or the ISO / IEC 7816 standard, the function of exchanging at least one piece of information (or data or command) with the ISO / IEC 7816 standard, the financial IC chip 1435, (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 1435 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the standard including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 1435 mounted or detached from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal Output interface (communication) for communicating (e.g., exchanging commands or data) with the IC chip reader unit 1430 through contact points such as a clock signal CLK, ground GND, programming power supply VPP, or input / output A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating internal resources of the IC card is stored in the IC chip reader 1430 through a power supply (VCC) contact point of the input / The COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 1435 and the clock frequency of the clock signal CLK contact point (e.g., 3.57 MHz or 4.9 MHz) And controls the exchange of information or data between the IC chip 1435 and the IC chip reader 1430 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 1435 storage information (for example, program code and data for IC chip 1435) for implementing a combination type disposable authentication code through medium authentication is stored in the memory of IC chip 1435 The storage information of the IC chip 1435 includes a storage unit (not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer wireless terminal and read and / or used. And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) which includes an instruction call code for interacting with the instruction set of the COS and an execution code which is processed by the processor unit (Not shown) corresponding to the application is provided. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 1435 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a CSN (Chip Serial Number) is stored, The IC chip 1435 storage information for the present invention includes the protection area and the COS control area. The area for storing the IC chip 1435 includes a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service (EF) file containing actual information or data. The IC chip 1435 storage information for the present invention also includes the file structure as described above.

According to the embodiment of the present invention, the IC chip 1435 may store the user authentication IC chip 1435 storage information or the terminal authentication IC chip 1435 storage information for authenticating the validity of the user of the wireless terminal 120 It is preferable that one or more of them are provided.

The user authentication IC chip 1435 storage information or the terminal authentication IC chip 1435 storage information is used to authenticate the user authentication information input through the key input unit 1415 to an IC chip 1435 authentication code (Or the wireless terminal 120) by using the identification information of the terminal medium IC chip 1435 and the authentication result information of the terminal medium IC chip 1435 after the authentication of the user of the wireless terminal 120 (or the wireless terminal 120) A technical feature that the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated through the IC chip 1435 authentication code in the IC chip 1435, The technical feature of returning authentication result information of the terminal medium IC chip 1435 corresponding to the authentication result of the user of the wireless terminal 120 (or the wireless terminal 120) is known, .

According to the embodiment of the present invention, the IC chip 1435 is provided with a server authentication IC chip 1435 for storing the validity of the medium authentication server (1) 100 to the medium authentication server (2) 105, As shown in FIG.

The storage information of the server authentication IC chip 1435 may be stored in the server medium 1 via the IC chip 1435 authentication information received from the media authentication server 1 (2) the IC chip (1435) authentication information received from the medium authentication server (2) (105), or after returning authentication result information of the server medium (1) It is preferable to return the authentication result information of the server medium 2 IC chip 1435 after validating the validity of the medium authentication server 2 105 through the authentication server 105. In the technical field of the present invention, (1) 100 in the IC chip 1435 via the IC chip 1435 authentication information in the IC chip 1435 and the technical features of authenticating the media authentication server 1 A server medium 2 corresponding to the authentication result of the IC chip 1435 or a technical feature that returns authentication result information of the server medium 2 IC chip 1435, (2) IC chip 1435 authentication result information corresponding to the authentication result of the medium authentication server 2 (105) and the authentication result information of the server medium (2) IC chip 1435 corresponding to the authentication result of the medium authentication server The detailed description will be omitted for the sake of brevity.

In addition, the memory provided in the IC chip 1435 may generate an authentication code (n) for generating an authentication code (n) in order to implement the combination type disposable authentication code through the medium authentication instead of the memory unit 1425 (N) of the combination type disposable authentication codes having N (N > = 2) digits, the authentication code (n) generating information is capable of storing information (e.g., a seed value for generating an authentication code and a seed value for generating a partial disposable authentication code of n (1 < = n < N) digits.

Alternatively, the memory provided in the IC chip 1435 may store the server authentication information in order to implement the combination type disposable authentication code through the medium authentication instead of the memory unit 1425, It is preferable that the IC chip 1435 is provided on the IC chip 1435 in the form of a server certificate provided in the IC chip 1435.

The memory unit 1425 may be a storage medium for storing at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

According to an embodiment of the present invention, the memory unit 1425 generates authentication code (n) generation information (e.g., authentication code (n)) for generating the authentication code (n) n) for generating a seed value).

Here, the authentication code (n) generation information includes a seed value for generating a partial disposable authentication code of n (1 <= n <N) digits among N (N> = 2) .

In addition, the memory unit 1425 may include a media authentication server (not shown) for the media authentication server (1) 100 that authenticates the terminal medium corresponding to the wireless terminal 120 to implement the combination type disposable authentication code through the media authentication, (100) information (for example, address information of the medium authentication server (1) 100, unique information of the medium authentication server (1) 100) (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)).

According to another embodiment of the present invention, the authentication code (n) generation information can be stored in a memory on the IC chip 1435, and the present invention is characterized in that the generation information of the authentication code (n) ) Stored in a memory on the network.

Referring to FIG. 14, the wireless terminal 120 implementing the combined disposable authentication code through the medium authentication includes an information input unit for receiving user authentication information through the key input unit 1415.

The information input unit outputs the user authentication information input interface in cooperation with the screen output unit 1405 to implement the combination type disposable authentication code through the medium authentication, And requests the user to input user authentication information for implementing the disposable authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 1415. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be transmitted to the wireless terminal 120 through the user authentication IC chip 1435 stored in the IC chip 1435 (or the USIM) or the terminal authentication IC chip 1435 storage information, And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 14, when the server medium is authenticated and the terminal medium is authenticated to implement the combined disposable authentication code, the wireless terminal 120 transmits a media authentication server (1) 100, and receives server medium (1) authentication information corresponding to the medium authentication request information, and transmits the medium authentication request information to the server medium (1) a server authentication unit (1) 1445 for reading the authentication information and performing a first authentication of the server medium, and a server authentication unit (1445) for authenticating the server medium authentication information based on the user authentication information input through the information input unit And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processor 1440, so that the medium corresponding to the radio terminal 120 is authenticated (1) authentication result information corresponding to the server medium (1) authentication result information from the medium authentication server (1) (100) in cooperation with the radio processing unit (1440) (2) 1455 for transmitting the received terminal medium authentication code to the media authentication server (2) 105 to process the medium corresponding to the wireless terminal 120 to be second authenticated, And a receiving unit 1460 that receives authentication code (Nn) generation information corresponding to the authentication result information of the server medium (2) from the medium authentication server (2) (105) in cooperation with the radio processing unit (1440) .

According to another embodiment of the present invention, when the wireless terminal 120 receives the terminal medium authentication code corresponding to the server medium (1) authentication result information from the media authentication server (1) 100, Authenticates the server medium in a manner similar to (or equivalent to) the method of authenticating the server medium by the server authentication unit (1) 1445 in the server authentication unit 2 (not shown) The authentication processing unit (1) 1450 transmits the authentication information to the wireless terminal 120 through the terminal medium authentication code in a similar (or identical) manner to the first authentication method of the medium corresponding to the wireless terminal 120, (1) 1450 and the server authentication unit (1) 1445, if it is possible to perform the first authentication for the medium corresponding to the authentication processing unit The authentication processing unit 2 (1455) and the server authentication unit 2 (not shown) The technical features of authenticating the terminal medium and the server medium can be inferred. Therefore, a detailed description thereof will be omitted for the sake of convenience.

The server authenticating unit 1 1445 communicates with the media authentication server 1 on the communication network in cooperation with the wireless processing unit 1440 when authenticating the terminal medium and authenticating the server medium and implementing the combined disposable authentication code. The media authentication server (1) (100) transmits the medium authentication request information to the media server (100), and the media authentication server (1) (100) (Or extracts) the server medium authentication information (1) for authenticating the medium corresponding to the authentication server (1) (100).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit 1425 (or an IC chip 1435 or USIM) provided in the wireless terminal 120 And the server authentication information is stored in the server certificate included in the memory unit 1425 (or the IC chip 1435, or USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information is transmitted to a server (not shown) authenticated by the user authentication IC chip 1435 stored in the IC chip 1435 (or USIM) It is preferable to include authentication information of the medium IC chip 1435.

According to another embodiment of the present invention, the server authentication information is preferably matched with information (for example, user authentication information) input through the key input unit 1415 provided in the wireless terminal 120. [

According to an embodiment of the present invention, when the server authentication information is matched with the server authentication information stored in the memory unit 1425 (or the IC chip 1435 or USIM) provided in the wireless terminal 120, The media authentication server (1) (100) preferably generates the server medium authentication information (1) including the server authentication information and the medium authentication server (1) (100) information.

For example, the media authentication server (1) (100) preferably concatenates the server authentication information and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

Alternatively, the media authentication server (1) 100 may have at least one of the server authentication information and the medium authentication server (1) 100 information hashed as a one-way hash function, and then XORed to generate a server medium verifier , The server medium verifier, the server authentication information, and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

(1) 100, at least one additional information item to be included in the server medium authentication information (1) and at least one additional information item to be included in the server medium authentication information (1) It is possible to deduce a technical feature of including the information in the server medium authentication information 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, the server authentication information is authenticated by the user authentication IC chip 1435 stored in the IC chip 1435 (or USIM) included in the wireless terminal 120, When the IC chip 1435 (or USIM) includes authentication information, the media authentication server (1) 100 transmits the server authentication information from the wireless terminal 120 to the server 1435 The server medium IC chip 1435 authentication information and the server medium IC chip 1435 authentication information provided to the medium authentication server 1 (100) as the authentication information IC chip 1435 storage information, It is preferable to generate the server medium authentication information (1) including information.

For example, the medium authentication server (1) 100 preferably generates the server medium authentication information (1) by concatenating the server medium IC chip 1435 authentication information and the medium authentication server (1) 100 information Do.

Alternatively, the media authentication server (1) 100 may have at least one of the server medium IC chip 1435 authentication information and the medium authentication server (1) 100 information be hashed as a one-way hash function and then XORed And generates the server medium authentication information (1) by concatenating at least one of the server medium verifier, the server medium IC chip 1435 authentication information, and the medium authentication server (1) 100 information .

The server medium IC chip 1435 and the medium authentication server 1 100 may be provided with at least one or more than one server medium IC chip 1435 to be included in the server medium authentication information 1 in addition to the server medium IC chip 1435 authentication information and the medium authentication server 1 The additional information item and the additional information may be included in the server medium authentication information (1). The present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 1415 provided in the wireless terminal 120, (1) 100 hashash the server authentication information through a one-way hash function, and transmits the hashed server authentication information, at least one random number value (e.g., a random number value generated by the server) (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium verifier, and the generated server medium verifier and the server It is preferable to generate the server medium authentication information 1 including authentication information, at least one or more random number information, and the medium authentication server 1 (100) information, and the medium authentication server 1 ( 100) It is possible to further cut the hash-based media server validation.

For example, the media authentication server (1) 100 may include the server medium verifier (or the hashed server medium verifier), the server authentication information, at least one random number information, and the medium authentication server (1) And generate the server medium authentication information (1) by concatenation.

The server authentication information (1) may include at least one of the server authentication information, at least one random number information, and the media authentication server (1) (100) information in addition to the server authentication information It is possible to deduce a technical feature that the additional information item (e.g., a prime number) and the additional information are included in the server medium authentication information (1), and the present invention includes all the inferable information items do.

In addition, those skilled in the art will be able to deduce various methods of generating the server medium authentication information (1) based on the server authentication information, in addition to the above-described embodiments, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

When the server medium authentication information (1) is generated through any one of the above-described methods, the medium authentication server (1) (100) transmits the server medium authentication information (1) 120 with at least one encryption key for secure transmission.

When the server medium authentication information (1) is generated as described above, the medium authentication server (1) (100) transmits the server medium authentication information (1) to the wireless terminal (120) , The server authentication unit (1) 1445 receives server medium authentication information (1) from the medium authentication server (1) (100). When the server medium authentication information (1) , And decrypt the encrypted server medium authentication information (1) through at least one decryption key.

Wherein the server authentication unit (1) 1445 reads the server medium authentication information (1) and authenticates the server medium when the server medium authentication information (1) is received, (1) is encrypted, the encrypted server medium authentication information (1) is encrypted

According to an embodiment of the present invention, when the server authentication information is matched with the server authentication information stored in the memory unit 1425 (or the IC chip 1435 or USIM) provided in the wireless terminal 120, The server authenticating unit 1 1445 receives the information of the medium authentication server 1 100 stored in the memory unit 1425 or the medium authenticated by the communication session information for receiving the server medium authentication information 1 (1) (100) information with the medium authentication server (1) (100) information included in the server medium authentication information (1) to verify the validity of the medium authentication server (1) And compares the server authentication information stored in the memory unit 1425 (or the IC chip 1435 or USIM) with the server authentication information included in the server medium authentication information 1 to authenticate the validity of the server medium .

If at least one of the server authentication information and the medium authentication server (1) 100 information is hashed in the server medium authentication information (1) by a one-way hash function and XOR operation is performed, The server authentication unit 1 1445 verifies the server authentication information provided in the memory unit 1425 (or the IC chip 1435 or the USIM) with the medium authentication server (1) 100 confirmed through the communication session, Information of the server medium verifier and the server medium verifier in the same manner as the server medium verifier and then XORs the server medium verifier to generate a server medium verifier and compares the server medium verifier and the server medium verifier to verify the validity of the server medium And the like.

According to another embodiment of the present invention, the server authentication information is authenticated by the user authentication IC chip 1435 stored in the IC chip 1435 (or USIM) included in the wireless terminal 120, The server authentication unit 1 1445 transmits the information of the medium authentication server 1 100 stored in the memory unit 1425 or the server medium authentication information 1 (1) 100) information included in the server medium authentication information (1) by comparing the information of the medium authentication server (1) (100) identified by the communication session information for receiving the medium authentication server Authenticates the validity of the server medium IC chip 1435 included in the server medium authentication information 1 and transmits the server medium IC chip 1435 authentication information included in the server medium authentication information 1 to the IC chip 1435 (or USIM) Server authentication IC chip (1435) storage information to authenticate the server medium IC chip (1435) authentication information, and the server medium IC When the chip 1435 authentication result information is returned, the authentication result information of the server medium IC chip 1435 is read and the validity of the server medium is authenticated.

If one or more pieces of information of the server medium IC chip 1435 authentication information and the medium authentication server (1) 100 information are hashed by the one-way hash function in the server medium authentication information (1) The server authentication unit 1 1445 transmits authentication information of the server medium IC chip 1435 provided in the storage medium and information of the medium authentication server 1 100 confirmed through the communication session The server medium verifier and the server medium authenticator, and verifies the validity of the server medium verifier by comparing the server medium verifier and the server medium authenticator It is preferable to further comprise

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 1415 provided in the wireless terminal 120, (1) 1445 receives the media authentication server 1 (100) information stored in the memory unit 1425 (or the media authentication server (1) (100) information with the medium authentication server (1) 100 information included in the server medium authentication information (1) to authenticate the validity of the medium authentication server (1) (Hash) a server authentication information stored in a storage medium provided in (or linked to) the media authentication server (1) 100 through a one-way hash function, and transmits the hashed server authentication information, at least one random number value A random number value included in the server medium authentication information (1)), Generates a server medium authenticator by performing at least one XOR operation on the server 1 (100) information (or the medium authentication server (1) 100 information hashed by the one-way hash function) And verifying the validity of the server medium by comparing the included server medium verifier with the generated server medium verifier.

Those skilled in the art will be able to deduce various methods of authenticating the server medium authentication information 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

When the server medium authentication information (1) is authenticated through any of the above methods, the authentication processing unit (1) 1450 authenticates the terminal medium by the medium authentication server (1) 100 on the communication network And generates the terminal medium authentication information based on the user authentication information input through the information input unit for processing.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 It is preferable that the authentication processing unit (1) 1450 generates the terminal medium authentication information including the user authentication information and the unique information of the wireless terminal 120.

For example, the authentication processing unit (1) 1450 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 1450 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the authenticator, the user authentication information, and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be stored in the IC chip 1435 (or USIM) through the user authentication IC chip 1435 storage information or the terminal authentication IC chip 1435 storage information (1) 1450 includes at least one PIN or password for authenticating the validity of the user of the wireless terminal 120. The authentication processor 1 (1450) The user authentication information is provided to the user authentication IC chip 1435 stored in the IC chip 1435 (or USIM) or the terminal authentication IC chip 1435 storage information to be authenticated, When the IC chip 1435 (or the USIM) returns the authentication result information of the terminal medium IC chip 1435 through the user authentication information, the authentication result information of the terminal medium IC chip 1435 and the authentication result information of the wireless terminal 120 ) Terminal information including unique information It is preferred to generate the authentication information.

For example, the authentication processing unit (1) 1450 may generate the terminal medium authentication information by concatenating authentication result information of the terminal medium IC chip 1435 and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 1450 hashes at least one of the authentication result information of the terminal medium IC chip 1435 and the unique information of the wireless terminal 120 into a one-way hash function, performs XOR operation, And generates the terminal medium authentication information by concatenating at least one of the terminal medium verifier, the terminal medium IC chip 1435 authentication result information, and the wireless terminal 120 specific information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information in addition to the authentication result information of the terminal medium IC chip 1435 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the authentication processing unit (1) 1450 hashashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (For example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function), and generates a terminal media verifier The terminal medium authentication information including the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 , And the authentication processing unit (1) 1450 can further hash the terminal medium verifier according to the intention of a person skilled in the art.

For example, the authentication processing unit 1 (1450) concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, It is preferable to generate the medium authentication information.

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above methods, the authentication processing unit (1) 1450 transmits the terminal medium authentication information to the medium authentication server (1) 100 on the communication network securely (Or the IC chip 1435) with the encryption key included in the memory unit 1425 (or the IC chip 1435).

When the terminal medium authentication information is generated as described above, the authentication processing unit (1) 1450 associates the generated terminal medium authentication information with the wireless processing unit 1440 to the medium authentication server (1) 100 on the communication network And the media authentication server (1) (100) authenticates the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be stored in the IC chip 1435 (or USIM) through the user authentication IC chip 1435 storage information or the terminal authentication IC chip 1435 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And authenticates the validity of the IC chip 1435 (1435) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in a storage medium provided to the media authentication server (1) ) (Or USIM) (Or the terminal medium IC chip 1435) authentication information through the same logic as the user authentication IC chip 1435 storage information or the terminal authentication IC chip 1435 storage information And extracts the terminal medium IC chip 1435 authentication information included in the terminal medium IC chip 1435 authentication information and the terminal medium IC chip 1435 authentication information contained in the terminal medium authentication information And verifies the validity of the terminal medium.

If the terminal medium verifier is included in the terminal medium authentication information, the terminal medium authentication information is hashed and then XOR operation is performed by at least one of the authentication result information of the terminal medium IC chip 1435 and the unique information of the wireless terminal 120, The media authentication server (1) (100) transmits at least one of the authentication information of the terminal medium IC chip (1435) provided in the storage medium and the unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the medium authentication server (1) (100) generates (or extracts) a terminal medium authentication code corresponding to the terminal medium authentication result, And transmits the terminal authentication code to the wireless terminal (120) through a communication network. The authentication processing unit receives the terminal authentication code from the media authentication server (1) (100).

Then, the authentication processing unit transmits the received terminal medium authentication code to the medium authentication server (2) (105) through a communication network.

According to an embodiment of the present invention, the authentication processing unit generates terminal medium authentication information through the user authentication information and transmits the authentication information to the media authentication server (1) 100 through a similar (or the same) (For example, a terminal media verifier is concatenated with the terminal medium authentication code and the unique information of the wireless terminal 120, or a terminal media verifier including the terminal medium authentication code and the unique information of the wireless terminal 120) (2) 105, and if it is a person having ordinary skill in the art to which the present invention pertains, it is possible to transmit the terminal medium authentication code through a method of generating the terminal medium authentication information, The detailed description thereof will be omitted for the sake of simplicity.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code (Or extracts) the authentication code Nn generation information for generating the authentication code Nn and transmits the generated authentication code Nn to the wireless terminal 120. In response thereto, the receiving unit 1460 transmits the authentication code Nn to the wireless processing unit 1440 And receives the authentication code (Nn) generation information through the network.

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the medium authentication server 2 (105) (Nn) for generating the authentication code (Nn) through the authentication code (Nn) generation information to the wireless terminal (120) in response to the terminal medium authentication, The receiving unit 1460 further receives a program code Nn for generating the authentication code Nn through the wireless communication unit 1440 through the authentication code Nn generation information.

Alternatively, when the program code for generating the authentication code (n) is not provided to the wireless terminal 120 through the authentication code (n) generation information, the medium authentication server (2) (105) It is preferable to further transmit the program code (n) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in response to the authentication, ) Further comprises a program code (n) for generating the authentication code (n) through the wireless processing unit (1440) through the authentication code (n) generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code Nn to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code Nn to the wireless terminal 120. In response to the authentication code Nn, The authentication code Nn is received via the authentication code Nn.

14, the wireless terminal 120 generates an authentication code (n) through authentication code (n) generation information in association with the memory unit 1425, and transmits the authentication code And an authentication code generation unit (1465) for generating an authentication code (Nn) through the authentication code (Nn) generation information.

If the program code n for generating the authentication code n is provided to the authentication code generation unit 1465, the authentication code generation unit 1465 generates the authentication code (n) stored in the memory unit 1425 (n) is generated by the output processor 1475 using the authentication code (n) and the authentication code (n) using the generation information. Codes Nn may be combined and generated at any time before the authentication code N is generated, and the present invention is not limited by the generation time of the authentication code n.

On the other hand, when the authentication code generation unit 1465 is provided with the program code n for generating the authentication code n, the authentication code generation unit 1465 generates a program code (n) (n) generated using the authentication code (n) generation information stored in the memory unit 1425 through the authentication code (n).

If the authentication code generator 1465 is provided with the program code Nn for generating the authentication code Nn, the authentication code generating unit 1465 may generate the authentication code Nn through the receiving unit 1460 Nn) generation information is received, the authentication code generation unit 1465 generates an authentication code Nn of (Nn) digits using the received authentication code (Nn) generation information.

On the other hand, when the program code Nn for generating the authentication code Nn is not provided to the authentication code generation unit 1465, the authentication code generation unit 1465 generates the authentication code Nn through the reception unit 1460, (Nn) generation information is received, the authentication code generation unit 1465 generates (Nn) using the received authentication code (Nn) generation information through the program code (Nn) received through the reception unit 1460, It is preferable to generate the authentication code Nn of the number of digits.

According to another embodiment of the present invention, when the authentication code Nn is directly received through the receiver 1460, the authentication code generator 1465 may omit generating the authentication code Nn, The present invention is not limited thereto.

Those skilled in the art will appreciate that the authentication code generation unit 1465 may generate a technical feature (for example, an authentication code) for generating an authentication code (n) of n digits using the authentication code (n) (Nn) digits of the authentication code (Nn) using the authentication code (Nn) generation information, the detailed description thereof will be omitted for the sake of convenience.

14, the wireless terminal 120 includes a code combining unit 1470 that generates an authentication code (N) by combining the authentication code (n) and the authentication code (Nn) And an output processing unit (1475) for outputting the generated authentication code (N) in association with the authentication code (1405).

When the authentication code (n) and the authentication code (Nn) are generated by the authentication code generation unit 1465, the code combination unit 1470 combines the authentication code (n) and the authentication code (Nn) And generates a digit number authentication code (N).

According to an embodiment of the present invention, the code combination unit 1470 preferably generates an N-digit authentication code N by concatenating the authentication code n and the authentication code Nn.

For example, if the authentication code (n) is "123" and the authentication code (Nn) is "456", the code combination unit 1470 concatenates the authentication code (n) It is preferable to generate code (N) "123456 &quot;.

According to another embodiment of the present invention, the code combining unit 1470 generates an N-digit authentication code N by performing an OR operation on the authentication code n and the authentication code Nn, (n) and the authentication code Nn are designated, the code combining unit 1470 inserts the corresponding code in the place of the authentication code (n) and the authentication code (Nn) It is preferable to generate the code N.

For example, if the authentication code (n) is "103050" and the authentication code (Nn) is "020406", the code combination unit 1470 ORs the authentication code (n) with the authentication code It is preferable to generate the authentication code (N) "123456 &quot;.

Alternatively, if the authentication code (n) is "1? 3? 5?" And the authentication code Nn is "? 2? 4? 6", the code combination unit 1470 generates the authentication code (N) "123456" by inserting each code into the position of the position of the authentication code (Nn) and the authentication code (Nn).

According to another embodiment of the present invention, the code combination unit 1470 substitutes the authentication code (n) and the authentication code (Nn) into at least one code generation function (e.g., a hash function) It is preferable to generate the authentication code (N) of the code generation function, and the present invention is not limited by the code generation function type and the algorithm.

When the authentication code N and the authentication code Nn are combined to generate an N-digit authentication code N, the output processing unit 1475 generates an N-digit authentication code N in cooperation with the screen output unit 1405, (N) of the wireless terminal (120) to a predetermined area on the screen of the wireless terminal (120).

According to an embodiment of the present invention, the output processing unit 1475 outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in conjunction with the screen output unit 1405, To output the generated N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit 1475 outputs the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in association with the screen output unit 1405 And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 15 is a diagram showing a system configuration of a combination type disposable authentication code by medium authentication according to another embodiment of the present invention.

In more detail, FIG. 15 illustrates a case where the wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 14, (N > = 2) digits of the disposable authentication code is implemented in the system according to an embodiment of the present invention, and those skilled in the art will refer to FIG. 15 The present invention may be embodied in many different forms of implementation of the combined disposable authentication code implementation system configuration through the media authentication and / or modification, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 15, the system for implementing a combination type disposable authentication code through medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 14, a wireless terminal 120 connected to the wireless terminal 120, A media authentication server (1) (100) for performing a first terminal medium authentication for the wireless terminal (120) and transmitting a terminal medium authentication code to the wireless terminal (120) in response to the first medium authentication result , An authentication code (Nn) for generating second authentication code (Nn) to the wireless terminal (120) in response to the second medium authentication result, And a media authentication server (2) (105) for providing the authentication information (Nn) generation information or generating an authentication code (Nn) of (Nn) digits and providing it to the wireless terminal (120).

In order to implement the combination type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 may include authentication code (n) generation information in the memory unit (or IC chip) to implement the N (N> = 2) digit combined disposable authentication codes, (1 < = n < N) number of authentication codes (n) through the generation information.

Also, the wireless terminal 120 receives the terminal medium authentication code from the media authentication server (1) 100 as a result of the first terminal medium authentication, and transmits the received terminal medium authentication code to the media authentication server 2) &lt; / RTI &gt;

The wireless terminal 120 may further include an authentication code Nn for generating an authentication code Nn of (Nn) digits from the medium authentication server 2 (105) as a result of the terminal medium authentication after the server medium authentication, And generating the authentication code (Nn) of (Nn) digits from the server through the received authentication code (Nn) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 as a result of terminal medium authentication after authentication of the server medium.

When the authentication code N of the n digits is generated and the authentication code Nn of the number Nn is generated, the wireless terminal 120 combines the authentication code n and the authentication code Nn into N (N), and outputs the generated authentication code (N) to the screen of the wireless terminal (120).

In FIG. 15, the wireless terminal 120 has a technical feature of generating an authentication code Nn of n-digit authentication code (n) and (Nn) digits and an authentication code Nn of the authentication code (n) The technical features of generating an N-digit authentication code (N) in combination will be described with reference to FIG. 14, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) (1540) for further storing the terminal medium authentication rule information through information. The storage medium (1) 1540 includes a server medium (1) (1) (1) for generating the authentication information, or further associates and stores the authentication code generation rule information for generating the terminal medium authentication code.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, It is preferable that one or more media authentication rules are stored in the storage medium (1) 1540 when the media authentication server (1) 100 implements the terminal media authentication rules in the form of a program code , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 1540, and thus the present invention is not limited thereto.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium 2 (1570) for storing terminal medium authentication rule information for authenticating the terminal medium authentication code And the storage medium 2 1570 generates authentication code Nn generation information for generating an authentication code Nn at the wireless terminal 120 when the terminal medium is authenticated, The authentication code generation rule information for generating the authentication code Nn to be transmitted to the terminal 120 is further stored in association with each other.

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) When the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 1570, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 or a rule for generating the authentication code (Nn) to be transmitted to the wireless terminal 120 (2) (1570). In the case where the authentication code generation rule is implemented in the form of a program code in the medium authentication server (2) 105, it is preferable that at least one rule for generating the authentication code The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, when the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information, the storage medium (2) 1570 includes user authentication information (not shown) 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (n) or the authentication code (Nn) is not provided to the wireless terminal 120, the media authentication server (2) (N) for generating the authentication code (n) or the program code (Nn) for generating the authentication code (Nn) according to a platform (e.g., a program interpreter, an operating system, 120), and a program code D / B 1575 for classifying and storing the program codes D / B 1575 (or interworking).

(N) for generating the authentication code (n) according to a platform of a plurality of wireless terminals 120, or the authentication code (Nn) if it is known to those skilled in the art to which the present invention belongs And the detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) (100) comprises an interface unit (1500) for connecting and managing a communication channel for first media authentication with the wireless terminal (120) .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 1500 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system), the interface unit 1500 transmits, And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 15, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An information receiving unit 1505 for receiving media authentication request information from the wireless terminal 120 in association with the interface unit and a server medium 1 to be transmitted to the wireless terminal 120 upon receiving the medium authentication request information, An authentication information transmission unit 1515 for transmitting the authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit, An authentication information receiving unit 1520 for receiving the terminal medium authentication information in association with the terminal medium authentication information, and a terminal medium authentication unit (1) for reading the received terminal medium authentication information and authenticating the terminal medium corresponding to the wireless terminal 120 ) 1525 An authentication code generation unit 1530 for generating a terminal medium authentication code when the terminal medium is authenticated, and an authentication code generation unit 1530 for transmitting the generated terminal medium authentication code to the wireless terminal 120 in cooperation with the interface unit 1500 And an authentication code transmitting unit 1535. [

According to an embodiment of the present invention, the server authentication information 1 is preferably matched with server authentication information 1 stored in a memory unit (or IC chip or USIM) provided in the wireless terminal 120 And the server authentication information 1 may be stored in a server certificate included in the memory unit (or an IC chip or a USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information (1) is a server medium IC chip (1) authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal And authentication information.

According to another embodiment of the present invention, the server authentication information 1 may be matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120.

When the server authentication information 1 matches with the server authentication information 1 stored in the memory unit (or IC chip or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The authentication information generation unit 1510 preferably generates the server medium 1 authentication information including the server authentication information 1 and the medium authentication server 1 information.

For example, the authentication information generation unit 1510 preferably generates the server medium (1) authentication information by concatenating the server authentication information (1) and the medium authentication server (1) (100) information.

Alternatively, the authentication information generation unit 1510 may have at least one of the server authentication information (1) and the media authentication server (1) (100) information hashed as a one-way hash function, and then XORed to generate a server media verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server authentication information (1), and the medium authentication server (1) (100) information.

(1) authentication information to be included in the server medium (1) authentication information in addition to the server authentication information (1) and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention. And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, the server authentication information (1) is authenticated by the user authentication IC chip storage information provided in the IC chip (or USIM) provided in the wireless terminal 120, The authentication information generator 1510 provides the server authentication information (1) from the wireless terminal 120 as the server authentication IC chip storage information included in the IC chip (or USIM) (1) authentication information including the server medium IC chip authentication information and the medium authentication server (1) (100) information is generated in the form of server medium IC chip authentication information for processing to authenticate the server medium Do.

For example, the authentication information generation unit 1510 preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the medium authentication server (1) 100 information.

Alternatively, the authentication information generation unit 1510 may have at least one of the server medium IC chip authentication information and the media authentication server (1) 100 information be hashed as a one-way hash function, and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server medium IC chip authentication information, and the medium authentication server (1) 100 information.

The server medium IC chip authentication information and at least one or more additional information items to be included in the server medium 1 authentication information other than the medium authentication server (1) 100 information, if the person skilled in the art is familiar with the present invention And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, when the server authentication information 1 is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, Unit 1510 hash the server authentication information 1 through the one-way hash function and transmits the hashed server authentication information 1, at least one random number value (e.g., a random number value generated by the server) Generates a server media verifier by performing at least one XOR operation on the media authentication server (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) (1) authentication information including the server authentication information (1), at least one or more random number information, and the medium authentication server (1) (100) information, according to the intention of a person skilled in the art, The authentication information generating unit 151 0) is capable of further hashing the server media verifier.

For example, the authentication information generation unit 1510 may generate the authentication information including the server medium verifier (or the hashed server medium verifier), the server authentication information 1, at least one random number information, the medium authentication server 1 To generate the authentication information of the server medium (1).

(1) authentication information other than the server authentication information (1), at least one random number information, and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention It is possible to deduce at least one additional information item (for example, a prime number) and the additional information in the authentication information of the server medium 1, and the present invention can be applied to a case in which all the additional information items .

In addition, those skilled in the art will be able to deduce various methods of generating the server medium (1) authentication information based on the server authentication information (1), in addition to the above- And the present invention is characterized in that it includes all of the above-mentioned embodiments to be inferred.

When the server medium 1 authentication information is generated as described above, the authentication information transmitting unit 1515 transmits the authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit In response to the request, the wireless terminal 120 authenticates the server medium 1 authentication information, and upon authentication of the server medium 1 authentication information, generates the terminal medium authentication information to be transmitted to the medium authentication server .

When the wireless terminal 120 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 1520 transmits the terminal medium authentication information to the wireless terminal 120, When the terminal medium authentication information is encrypted, the authentication information receiving unit 1520 decrypts the encrypted terminal medium authentication information through the decryption key.

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authentication unit (1) 1525 checks the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, 120 authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (1) (1540), which is stored in association with the unique information of the wireless terminal (120), with the user authentication information included in the terminal medium authentication information, And validates the validity.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1 ) 1525 transmits at least one of the user authentication information provided in the storage medium (1) 1540 and the unique information of the mobile terminal 120 confirmed through the communication session to the same method as the terminal media verifier And XORing the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 1525 confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) on the basis of the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium 1 (1540) User authentication IC chip storage , Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or if the terminal medium IC chip authentication information is stored in the storage medium (1) 1540) And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit (1) 1525 transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 1540 and the unique information of the wireless terminal 120 confirmed through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication unit (1) 1525 transmits the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And authenticates the validity of the user 120 stored in the storage medium 1 (1540) provided in the terminal medium authentication unit 1 (1525) And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the authentication code generation unit 1530 generates (or extracts) the terminal medium authentication code using the authentication code generation rule information do.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 1530, the authentication code transmission unit 1535 transmits the generated terminal medium authentication code in cooperation with the interface unit 1500 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

According to the present invention, the media authentication server (2) 105 includes an interface unit 1545 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 1545 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to one embodiment of the present invention, when the media authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system), the interface unit 1545 transmits, And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system), the interface unit 1545 A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 15, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 associates with the interface unit 1545, (2) 1555 for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal 120, (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) or generating the authentication code (Nn) to be transmitted to the wireless terminal (120) And transmits the generated authentication code Nn generation information (or authentication code Nn) to the wireless terminal 120 in cooperation with the interface unit 1545. [ (1565).

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the generated terminal medium authentication code through the communication channel, the authentication code receiving unit 1550 transmits the terminal medium authentication code to the interface unit 1545 The terminal authentication code receiving unit 1550 decrypts the encrypted terminal medium authentication code through the decryption key when the terminal medium authentication code is encrypted .

Hereinafter, the terminal medium authentication unit (2) 1555 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generation unit 1560 generates authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) through the authentication code generation rule information Or extraction).

According to another embodiment of the present invention, the information generation unit 1560 generates (or extracts) the authentication code (Nn) generation information through the authentication code generation rule information, and generates the authentication code (Nn) (Nn) to be transmitted to the wireless terminal (120).

When the authentication code (Nn) generation information is generated (or extracted) through the information generation unit 1560 according to an embodiment of the present invention, the transmission unit 1565 transmits the authentication code And transmits the generated authentication code Nn to the wireless terminal 120. In response to the generated authentication code Nn, the wireless terminal 120 transmits the generated authentication code Nn to the wireless terminal 120 .

When the authentication code Nn is generated (or extracted) through the information generation unit 1560 according to another embodiment of the present invention, the transmission unit 1565 generates the authentication code Nn in association with the interface unit 1545, And transmits the authentication code (Nn) to the wireless terminal (120).

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the transmitter 1565 transmits the program code Dn / It is preferable to further transmit the program code Nn for generating the authentication code Nn through the authentication code Nn generation information to the wireless terminal 120 in association with the B 1575.

Alternatively, when the wireless terminal 120 does not include the program code (n) for generating the authentication code (n) through the authentication code (n) generation information, the transmission unit 1565 transmits the program code D It is preferable to further transmit the program code Nn to the wireless terminal 120, which generates the authentication code (n) through the authentication code (n) generation information in association with the authentication code / B 1575.

FIGS. 16A and 16B are diagrams illustrating a medium authentication process for implementing a combined disposable authentication code according to another embodiment of the present invention.

In more detail, FIGS. 16a and 16b illustrate a case where the wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 14, (1) 100 on the combined disposable authentication code implementation system shown in FIG. 15 and performs a first medium authentication with the medium authentication server (2) 105 and a second medium authentication with the medium authentication server Those skilled in the art will be able to refer to and / or modify FIG. 16a and FIG. 16b to consider various implementations of the medium authentication process for implementing the combined disposable authentication code However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIGS. 16A and 16B.

Hereinafter, in FIG. 16A and FIG. 16B, the medium authentication server (1) 100 on the combined disposable authentication code implementation system shown in FIG. 15 is referred to as "server 1" for convenience, the medium authentication server 2 Quot; server 2 "for the sake of convenience.

Referring to FIGS. 16A and 16B, the wireless terminal 120 checks whether a menu (or a key button) for implementing a combination type disposable authentication code through medium authentication is input (1600), and if the combination disposable authentication code When a menu (or a key button) for implementing the wireless terminal 120 is inputted 1605, the wireless terminal 120 connects a communication channel with the server 1 and transmits the medium authentication request information to the server 1 (1610 ).

Thereafter, the server 1 transmits a request for authenticating the server medium from the wireless terminal 120 based on the server authentication information (1) stored in the storage medium (1) 1540 in response to the medium authentication request information The server medium 1 authentication information is generated (1615).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, The server authentication information is preferably stored in a server certificate included in the memory unit (or IC chip or USIM).

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 .

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through a key input unit provided in the wireless terminal 120. [

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) authentication information including information on the server (1) and the server (1).

For example, the server preferably generates the server medium (1) authentication information by concatenating the server authentication information and the server (1) information.

Alternatively, the server may generate a server media verifier by hashing at least one of the server authentication information and the server (1) information into a one-way hash function and performing an XOR operation on the server verifier, (1) authentication information by concatenating at least one piece of information of the server medium (1).

(1) authentication information and at least one additional information item to be included in the authentication information of the server medium (1) and the additional information in addition to the server authentication information and the server (1) information, (1) It is possible to deduce a technical feature to be included in the authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The server transmits the server authentication information to the server authentication IC chip storage information provided in the IC chip (or USIM) at the wireless terminal 120 to form a server medium IC chip authentication information , And generates the server medium (1) authentication information including the server medium IC chip authentication information and the server (1) information.

For example, the server preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the server (1) information.

Alternatively, the server hashes the server medium IC chip authentication information and the server 1 information with a one-way hash function, and then performs an XOR operation to generate a server medium verifier. The server medium verifier, the server medium IC It is preferable that at least one chip authentication information and server 1 information are concatenated to generate authentication information of the server medium 1.

The server medium 1 may include at least one additional information item to be included in the authentication information of the server medium 1 and the additional information in addition to the server medium IC chip authentication information and the server 1 information, It is possible to deduce a technical characteristic included in the authentication information of the server medium 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, (For example, a random number value generated by the server), the server 1 information (or the server 1 information (or the server 1 hashed by the one-way hash function) (1) information), and generates a server medium verifier, the server medium verifier including at least one server authentication information, at least one random number information, and server information (1) 1) it is desirable to generate authentication information, and it is possible for the server to further hash the server media verifier according to the intent of the person skilled in the art.

For example, the server generates server medium (1) authentication information by concatenating the server medium verifier (or hashed server medium verifier) with the server authentication information, at least one or more random number information, and server .

(1) authentication information other than the server authentication information, the at least one random number information, and the server (1) information, the at least one additional information item (for example, , A prime number) and the additional information are included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

In addition, those skilled in the art will be able to deduce various methods of generating the authentication information of the server medium 1 based on the server authentication information in addition to the above-described embodiment, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

If the authentication information of the server medium 1 is generated 1620, the server 1 transmits the server medium 1 authentication information to the wireless terminal 120 through a communication channel 1625, The wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120 and confirms whether the user authentication information is inputted through the interface 1630.

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is confirmed in step 1635 that the user authentication information is input, the wireless terminal 120 authenticates the server medium through the server medium authentication information based on the user authentication information in step 1640.

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information and compares the server authentication information stored in the memory unit (or IC chip or USIM) with the server authentication information included in the server medium (1) authentication information, And verifies the validity of the server medium.

If the server medium verifier is included in the authentication information of the server medium 1, the wireless terminal 120 may have a hash function of at least one of the server authentication information and the server 1 information, Hashes at least one of the server authentication information provided in the memory unit (or the IC chip or the USIM) and the server 1 information confirmed through the communication session in the same manner as the server medium verifier Generating a server medium authenticator by performing an XOR operation on the server medium authenticator, and comparing the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The wireless terminal 120 transmits the server 1 information stored in the memory unit (or the server 1 information confirmed through the communication session information for receiving the server medium 1 authentication information) (1) information included in the authentication information of the medium (1) to authenticate the validity of the server (1), and transmits the server medium IC chip authentication information included in the server medium (Or USIM) to authenticate the server medium IC chip authentication information, and when the server medium IC chip authentication result information is returned, the server medium IC chip authentication result information is read To the server medium It characterized in that to authenticate the validity.

If one or more pieces of information of the server medium IC chip authentication information and the server (1) information are hashed as a one-way hash function and XOR is performed in the server medium (1) authentication information to include a server medium verifier, (120) transmits at least one or more pieces of server medium IC chip authentication information provided in the storage medium (1) (1540) and server (1) information confirmed through the communication session to the server medium verifier To generate a server medium authenticator, and to compare the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, the wireless terminal 120 (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information to authenticate the validity of the server 1, and transmits the server authentication information stored in the storage medium 1 (1540) provided in (or linked to) the server 1 via a one-way hash function Hashed by the hashed server authentication information, at least one random number value (e.g., a random number value included in the server medium (1) authentication information), the server 1 information At least one XOR server (1) And generating a server authentication medium, and by the server, the media (1) comparing an a media server verifier and the generated server authentication media comprises authentication information and wherein the authentication of the validity of the media server.

Those skilled in the art will be able to deduce various methods of authenticating the authentication information of the server medium 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

If the server medium is not authenticated (1645) through the authentication information of the server medium (1), the wireless terminal 120 generates server medium authentication error information and outputs it to the screen (1650) And ends the process of implementing the combination type disposable authentication code.

If the server medium is authenticated (1645) through the authentication information of the server medium 1, the wireless terminal 120 transmits the authentication information corresponding to the wireless terminal 120 in the server 1 using the user authentication information Terminal medium authentication information for authenticating the terminal medium is generated (1655).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated 1660, the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 through the communication channel (1665).

Then, the server 1 reads the terminal medium authentication information in cooperation with the storage medium 1 (1540) and authenticates the terminal medium (1670).

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server on the communication network to authenticate the terminal medium for the wireless terminal 120, The server checks the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 and the wireless terminal 120 included in the terminal medium authentication information, Authenticates the validity of the wireless terminal 120 by comparing the unique information and stores the user authentication information stored in the storage medium 1 (1540) provided in (or linked to) the server in association with the unique information of the wireless terminal 120 And authenticates the validity of the terminal medium by comparing the information with user authentication information included in the terminal medium authentication information.

If the terminal media verifier is included in the terminal media authentication information, the server hashes the at least one of the user authentication information and the unique information of the wireless terminal 120 into the one-way hash function and XORs the terminal authentication information, 1) 1540 and the unique information of the wireless terminal 120 confirmed through the communication session, in the same manner as the terminal media verifier, and performs an XOR operation on the at least one information, Generating an authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and if the authentication information includes the at least one personal identification number (PIN) Authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information and stores the stored (or linked) Authentication information stored in the IC chip (or USIM) based on the user authentication information stored in the medium (1) 1540 in association with the unique information of the wireless terminal 120, (Or the terminal medium IC chip authentication information is stored in the storage medium (1) 1540 through the same logic as the terminal authentication IC chip storage information ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR operation is performed on the terminal medium authentication information, The terminal medium IC chip authentication information stored in the storage medium (1) 1540 and the unique information of the wireless terminal 120 identified through the communication session, is hashed in the same manner as the terminal medium verifier And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to a server on the communication network, The server verifies the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and transmits the unique information of the wireless terminal 120, which is included in the terminal medium authentication information, The wireless terminal 120 is compared with the unique information of the wireless terminal 120 to authenticate the validity of the wireless terminal 120 and the unique information of the wireless terminal 120 is stored in the storage medium 1 (1540) The user authentication information stored in association with the user authentication information is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value (e.g., Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated 1675, the server 1 generates terminal medium authentication error information and transmits the terminal medium authentication error information to the wireless terminal 120 through the communication channel 1680, The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

When the terminal medium authentication information is authenticated 1675, the server 1 generates a terminal medium authentication code in association with the storage medium 1 (1540) and transmits the terminal medium authentication code to the wireless terminal 120 through the communication channel (1685).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel 1690.

Then, the server 2 reads the terminal medium authentication code in association with the storage medium 2 (1570) and performs a second authentication process on the terminal medium (1692).

If the terminal medium authentication code is not authenticated (1694), the server (2) generates terminal medium authentication error information and transmits it to the wireless terminal (120) through the communication channel (1696) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

On the other hand, if the terminal medium authentication code is authenticated (1694), the server 2 generates authentication code (Nn) information for generating a combined disposable authentication code through the process shown in FIG. 17, FIG. 18, And transmits the generated authentication code Nn to the wireless terminal 120.

FIG. 17 is a diagram illustrating a configuration of a method for implementing a combination type disposable authentication code through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 17 illustrates a media authentication server (FIG. 14) on the combined disposable authentication code implementation system shown in FIG. 15 in the wireless terminal 120 shown in FIG. 14 through the medium authentication process shown in FIGS. 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result Generates the authentication code (n) through the authentication code (n) generation information at the wireless terminal 120 and transmits the authentication code (n) to the wireless terminal 120 through the authentication code (N) and then combining the authentication code (n) and the authentication code (Nn) to implement the authentication code (N). If the person skilled in the art is familiar with the present invention , Refer to and / or modify the FIG. 17, Type would be able to infer a variety of exemplary methods for the one-time authentication code implementation, the present invention is made, including any exemplary way in which the inference, to which the the technical features are not limited to the exemplary method shown in the figure 17.

For example, in FIG. 17, a process of generating the authentication code (n) through the authentication code (n) generation information provided in the wireless terminal 120 is transmitted from the medium authentication server (2) The process of generating the authentication code (n) is not limited to the authentication code (n) and the authentication code (n) It is possible to perform at any stage before combining the authentication code Nn.

Hereinafter, in FIG. 17, the medium authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 15 is referred to as a "server" for convenience.

Referring to FIG. 17, after media authentication is performed through the media authentication process shown in FIGS. 16A and 16B, the server associates with the storage medium 2 (1570) The terminal 120 generates (1700) authentication code (Nn) generation information for generating an authentication code (Nn) and transmits the authentication code (Nn) generation information to the wireless terminal 120 via the communication channel The wireless terminal 120 receives the authentication code (Nn) generation information through the communication channel (1710), and generates an authentication code (n) generated in the wireless terminal 120 Generates the authentication code (n) through information, and generates the authentication code (Nn) through the received authentication code (Nn) generation information (1715).

If the authentication code n and the authentication code Nn are generated 1720, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn (N) to the wireless terminal 120 (1730), and then the authentication code (N) is transmitted to the wireless terminal 120 via the wireless terminal 120 And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 18 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to another embodiment of the present invention.

More specifically, FIG. 18 illustrates a media authentication server (FIG. 14) on the combined disposable authentication code implementation system shown in FIG. 15 in the wireless terminal 120 shown in FIG. 14 through the media authentication process shown in FIGS. 16a and 16b 1) 100 and the medium authentication server (2) 105, the media authentication server (2) 105 directly generates the authentication code (Nn) as the medium authentication result, (N) from the authentication code (n) generation information at the wireless terminal 120 and transmits the generated authentication code (n) and the received authentication code (n) to the wireless terminal 120 Nn to implement an authentication code N. Those skilled in the art will be able to refer to and / or modify the FIG. 18 to determine a combination disposable Various implementation methods for the authentication code implementation process It should be understood that the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 18, the process of generating the authentication code (n) through the authentication code (n) generation information included in the wireless terminal 120 is transmitted from the medium authentication server (2) (N) is received, the present invention is not limited thereto. The process of generating the authentication code (n) may include generating the authentication code (n) (Nn) are combined with each other.

Hereinafter, in FIG. 18, the medium authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 15 is referred to as a "server" for convenience.

Referring to FIG. 18, after media authentication is performed through the medium authentication process shown in FIGS. 16A and 16B, the server, in association with the storage medium 2 (1570) The terminal 120 generates authentication code Nn generating information 1800 for generating the authentication code Nn and generates the authentication code Nn through the generated authentication code Nn 1805 ).

If the authentication code Nn is generated 1810, the server transmits the authentication code Nn to the wireless terminal 120 through the communication channel 1815 and correspondingly transmits the authentication code Nn to the wireless terminal 120 Receives the authentication code Nn through the communication channel in step 1820 and generates the authentication code n in step 1825 through the authentication code generation information included in the wireless terminal 120. [ .

If the authentication code n is generated 1830, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn (1835) (N) to the wireless terminal 120 on the screen of the wireless terminal 120 in step 1840. Thereafter, the authentication code N is transmitted to the wireless terminal 120 through the one-time authentication process through the wireless terminal 120, And is used for a one-time authentication process through the medium.

FIG. 19 is a diagram illustrating a configuration of a method of implementing a combination type disposable authentication code through medium authentication according to still another embodiment of the present invention.

In more detail, FIG. 19 illustrates a media authentication server (FIG. 14) on the combined disposable authentication code implementation system shown in FIG. 15 in the wireless terminal 120 shown in FIG. 14 through the medium authentication process shown in FIGS. 16a and 16b 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result And transmits a program code Nn for generating an authentication code Nn through the generated authentication code Nn and the authentication code Nn to the wireless terminal 120, 120) generates an authentication code (n) through the authentication code (n) generation information and generates an authentication code (Nn) through the authentication code (Nn) generation information based on the received program code The authentication code N is obtained by combining the authentication code n and the authentication code Nn, It will be understood by those skilled in the art that various other embodiments of the method for implementing the combined disposable authentication code through the medium authentication may be implemented by referring to and / It should be understood that the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 19, the process of generating the authentication code (n) through the authentication code (n) generation information included in the wireless terminal 120 is transmitted from the medium authentication server (2) The process of generating the authentication code (n) is not limited to the authentication code (n) and the authentication code (n) It is possible to perform at any stage before combining the authentication code Nn.

It is to be noted that, in FIG. 19, the program code Nn is provided to the wireless terminal 120 by the medium authentication server 2 (105) for convenience sake, however, the present invention is not limited thereto. (N) is not provided in the wireless terminal 120, the media authentication server (2) 105 may further include the program code (n) in the wireless terminal 120 I will reveal.

Hereinafter, in FIG. 19, the medium authentication server (2) 105 on the combined disposable authentication code implementation system shown in FIG. 15 is referred to as a "server" for convenience.

Referring to FIG. 19, after media authentication is performed through the medium authentication process shown in FIGS. 16A and 16B, the server, in cooperation with the storage medium 2 (1570) The terminal 120 generates (1900) authentication code (Nn) generation information for generating an authentication code (Nn) and transmits the generated program code to the wireless terminal 120 in cooperation with the program code D / B 1575 (Nn), and transmits the authentication code (Nn) generation information and the program code (Nn) through the communication channel (1905).

If the program code n is not provided to the wireless terminal 120 according to the embodiment of the present invention, the server transmits the program code n (n) to be transmitted from the program code D / B 1575 to the wireless terminal 120 ), And then transmits the program code (n) through the communication channel, so that the present invention is not limited thereto.

The wireless terminal 120 receives the authentication code Nn generation information and the program code Nn through the communication channel 1910 and generates an authentication code n included in the wireless terminal 120 And generates the authentication code Nn based on the authentication code Nn based on the program code Nn in operation 1915. [

If the authentication code n and the authentication code Nn are generated 1920, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 in step 1930 and the generated authentication code N is output on the screen of the wireless terminal 120 in step 1930. Thereafter, And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 20 is a diagram illustrating a functional configuration of a wireless terminal 120 that implements a combined disposable authentication code via medium authentication according to an embodiment of the present invention.

In more detail, FIG. 20 illustrates a case where a mobile communication terminal accessing a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (1) 100 through the medium authentication server (1) 100, and more particularly, to a preferred functional configuration of a terminal device implementing the combination type disposable authentication code through the medium authentication, (N > = 2) digits of the disposable authentication code received from the medium authentication server (2) 105 as a result of the second medium authentication through the second medium authentication server (2) 1 is a diagram showing an implementation method of implementing a code.

In the present invention, the combination type disposable authentication code of N (N> = 2) digits is referred to as a "combined disposable authentication code" or "authentication code (N)" for convenience.

As a person skilled in the art to which the present invention pertains, another terminal device (for example, HSDPA (High-Speed Downlink Packet (HSDPA) A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, The present invention is not limited to the above-described embodiments, but may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna A battery 2020 and the like and internally includes a predetermined modem chip (for example, a modem chip) having a function of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, A frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 20, the wireless terminal 120 implementing the combination type disposable authentication code through the medium authentication includes a controller 2000 corresponding to the modem chip, a screen output unit 210 corresponding to an LCD (Liquid Crystal Display) A sound processing section 2010 corresponding to a microphone / speaker, a key input section 2015 corresponding to a keypad, a radio processing section 2040 corresponding to an antenna and various RF modules, A memory unit 2025 and a battery 2020 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

Also, the wireless terminal 120 may include an IC chip 2035 (for example, a financial IC (hereinafter, referred to as &quot; IC chip &quot;) that is mounted on or removed from the wireless terminal 120 for providing various financial And an IC chip reader 2030 for reading / writing predetermined information (or data) to / from the IC chip 2035 .

The control unit 2000 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and receives a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory device A bus (BUS) for inputting and outputting program data, and a predetermined electronic circuit (or an integrated circuit) provided for the bus. The memory unit 2025, or the memory device 2025, (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 may be stored in the control unit 2000 for convenience The program routine of the controller 2000 basically includes an operating system routine (not shown) and at least one system management routine (e.g., power management routine, channel (forward / backward) (Not shown), and the control unit 2000 realizes various functional configurations to be implemented in the wireless terminal 120. The wireless terminal 120 may be a wireless terminal,

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 2000), the wireless terminal 120 can perform a predetermined booting procedure, such as a system setting detailed state, a pilot channel obtaining detailed state, a synchronization channel obtaining detailed state, and a timing conversion Quot; mobile station initialization state "including the detailed state.

After performing the booting procedure, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the controller 2000, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the combination type disposable authentication code through the medium authentication is such that the wireless terminal 120 can be started (i.e., started) through a predetermined key input in an operation mode corresponding to the " Or realized).

The screen output unit 2005 is a function configuration unit for a screen for confirming operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. One or more And a driver for driving the screen output device. The control unit 2000 may output at least one key data input through the key input unit 2015, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to an embodiment of the present invention, the screen output unit 2005 may include a menu screen corresponding to a function for implementing the combination type disposable authentication code through the medium authentication, a function processing screen for implementing the combination type disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 2010 processes a sound input and output in each operation mode of the wireless terminal 120. The sound processing unit 2010 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to the embodiment of the present invention, the sound processing unit 2010 can receive a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 2010 may include at least one sound content or multimedia content provided (or downloaded) from the wireless terminal 120 in at least one operation mode including the "mobile station call waiting state" It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 2015 may include a key input unit having at least one key button including a predetermined number key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 2000, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the control unit 2000 The control unit 2000 reads predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (for example, in response to a key event corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (or managing) at least one key data to the key event) And reads a command for executing a predetermined function matched and defined.

According to the embodiment of the present invention, the key input unit 2015 inputs a predetermined telephone number in the operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 2015 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to perform various functions provided in the display unit 120. [

According to the embodiment of the present invention, it is preferable that the key input unit 2015 performs a function of key input means for inputting at least one key data corresponding to the function of implementing the combination type disposable authentication code through the medium authentication .

The radio processing unit 2040 is a functional unit for connecting a radio channel to a base station on a mobile communication network that operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (e.g., a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode, or a Power Control in response to each operation mode of the wireless terminal 120 in cooperation with the controller 2000. In addition, Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 2040 may perform a radio frequency signal transmission / reception function (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the combined disposable authentication code through the medium authentication. Amplification, filtering, and the like).

Particularly, the radio processing unit 2040 processes the information or signal transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement the combined disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 shown in FIG. 20 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processing unit 2040 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x-based wireless network, the wireless processing unit 2040 may include a wireless communication function configuration that implements a combination type disposable authentication code The present invention is not limited to this configuration, and may include a wireless communication function configuration for accessing the IEEE 802.16x-based wireless network and implementing the combined disposable authentication code through the media authentication.

The IC chip reader unit 2030 may include an IC chip 2035 mounted on or removed from the wireless terminal 120 through an IC chip 2035 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or the ISO / IEC 7816 standard, the function of exchanging at least one piece of information (or data or command) with the ISO / IEC 7816 standard, the financial IC chip 2035, (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 2035 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the specification including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 2035 mounted or detached from the customer's wireless terminal receives a power supply VCC, a reset signal RST, a clock signal (Input / output interface) for communicating (e.g., exchanging commands or data) with the IC chip reader unit 2030 via contact points such as a power supply line CLK, ground GND, programming power supply VPP, or input / output A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating the internal resources of the IC card is stored in the IC chip reader 2030 via a power supply (VCC) contact point of the input / When the power is supplied, the COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 2035, and the clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And controls the exchange of information or data between the IC chip 2035 and the IC chip reader unit 2030 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 2035 storage information (for example, program code and data for IC chip 2035) for implementing a combination type disposable authentication code through medium authentication is stored in the memory of IC chip 2035 The storage information of the IC chip 2035 may include a storage unit (not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer's wireless terminal. And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) which includes an instruction call code for interacting with the instruction set of the COS and an execution code which is processed by the processor unit (Not shown) corresponding to the application is provided. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 2035 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a chip serial number (CSN) is stored, The IC chip 2035 storage information for the present invention includes the protection area and the COS control area. The protection area includes a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) management area. It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service And an element file (EF) containing actual information or data. The IC chip 2035 storage information for the present invention also includes the above-described file structure.

According to the embodiment of the present invention, the IC chip 2035 may store the user authentication IC chip 2035 storage information or the terminal authentication IC chip 2035 storage information for authenticating the validity of the user of the wireless terminal 120 It is preferable that one or more of them are provided.

The user authentication IC chip 2035 storage information or the terminal authentication IC chip 2035 storage information is used to store the user authentication information input through the key input unit 2015 into the IC chip 2035 authentication code (Or the wireless terminal 120) using the identification information of the terminal medium IC chip 2035 and the authentication result information of the terminal medium IC chip 2035 after the authentication of the user of the wireless terminal 120 (or the wireless terminal 120) A technical feature of authenticating the user of the wireless terminal 120 (or the wireless terminal 120) through the IC chip 2035 authentication code in the IC chip 2035, The technical feature of returning the authentication result information of the terminal medium IC chip 2035 corresponding to the authentication result of the user of the wireless terminal 120 (or the wireless terminal 120) is known, .

The memory unit 2025 may include a storage medium that stores at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium that records a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

In addition, the memory unit 2025 may include a media authentication server (not shown) for the media authentication server (1) 100 that authenticates the terminal medium corresponding to the wireless terminal 120 to implement the combination type disposable authentication code through the media authentication, (100) information (for example, address information of the medium authentication server (1) 100, unique information of the medium authentication server (1) 100) (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)).

Referring to FIG. 20, the wireless terminal 120 implementing the combination type disposable authentication code through the medium authentication includes an information input unit for receiving user authentication information through the key input unit 2015.

In order to implement the combination type disposable authentication code through the medium authentication, the information input unit outputs a user authentication information input interface in cooperation with the screen output unit 2005, And requests the user to input user authentication information for implementing the one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 2015. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be stored in the wireless terminal 120 through the user authentication IC chip 2035 storage information provided in the IC chip 2035 (or USIM) or the terminal authentication IC chip 2035 storage information. And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 20, when the combined type disposable authentication code is implemented through the terminal medium authentication, the wireless terminal 120 generates terminal medium authentication information based on the user authentication information input through the information input unit And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the wireless processing unit 2040 so that the medium corresponding to the wireless terminal 120 is firstly authenticated , The media authentication server (1) (100) receives the terminal medium authentication code from the medium authentication server (1) (100) at the terminal medium authentication and transmits the received terminal medium authentication code to the medium authentication server And an authentication processing unit for transmitting the authentication code from the media authentication server (2) (105) to the wireless terminal (120) in cooperation with the wireless processing unit (2040) (N) generation By having a receiving section for receiving information characterized by comprising.

In the case of implementing the combination type disposable authentication code through the terminal medium authentication, the authentication processing unit is configured to allow the media authentication server (1) (100) on the communication network to authenticate the terminal medium And generates terminal medium authentication information based on the authentication information.

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the media authentication server on the communication network for authenticating the terminal medium for the wireless terminal 120 , The authentication processing unit transmits the user authentication information and the unique information (e.g., MIN (Mobile Identification Number) information or ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) (E.g., International Mobile Subscriber Identity (IMSI) information, MSISDN (Mobile Station International ISDN Number), USIM specific information, etc.) provided in the terminal.

For example, the authentication processing unit may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120. [

Alternatively, the authentication processor may generate a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, And at least one information unique to the wireless terminal 120 to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 2035 (or USIM) through the user authentication IC chip 2035 storage information or the terminal authentication IC chip 2035 storage information The authentication processing unit may transmit the user authentication information to the IC chip reader 2030 through the IC chip reader unit 2030 when the authentication processing unit includes at least one PIN or password for authenticating the validity of the user of the wireless terminal 120. [ The user authentication IC chip 2035 stored in the IC chip 2035 (or the USIM), or the terminal authentication IC chip 2035 storage information to authenticate the IC chip 2035, (Or USIM), if the authentication result information of the terminal medium IC chip 2035 is returned through the user authentication information, the authentication result information of the returned terminal medium IC chip 2035 and the unique information of the wireless terminal 120 A terminal medium authentication certificate To produce the preferred.

For example, the authentication processing unit may generate the terminal medium authentication information by concatenating authentication result information of the terminal medium IC chip 2035 and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit may generate a terminal media verifier by performing an XOR operation on at least one of the authentication result information of the terminal medium IC chip 2035 and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip 2035 authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal medium IC chip 2035 may include at least one additional information item to be included in the terminal medium authentication information in addition to the authentication result information of the terminal medium IC chip 2035 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal media authentication information generation factor for generating terminal media authentication information to be transmitted to the media authentication server on the communication network, The authentication processing unit hashashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (e.g., a random number value generated by the terminal) The mobile terminal 120 generates the terminal media verifier by performing at least one XOR operation on the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) Generating terminal medium authentication information including at least one random number information and unique information of the wireless terminal 120 And the authentication processing unit can further hash the terminal media verifier according to the intention of a person skilled in the art.

For example, the authentication processing unit generates the terminal media authentication information by concatenating the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processor transmits the terminal medium authentication information to the memory unit (1) 100 to securely transmit the terminal medium authentication information to the medium authentication server 2025) (or the IC chip 2035) by using at least one encryption key.

When the terminal medium authentication information is generated as described above, the authentication processing unit transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processing unit 2040 , And the media authentication server (1) (100) performs first authentication of the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 2035 (or USIM) through the user authentication IC chip 2035 storage information or the terminal authentication IC chip 2035 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And authenticates the validity of the IC chip 2035 (2035) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in a storage medium provided in the media authentication server (1) ) (Or USIM) The terminal medium IC chip 2035 authentication information is generated through the same logic as the user authentication IC chip 2035 storage information or the terminal authentication IC chip 2035 storage information And extracts the terminal medium IC chip 2035 authentication information included in the terminal medium IC chip 2035 authentication information and the terminal medium IC chip 2035 authentication result information included in the terminal medium authentication information And verifies the validity of the terminal medium.

If the terminal media verifier is included in the terminal medium authentication information by XORing at least one of the authentication result information of the terminal medium IC chip 2035 and the unique information of the wireless terminal 120 with a one-way hash function, The media authentication server (1) (100) transmits at least one or more pieces of authentication information of the terminal medium IC chip (2035) provided in the storage medium and unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the medium authentication server (1) (100) generates (or extracts) a terminal medium authentication code corresponding to the terminal medium authentication result, And transmits the terminal authentication code to the wireless terminal (120) through a communication network. The authentication processing unit receives the terminal authentication code from the media authentication server (1) (100).

Then, the authentication processing unit transmits the received terminal medium authentication code to the medium authentication server (2) (105) through a communication network.

According to an embodiment of the present invention, the authentication processing unit generates terminal medium authentication information through the user authentication information and transmits the authentication information to the media authentication server (1) 100 through a similar (or the same) (For example, a terminal media verifier is concatenated with the terminal medium authentication code and the unique information of the wireless terminal 120, or a terminal media verifier including the terminal medium authentication code and the unique information of the wireless terminal 120) (2) 105, and if it is a person having ordinary skill in the art to which the present invention pertains, it is possible to transmit the terminal medium authentication code through a method of generating the terminal medium authentication information, The detailed description thereof will be omitted for the sake of simplicity.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code N) generation information for generating the authentication code (N) to be transmitted to the wireless terminal (120), and transmits the generated authentication code (N) generation information to the wireless terminal And code (N) generation information.

At this time, if the program code N for generating the authentication code (N) is not provided to the wireless terminal 120 through the authentication code (N) generation information, the medium authentication server (2) (N) for generating the authentication code (N) through the authentication code (N) generation information to the wireless terminal (120) in response to the terminal medium authentication, And the receiving unit further receives a program code (N) for generating the authentication code (N) through the wireless processing unit (2040) through the authentication code (N) generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code N to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code N to the wireless terminal 120. In response to the authentication code N, And receives the authentication code (N).

20, the wireless terminal 120 includes an authentication code generation unit for generating an authentication code (N) based on authentication code (N) generation information received through the reception unit, And an output processor for outputting the generated authentication code (N) in association with the authentication code (N).

(N) generation information for generating the authentication code (N) through the receiving unit is received when the authentication code generating unit is provided with the program code (N) for generating the authentication code (N) , The authentication code generation unit generates an authentication code (N) of N digits using the received authentication code (N) generation information.

On the other hand, when the program code N for generating the authentication code (N) is not provided in the authentication code generation unit, authentication code (N) generation information for generating the authentication code (N) through the receiver The authentication code generating unit may generate an N-digit authentication code (N) using the received authentication code (N) generation information through the program code (N) received through the receiver.

According to another embodiment of the present invention, when the authentication code (N) is directly received through the receiving unit, the authentication code generating unit may omit generating the authentication code (N), so that the present invention is not limited No.

(For example, a hash algorithm) for generating an N-digit authentication code (N) using the authentication code (N) generation information, if the authentication code generation unit is a person skilled in the art, The detailed description thereof will be omitted for the sake of convenience.

When the N-digit authentication code (N) is generated, the output processor associates the combined N-digit authentication code (N) with the screen output unit (2005) And outputting the result to the output terminal.

According to one embodiment of the present invention, the output processing unit outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in connection with the screen output unit 2005, It is preferable to output the N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit outputs (or assigns) the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in connection with the screen output unit 2005 , And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 21 is a diagram showing a system configuration of a combination type disposable authentication code by medium authentication according to an embodiment of the present invention.

In more detail, FIG. 21 illustrates a wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 20, (N > = 2) digits of the disposable authentication code are implemented so as to implement N (N &gt; = 2) digit combined disposable authentication codes, and those skilled in the art will refer to FIG. 21 The present invention is not limited to the above-described embodiments, and various changes and modifications may be made without departing from the spirit and scope of the present invention. The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 21, the system for implementing a combination type disposable authentication code through medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 20, a wireless terminal 120 connected to the wireless terminal 120, A media authentication server (1) (100) for performing a first terminal medium authentication for the wireless terminal (120) and transmitting a terminal medium authentication code to the wireless terminal (120) in response to the first medium authentication result (N) for generating a N-digit authentication code (N) to the wireless terminal (120) in response to the second medium authentication result, performing a second terminal media authentication for the wireless terminal And a media authentication server (2) (105) for generating the authentication code (N) of N digits and providing it to the wireless terminal (120).

In order to implement the combination type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 receives the terminal medium authentication code from the media authentication server (1) 100 as a result of the first terminal medium authentication, and transmits the received terminal medium authentication code to the media authentication server 2) &lt; / RTI &gt;

The wireless terminal 120 also receives authentication code (N) generation information for generating an authentication code (N) of N digits from the media authentication server (2) 105 as a result of the second terminal media authentication And a function of generating an N-digit authentication code (N) from the server through the received authentication code (N) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (N) of N digits from the media authentication server (2) 105 as a result of the terminal media authentication.

In FIG. 21, a technical characteristic for generating an N-digit authentication code (N) in the wireless terminal 120 will be described with reference to FIG. 14, and a detailed description thereof will be omitted for simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) 2125 for further storing the terminal medium authentication rule information through information. The storage medium (1) 2125 includes a storage medium And the authentication code generation rule information for generating the terminal medium authentication code is further stored in association with each other.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, It is preferable that one or more of the terminal media authentication rules are stored in the storage medium (1) 2125 when the media authentication server (1) 100 is implemented with the terminal medium authentication rules in the form of a program code , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 2125, and thus the present invention is not limited thereto.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 2155 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code (N) generation information for generating an authentication code (N) in the wireless terminal (120) when the terminal medium is authenticated, or the wireless terminal (120) generates authentication code And the authentication code generation rule information for generating the authentication code (N) to be transmitted to the terminal (120).

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) In the case where the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 2155, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating authentication code (N) generation information for generating an authentication code (N) in the wireless terminal 120 or a rule for generating authentication code (N (2) (2155), if the authentication code generation rule is implemented in the form of a program code in the medium authentication server (2) 105, it is preferable to define at least one rule for generating the authentication code The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, when the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information, the storage medium 2 (2155) stores user authentication information (not shown) 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (N) is not provided to the wireless terminal 120, the media authentication server 2 (105) (Or interlocking) the program code D / B 2160 for classifying and storing the program code N for generating the authentication code N according to the platform of the wireless terminal 120 according to the program codes D / B, program analyzer, operating system, .

Those skilled in the art will recognize the technical features of the program code N for generating the authentication code N according to a plurality of wireless terminal 120 platforms, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 comprises an interface unit 2100 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 2100 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (N) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system) And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system), the interface unit 2100 A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 21, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An authentication information receiving unit 2105 for receiving the terminal medium authentication information in cooperation with the interface unit 2100 when the terminal unit 2100 transmits the terminal medium authentication information, An authentication code generation unit 2115 for generating a terminal medium authentication code when the terminal medium is authenticated; and an authentication code generation unit 2115 for generating a terminal medium authentication code, And an authentication code transmitting unit (2120) for transmitting the terminal medium authentication code to the wireless terminal (120).

When the wireless terminal 120 generates the terminal medium authentication information for the terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 2105 transmits the terminal medium authentication information to the interface unit 2100 When the terminal medium authentication information is encrypted, the authentication information receiving unit 2105 decrypts the encrypted terminal medium authentication information through the decryption key. .

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authentication unit (1) 2110 checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, 120 authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (1) (2125), which is stored in association with the unique information of the wireless terminal (120), with the user authentication information included in the terminal medium authentication information, And validates the validity.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1 ) 2110 transmits at least one of the user authentication information provided in the storage medium (1) 2125 and the unique information of the mobile terminal 120 confirmed through the communication session to the same method as the terminal media verifier And XORing the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 2110 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium 1 (2125) provided in (or linked to) User authentication IC chip storage Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or if the terminal medium IC chip authentication information is stored in the storage medium (1) 2125), the terminal medium IC chip authentication information And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit (1) 2110 receives at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 2125 and the unique information of the wireless terminal 120 identified through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication unit (1) 2110 transmits the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 2125 stored in the terminal medium authentication unit 1 (2110) and authenticated to the terminal 120 (220) and stored in association with the unique information of the wireless terminal 120 And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the authentication code generation unit 2115 generates (or extracts) the terminal medium authentication code using the authentication code generation rule information do.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 2115, the authentication code transmission unit 2120 transmits the generated terminal medium authentication code in association with the interface unit 2100 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

According to the present invention, the media authentication server (2) 105 includes an interface unit 2130 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 2130 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (N) generation information is connected.

According to an embodiment of the present invention, when the medium authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system), the interface unit 2130 may transmit And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system), the interface unit 2130 A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 21, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 transmits the terminal authentication code to the terminal A terminal medium authentication unit (2) 2140 for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal 120, (N) generation information for generating an authentication code (N) in the wireless terminal (120), or the authentication code (N) to be transmitted to the wireless terminal (120) (N) generation information (or authentication code (N)) to the wireless terminal 120 in cooperation with the interface unit 2130, (2150).

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the generated terminal medium authentication code through the communication channel, the authentication code receiving unit 2135 transmits the terminal medium authentication code to the interface unit 2130 When the terminal medium authentication code is encrypted, the authentication code receiving unit 2135 decrypts the encrypted terminal medium authentication code through the decryption key. .

Then, the terminal medium authentication unit (2) 2140 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generation unit 2145 generates authentication code (N) generation information for generating an authentication code (N) in the wireless terminal (120) through the authentication code generation rule information Or extraction).

According to another embodiment of the present invention, the information generation unit 2145 generates (or extracts) the authentication code (N) generation information through the authentication code generation rule information, and generates the authentication code (N) to be transmitted to the wireless terminal (120).

When the authentication code (N) generation information is generated (or extracted) through the information generation unit 2145 according to an embodiment of the present invention, the transmission unit 2150 transmits, to the interface unit 2130, And transmits the generated authentication code (N) generation information to the wireless terminal 120. In response to the generated authentication code (N), the wireless terminal 120 transmits the authentication code (N) .

When the authentication code N is generated (or extracted) through the information generation unit 2145 according to another embodiment of the present invention, the transmission unit 2150 generates the authentication code N in association with the interface unit 2130 (N) to the wireless terminal (120).

If the program code N for generating the authentication code N is not provided to the wireless terminal 120 through the authentication code generation information, the transmission unit 2150 transmits the program code D / (N) to generate the authentication code (N) through the authentication code (N) generation information in association with the authentication code (B) 2160 to the wireless terminal (120).

FIG. 22 is a diagram illustrating a medium authentication process for implementing a combined disposable authentication code according to an embodiment of the present invention.

In more detail, FIG. 22 shows a wireless terminal 120 function configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 20, A method for performing a first medium authentication with a media authentication server (1) (100) and a second medium authentication with a medium authentication server (2) (105) on a combined disposable authentication code implementation system, Those skilled in the art will be able to conceive of various implementations of the media authentication process for implementing the combined disposable authentication code with reference to and / or modification of FIG. 22, The present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the scope of the present invention.

Hereinafter, in FIG. 22, the media authentication server (1) 100 on the combined disposable authentication code implementation system shown in FIG. 21 is referred to as "server 1" for convenience, and the medium authentication server (2) Quot; server 2 &quot;.

Referring to FIG. 22, the wireless terminal 120 checks whether a menu (or a key button) for implementing a combination type disposable authentication code through media authentication is input (2200), and if the menu When a menu (or a key button) is input (2205), the wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, and if user authentication information is inputted through the interface (2210).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is confirmed in step 2215 that the user authentication information has been input, the wireless terminal 120 authenticates the terminal medium corresponding to the wireless terminal 120 in the server 1 using the user authentication information And generates terminal medium authentication information (2220).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated 2225, the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 through the communication channel (2230).

Then, the server 1 reads the terminal medium authentication information in cooperation with the storage medium 1 (2125), and performs a first authentication process on the terminal medium (2235).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The server 1 confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and includes the specific information of the wireless terminal 120 and the terminal medium authentication information The wireless terminal 120 is authenticated with the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the storage medium 1 2125 stored in the server 1 Authenticating the validity of the terminal medium by comparing user authentication information stored in association with unique information and user authentication information included in the terminal medium authentication information.

If the terminal 1 includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal medium authentication information, the server 1 may include a terminal media verifier, (1) 2125 and unique information of the mobile terminal 120 identified through the communication session, in the same manner as the terminal media verifier, and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server 1 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal authentication information, and transmits the terminal authentication information to the server 1 , Verifies the validity of the wireless terminal (120) by comparing the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, Stored in the IC chip (or the USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium 1 (2125) In addition (Or the terminal medium IC chip authentication information is stored in the storage medium (1) 2125) through the same logic as the terminal authentication IC chip storage information ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and the terminal media verifier is included in the terminal medium authentication information, 1) transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 2125 and the unique information of the wireless terminal 120 confirmed through the communication session to the same terminal medium verifier And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The server 1 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 to the terminal 1, (1) 2125 that is provided (or linked to) the server 1 by comparing the unique information of the wireless terminal 120 included in the media authentication information to authenticate the validity of the wireless terminal 120 The user authentication information stored in association with the unique information of the wireless terminal 120 is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated 2240, the server 1 generates terminal medium authentication error information and transmits the terminal medium authentication error information to the wireless terminal 120 through the communication channel 2245, The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

When the terminal medium authentication information is authenticated (2240), the server 1 generates a terminal medium authentication code in association with the storage medium (1) 2125 and transmits it to the wireless terminal 120 through the communication channel (2250).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel 2255.

Then, the server 2 reads the terminal medium authentication code in conjunction with the storage medium 2 (2155) and performs a second authentication process on the terminal medium (2260).

If the terminal medium authentication code is not authenticated 2265, the server 2 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel 2270, The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

On the other hand, if the terminal medium authentication code is authenticated 2265, the server 2 generates authentication code (N) generating information for generating a combined disposable authentication code through the process shown in FIG. 23, FIG. 24, And generates and transmits an authentication code (N) to the wireless terminal (120).

FIG. 23 is a diagram showing a configuration of a completed disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.

FIG. 23 is a diagram illustrating a media authentication server 1 (FIG. 20) on the completed disposable authentication code implementation system shown in FIG. 21, from the wireless terminal 120 shown in FIG. 20 through the media authentication process shown in FIG. 100) and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (N) generation information as the medium authentication result, (N) is generated through the received authentication code (N) generation information to implement an authentication code for an N-digit complete type call when the authentication code is transmitted to the authentication server (120). In the technical field of the present invention, Those skilled in the art will be able to refer to and modify Figure 23 to derive various implementations of the process of implementing a completed type of disposable authentication code through the medium authentication, Is made, including a method, to which the technical feature that is not limited to the exemplary method shown in the figure 23.

Hereinafter, in FIG. 23, the medium authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 21 is referred to as a "server" for convenience.

Referring to FIG. 23, after media authentication is performed through the media authentication process shown in FIG. 22, the server, in association with the storage medium 2 (2155) (N) generation information for generating an authentication code (N) in the wireless terminal 120 (2300), and transmits the authentication code (N) generation information to the wireless terminal 120 via the communication channel The wireless terminal 120 receives the authentication code (N) generation information through the communication channel (2310), and transmits the authentication code (N) through the received authentication code (N) (2315).

If the authentication code N is generated in step 2320, the wireless terminal 120 outputs the generated authentication code N on the screen of the wireless terminal 120 in step 2330, N is used for the one-time authentication process through the wireless terminal 120 or the one-time authentication process through at least one disposable authentication code input medium.

FIG. 24 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

More specifically, FIG. 24 is a block diagram of the media authentication server 1 (FIG. 22) on the completed disposable authentication code implementation system shown in FIG. 21 in the wireless terminal 120 shown in FIG. 20 through the media authentication process shown in FIG. The media authentication server 2 105 generates the authentication code N directly as the medium authentication result after the medium authentication through the media authentication server 2 100 and the medium authentication server 2 105. Then, 120), a process for generating an authentication code (N) through the received authentication code (N) generation information to implement an authentication code for a completed type call of N digits is described. In the technical field of the present invention, It will be appreciated that various implementations of the complete disposable authentication code implementation process through the media authentication can be inferred by referring to and / or modifying FIG. 24, It becomes to include the place, to which the technical feature that is not limited to the exemplary method shown in the figure 24.

Hereinafter, in FIG. 24, the medium authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 21 is referred to as a "server" for convenience.

Referring to FIG. 24, after media authentication is performed through the medium authentication process shown in FIG. 22, the server communicates with the storage medium 2 (2155) (N) generation information for generating an authentication code (N) in step S 2405, and generates an authentication code (N) through the generated authentication code (N) generation information (2405).

If the authentication code N is generated 2410, the server transmits the authentication code N to the wireless terminal 120 through the communication channel 2415 and correspondingly transmits the authentication code N to the wireless terminal 120 Receives (2420) the authentication code (N) through the communication channel, outputs the received authentication code (N) to the screen of the wireless terminal 120 (2425), and then transmits the authentication code N ) Is used for the one-time authentication process through the wireless terminal 120, or the one-time authentication process through the at least one disposable authentication code input medium.

FIG. 25 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

More specifically, FIG. 25 is a diagram illustrating a media authentication server 1 (FIG. 20) on the completed disposable authentication code implementation system shown in FIG. 21, from the wireless terminal 120 shown in FIG. 20 through the media authentication process shown in FIG. (N) generation information as the medium authentication result in the medium authentication server (2) (105) after medium authentication through the medium authentication server (2) (105) (N) to the wireless terminal (120) by generating the authentication code (N) through the authentication code (N) generation information and the authentication code And generating an authentication code (N) through the generation information to implement an authentication code for an N-digit complete type call, and those skilled in the art will be able to refer to FIG. 25 and FIG. / Or &lt; / RTI &gt; Type would be able to infer a variety of exemplary methods for the one-time authentication code implementation, the present invention is made, including any exemplary way in which the inference, to which the the technical features are not limited to the exemplary method shown in the figure 25.

Hereinafter, in FIG. 25, the media authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 21 is referred to as a "server" for convenience.

Referring to FIG. 25, after media authentication is performed through the medium authentication process shown in FIG. 22, the server communicates with the storage medium 2 (2155) (N) generation information for generating an authentication code (N) in the wireless terminal (120) and transmitting the program code (N) to the wireless terminal (120) in association with the program code D / B And transmits the authentication code (N) generation information and the program code (N) through the communication channel (2505).

The wireless terminal 120 receives the authentication code (N) generation information and the program code N (2510) through the communication channel and generates the authentication code (N) based on the program code (N) And generates the authentication code (N) through the generation information (2515).

If the authentication code N is generated 2520, the wireless terminal 120 outputs the generated authentication code N on the screen of the wireless terminal 120 (2525) N is used for the one-time authentication process through the wireless terminal 120 or the one-time authentication process through at least one disposable authentication code input medium.

FIG. 26 is a diagram illustrating a functional configuration of a wireless terminal 120 that implements a combined disposable authentication code through medium authentication according to another embodiment of the present invention.

FIG. 26 is a block diagram illustrating a mobile communication terminal accessing a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (1) 100 through the medium authentication server (1) 100, and more particularly, to a preferred functional configuration of a terminal device implementing the combination type disposable authentication code through the medium authentication, (N> = 2) via the one-time authentication code generation information received from the medium authentication server (2) 105 as a result of the second medium authentication through the medium authentication server (2) ) Number of digits of the disposable authentication code.

In the present invention, the combination type disposable authentication code of N (N> = 2) digits is referred to as a "combined disposable authentication code" or "authentication code (N)" for convenience.

Those skilled in the art will appreciate that other terminal devices implementing the combined disposable authentication code (e.g., HSDPA (High-Speed Downlink Packet A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, The invention is not limited to the technical features of the present invention.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna And a battery 2620. A predetermined modem chip (for example, a modem chip) including a function of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, A frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 26, the wireless terminal 120 implementing the combination type disposable authentication code through the media authentication includes a controller 2600 corresponding to the modem chip, a screen output unit 2600 corresponding to an LCD (Liquid Crystal Display) A sound processing unit 2610 corresponding to the microphone / speaker, a key input unit 2615 corresponding to the keypad, a radio processing unit 2640 corresponding to the antenna and various RF modules, A memory unit 2625 and a battery 2620 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may further include an IC chip 2635 (for example, a financial IC (hereinafter, referred to as a &quot; financial IC &quot;)) mounted or detached from the wireless terminal 120 for providing various financial And an IC chip reader 2630 for reading / writing predetermined information (or data) to / from the IC chip 2635 .

The control unit 2600 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and receives a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory device A bus (BUS) for inputting / outputting program data, and a predetermined electronic circuit (or an integrated circuit) provided for the bus. The memory 2625 or the memory device 2625 (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 is conveniently stored in the control unit 2600 The program routine of the control unit 2600 basically includes an operating system routine (not shown) and at least one system management routine (e.g., a power management routine, a channel (forward / backward) A control routine, a handoff routine, etc.), and the control unit 2600 realizes various functional configurations to be implemented in the wireless terminal 120. FIG.

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 2600), the wireless terminal (120) performs a predetermined boot procedure to load the system configuration detailed state, the pilot channel acquisition detailed state, the synchronization channel acquisition detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

After performing the booting procedure, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the controller 2600, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the combination type disposable authentication code through the medium authentication is such that the wireless terminal 120 can be started (i.e., started) through a predetermined key input in an operation mode corresponding to the " Or realized).

The screen output unit 2605 is a function configuration unit for a screen for confirming operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. One or more And a driver for driving the screen output device. The control unit 2600 may output at least one key data input through the key input unit 2615, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to the embodiment of the present invention, the screen output unit 2605 displays a menu screen corresponding to the function of implementing the combination type disposable authentication code through the medium authentication, a function processing screen for implementing the combination type disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processor 2610 processes sound input / output in each operation mode of the wireless terminal 120. The sound processor 2610 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to an embodiment of the present invention, the sound processing unit 2610 may receive a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 2610 may be operable to reproduce at least one sound content or multimedia content provided (or downloaded) from the wireless terminal 120 in at least one operation mode including the "mobile station call waiting state & It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 2615 may include a key input unit having at least one key button including a predetermined number key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 2600, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the controller 2600, The control unit 2600 reads predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (e.g., corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (or managing) at least one key data to the key event) And reads a command for executing a predetermined function matched and defined.

According to the embodiment of the present invention, the key input unit 2615 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 2615 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call waiting state" among the operation modes of the wireless terminal 120, It is desirable to perform various functions provided in the terminal 120. [

According to the embodiment of the present invention, it is preferable that the key input unit 2615 performs a function of key input means for inputting at least one key data corresponding to the function of implementing the combination type disposable authentication code through the medium authentication .

The radio processing unit 2640 is a functional unit for connecting a radio channel to a base station on a mobile communication network that operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (e.g., a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode or a Power Control in response to each operation mode of the wireless terminal 120 in cooperation with the control unit 2600. The control unit 2600 controls the operation of the wireless terminal 120, Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 2640 may perform radio frequency signal transmission and reception functions (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the combination type disposable authentication code through the medium authentication. Amplification, filtering, and the like).

In particular, the radio processing unit 2640 may process the information or signal transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement the combined disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 shown in FIG. 26 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processor 2640 accesses the HSDPA-based wireless network, The wireless processing unit 2640 may be configured to include a wireless communication function configuration for implementing a combination type disposable authentication code via the IEEE 802.16x-based wireless network, or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x-based wireless network, The present invention is not limited to this configuration, and may include a wireless communication function configuration for accessing the IEEE 802.16x-based wireless network and implementing the combined disposable authentication code through the media authentication.

The IC chip reader unit 2630 may include an IC chip 2635 mounted on or removed from the wireless terminal 120 through an IC chip 2635 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or at least one information (or data or command) with a financial IC chip 2635, USIM or the like), or a contact type IC card reader corresponding to the ISO / IEC 7816 standard, (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 2635 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the specification including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 2635 mounted on or removed from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal (Input / output interface) for communicating (e.g., exchanging commands or data) with the IC chip reader unit 2630 through contact points such as a clock signal CLK, ground GND, programming power supply VPP, or input / output A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating internal resources of the IC card is stored in the IC chip reader 2630 via a power supply (VCC) contact point of the input / When the power is supplied, the COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 2635, and the clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And controls the exchange of information or data between the IC chip 2635 and the IC chip reader 2630 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 2635 storage information (for example, program code and data for IC chip 2635) for implementing a combination type disposable authentication code through medium authentication is stored in the memory of IC chip 2635 (Not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer's wireless terminal and read and / or used, And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) which includes an instruction call code for interacting with the instruction set of the COS and an execution code which is processed by the processor unit (Not shown) corresponding to the application is provided. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 2635 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a CSN (Chip Serial Number) is stored, The IC chip 2635 storage information for the present invention includes the protection area and the COS control area. The storage area of the IC chip 2635 is divided into a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service And an element file (EF) containing substantial information or data. The IC chip 2635 storage information for the present invention also includes the above-described file structure.

According to the embodiment of the present invention, the IC chip 2635 may store the user authentication IC chip 2635 storage information or the terminal authentication IC chip 2635 storage information for authenticating the validity of the user of the wireless terminal 120 It is preferable that one or more of them are provided.

The user authentication IC chip 2635 storage information or the terminal authentication IC chip 2635 storage information is used to store the user authentication information input through the key input unit 2615 into the IC chip 2635 authentication code It is preferable to return the authentication result information of the terminal medium IC chip 2635 after authenticating the user of the wireless terminal 120 (or the wireless terminal 120) A technical feature that the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated through the IC chip 2635 authentication code in the IC chip 2635, The technical feature of returning the authentication result information of the terminal medium IC chip 2635 corresponding to the authentication result to the user of the wireless terminal 120 (or the wireless terminal 120) is known. .

The IC chip 2635 may store the server authentication IC chip 2635 storage information for authenticating the validity of the medium authentication server 1 100 or the medium authentication server 2 105, As shown in FIG.

The server authentication IC chip 2635 storage information is stored in the media authentication server 1 100 via the server medium 1 IC chip 2635 authentication information received from the medium authentication server 1 (2) IC chip (2635) authentication information received from the medium authentication server (2) (105) or after returning authentication result information of the server medium (1) It is preferable to return the authentication result information of the server medium 2 IC chip 2635 after validating the validity of the medium authentication server 2 105 through the authentication server 200. In the technical field of the present invention, (1) 100 authentication information through the IC chip 2635 using the authentication information of the server medium 1 IC chip 2635 and the technical features of authenticating the medium authentication server 1 A server medium 2 corresponding to the authentication result of the server medium 2 (IC chip 2635) (2) the authentication result information of the server medium (2) IC chip (2635) corresponding to the authentication result of the medium authentication server (2) (105) The detailed description will be omitted for the sake of brevity.

Alternatively, the memory provided in the IC chip 2635 may store the server authentication information 1 or the server authentication information 2 in order to implement the combination type disposable authentication code through the medium authentication instead of the memory unit 2625 The server authentication information 1 or the server authentication information 2 may be provided on the IC chip 2635 in the form of a server certificate provided in the IC chip 2635. [

The memory unit 2625 includes a storage medium for storing at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

The memory unit 2625 may further include a medium authentication server (1) 100 for the medium authentication server (1) 100 that authenticates the terminal medium corresponding to the wireless terminal 120 to implement the combination type disposable authentication code through the medium authentication, (100) information (for example, address information of the medium authentication server (1) 100, unique information of the medium authentication server (1) 100) (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)).

Referring to FIG. 26, the wireless terminal 120 implementing the combined disposable authentication code through the media authentication includes an information input unit for receiving user authentication information through the key input unit 2615.

The information input unit outputs the user authentication information input interface in cooperation with the screen output unit 2605 to implement the combination type disposable authentication code through the medium authentication, And requests the user to input user authentication information for implementing the disposable authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 2615. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be stored in the wireless terminal 120 through the user authentication IC chip 2635 stored in the IC chip 2635 (or USIM) or the terminal authentication IC chip 2635 storage information. And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 26, when the combined type disposable authentication code is implemented through the server medium authentication performed in association with the terminal medium authentication, the wireless terminal 120 transmits the user authentication information, which is input through the information input unit, And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the wireless processing unit 2640 to transmit the terminal medium authentication information to the medium corresponding to the wireless terminal 120 (1) 2645 for processing the server medium (1) authentication information (1) 2600 and the server medium (1) A server authentication unit (1) (2650) for authenticating the server medium and transmitting the server medium (1) authentication result information to the media authentication server (1) (100) in cooperation with the wireless processing unit (2640) In conjunction with the radio processing unit 2640, Receives the terminal medium authentication code corresponding to the server medium (1) authentication result information from the medium authentication server (1) (100), and transmits the received terminal medium authentication code to the medium authentication server (2) (2) 2655 for processing the medium corresponding to the wireless terminal 120 to be secondly authenticated in response to the request from the media authentication server 2 (105) And a receiving unit (2660) for receiving authentication code (N) generation information corresponding to the medium (2) authentication result information.

According to another embodiment of the present invention, when the terminal 120 receives the terminal medium authentication code corresponding to the server medium 1 authentication result information from the medium authentication server (1) 100, (2) 2655 transmits the authentication result to the authentication processing unit (1) 2645 through the terminal medium authentication code in a similar (or identical) manner to the first authentication method of the medium corresponding to the wireless terminal 120 (Or the same) as the method of authenticating the medium corresponding to the wireless terminal 120 and authenticating the server medium by the server authentication unit (1) 2650 in the server authentication unit 2 (not shown) (1) 2645 and the server authentication unit (1) 2650, if it is possible to authenticate the server medium in one way and have a general knowledge in the technical field of the present invention, The authentication processing unit 2 (2655) and the server authentication unit 2 (not shown) Since there can be deduced the technical features for authenticating the medium and the end of the media server, a detailed description thereof in the figure 26 it will be omitted for convenience.

When the combined disposable authentication code is implemented through the server medium authentication performed in conjunction with the terminal medium authentication, the authentication processing unit (1) 2645 transmits the terminal medium in the media authentication server (1) And generates the terminal medium authentication information based on the user authentication information input through the information input unit to process the authentication information.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 It is preferable that the authentication processing unit (1) 2645 generates terminal medium authentication information including the user authentication information and the unique information of the wireless terminal 120.

For example, the authentication processing unit (1) 2645 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120. [

Alternatively, the authentication processing unit (1) 2645 generates a terminal media verifier by hashing at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the authenticator, the user authentication information, and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

If the user has a general knowledge in the technical field of the present invention, at least one additional information item to be included in the terminal medium authentication information and the additional information, in addition to the user authentication information and the unique information of the wireless terminal 120, The technical characteristics to be included in the authentication information can be inferred, and the present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 2635 (or USIM) through the user authentication IC chip 2635 storage information or the terminal authentication IC chip 2635 storage information (1) 2645 includes at least one personal identification number (PIN) or password for authenticating the validity of the user of the wireless terminal 120, the authentication processing unit (1) (2635) stored in the IC chip (2635) (or USIM), or the terminal authentication IC chip (2635) storage information to be authenticated, and the authenticated When the IC chip 2635 (or the USIM) returns the authentication result information of the terminal medium IC chip 2635 through the user authentication information, the authentication result information of the terminal medium IC chip 2635 and the authentication result information of the wireless terminal 120 ) Terminal information including unique information It is preferred to generate the authentication information.

For example, the authentication processing unit (1) 2645 may generate the terminal medium authentication information by concatenating authentication result information of the terminal medium IC chip (2635) and the unique information of the wireless terminal (120).

Alternatively, the authentication processing unit (1) 2645 hashes at least one of the authentication result information of the terminal medium IC chip 2635 and the unique information of the wireless terminal 120 into a one-way hash function, performs XOR operation, And generates the terminal medium authentication information by concatenating at least one of the terminal medium verifier, the terminal medium IC chip 2635 authentication result information, and the wireless terminal 120 specific information.

The terminal medium IC chip 2635 may include at least one additional information item to be included in the terminal medium authentication information in addition to the authentication result information of the terminal medium IC chip 2635 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ) Or a secret number, the authentication processing unit (1) 2645 hashashes the user authentication information through a one-way hash function, and transmits the hashed user authentication information, at least one random number value (For example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function), and generates a terminal media verifier The terminal medium authentication information including the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 And the authentication processing unit (1) 2645 can further hash the terminal media verifier according to the intention of those skilled in the art.

For example, the authentication processing unit 1 (2645) concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, It is preferable to generate the medium authentication information.

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processing unit (1) 2645 transmits the terminal medium authentication information to the medium authentication server (1) 100 on the communication network (Or the IC chip 2635) with the at least one encryption key included in the memory unit 2625 (or the IC chip 2635).

When the terminal medium authentication information is generated as described above, the authentication processing unit (1) 2645 associates the generated terminal medium authentication information with the wireless processing unit 2640 to the medium authentication server (1) 100 on the communication network And the media authentication server (1) (100) authenticates the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 2635 (or USIM) through the user authentication IC chip 2635 storage information or the terminal authentication IC chip 2635 storage information (1) 100 includes at least one personal identification number (PIN) or a password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And transmits the authentication information to the IC chip 2635 (1) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in a storage medium provided in the media authentication server (1) ) (Or USIM) (Or the terminal medium IC chip 2635) authentication information through the same logic as the user authentication IC chip 2635 storage information or the terminal authentication IC chip 2635 storage information (2635) authentication information of the terminal medium IC chip (2635) included in the terminal medium IC chip (2635) authentication information and the terminal medium IC chip (2635) authentication information contained in the terminal medium authentication information And verifies the validity of the terminal medium.

If at least one of the authentication result information of the terminal medium IC chip 2635 and the unique information of the wireless terminal 120 is hashed as a one-way hash function and the terminal media verifier is included in the terminal medium authentication information, The media authentication server (1) (100) transmits at least one of the authentication information of the terminal medium IC chip (2635) provided in the storage medium and the unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal authentication information is authenticated through any one of the above-described methods, the media authentication server (1) (100) authenticates the medium authentication (1) based on the server authentication information stored in the storage medium (Or extracts) the server medium authentication information (1) for authenticating the medium corresponding to the server (1) (100).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit 2625 (or an IC chip 2635 or USIM) provided in the wireless terminal 120 And the server authentication information is stored in the server certificate included in the memory unit 2625 (or the IC chip 2635, or USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information is transmitted to a server (not shown) authenticated by the user authentication IC chip 2635 stored in the IC chip 2635 (or USIM) And the authentication information of the medium IC chip (2635).

According to another embodiment of the present invention, the server authentication information is preferably matched with information (for example, user authentication information) input through the key input unit 2615 provided in the wireless terminal 120. [

When the server authentication information is matched with the server authentication information stored in the memory unit 2625 (or the IC chip 2635 or the USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The media authentication server (1) (100) preferably generates the server medium authentication information (1) including the server authentication information and the medium authentication server (1) (100) information.

For example, the media authentication server (1) (100) preferably concatenates the server authentication information and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

Alternatively, the media authentication server (1) 100 may have at least one of the server authentication information and the medium authentication server (1) 100 information hashed as a one-way hash function, and then XORed to generate a server medium verifier , The server medium verifier, the server authentication information, and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

(1) 100, at least one additional information item to be included in the server medium authentication information (1) and at least one additional information item to be included in the server medium authentication information (1) It is possible to deduce a technical feature of including the information in the server medium authentication information 1, and the present invention is characterized in that it includes all the inferable information items.

The server authentication information is authenticated by the user authentication IC chip 2635 storage information provided in the IC chip 2635 (or USIM) provided in the wireless terminal 120 according to another embodiment of the present invention, When the IC chip 2635 (or the USIM) includes the authentication information, the media authentication server (1) 100 transmits the server authentication information from the wireless terminal 120 to the server The server medium IC chip 2635 authentication information and the server medium IC chip 2635 authentication information are generated in the server medium IC chip 2635 authentication information form for processing to be authenticated by providing the authentication IC chip 2635 as storage information, It is preferable to generate the server medium authentication information (1) including information.

For example, the medium authentication server (1) 100 preferably generates the server medium authentication information (1) by concatenating the server medium IC chip 2635 authentication information and the medium authentication server (1) 100 information Do.

Alternatively, the media authentication server (1) 100 may have at least one or more pieces of information of the server medium IC chip 2635 authentication information and the medium authentication server (1) 100 information be hashed as a one-way hash function, And generates the server medium authentication information (1) by concatenating at least one or more pieces of information of the server medium verifier, the server medium IC chip (2635) authentication information, and the medium authentication server (1) .

The server medium IC chip 2635 and the medium authentication server 1 100 may be provided with at least one or more than one information to be included in the server medium authentication information 1, The additional information item and the additional information may be included in the server medium authentication information (1). The present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 2615 provided in the wireless terminal 120, (1) 100 hashash the server authentication information through a one-way hash function, and transmits the hashed server authentication information, at least one random number value (e.g., a random number value generated by the server) (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium verifier, and the generated server medium verifier and the server It is preferable to generate the server medium authentication information 1 including authentication information, at least one or more random number information, and the medium authentication server 1 (100) information, and the medium authentication server 1 ( 100) It is possible to further cut the hash-based media server validation.

For example, the media authentication server (1) 100 may include the server medium verifier (or the hashed server medium verifier), the server authentication information, at least one random number information, and the medium authentication server (1) And generate the server medium authentication information (1) by concatenation.

The server authentication information (1) may include at least one of the server authentication information, at least one random number information, and the media authentication server (1) (100) information in addition to the server authentication information It is possible to deduce a technical feature that the additional information item (e.g., a prime number) and the additional information are included in the server medium authentication information (1), and the present invention includes all the inferable information items do.

In addition, those skilled in the art will be able to deduce various methods of generating the server medium authentication information (1) based on the server authentication information, in addition to the above-described embodiments, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

When the server medium authentication information (1) is generated through any one of the above-described methods, the medium authentication server (1) (100) transmits the server medium authentication information (1) 120 with at least one encryption key for secure transmission.

When the server medium authentication information (1) is generated as described above, the medium authentication server (1) (100) transmits the server medium authentication information (1) to the wireless terminal (120) , The server authentication unit (1) 2650 receives server medium authentication information (1) from the medium authentication server (1) (100). When the server medium authentication information (1) , And decrypt the encrypted server medium authentication information (1) through at least one decryption key.

The server authentication unit (1) 2650 reads the server medium authentication information (1) and authenticates the server medium when the server medium authentication information (1) is received. The server medium authentication information It is preferable that the encrypted server medium authentication information (1) is decrypted through at least one decryption key when the encrypted server medium authentication information (1) is encrypted.

When the server authentication information is matched with the server authentication information stored in the memory unit 2625 (or the IC chip 2635 or the USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The server authentication unit 1 2650 receives the information of the medium authentication server 1 100 stored in the memory unit 2625 or the medium authentication information 2600 through the communication session information for receiving the server medium authentication information 1, (1) (100) information with the medium authentication server (1) (100) information included in the server medium authentication information (1) to verify the validity of the medium authentication server (1) And compares the server authentication information stored in the memory unit 2625 (or the IC chip 2635 or USIM) with the server authentication information included in the server medium authentication information 1 to authenticate the validity of the server medium .

If at least one of the server authentication information and the medium authentication server (1) 100 information is hashed in the server medium authentication information (1) by a one-way hash function and XOR operation is performed, The server authentication unit 1 2650 transmits the server authentication information provided in the memory unit 2625 (or the IC chip 2635 or the USIM 2635) to the medium authentication server 1 (100) Information of the server medium verifier and the server medium verifier in the same manner as the server medium verifier and then XORs the server medium verifier to generate a server medium verifier and compares the server medium verifier and the server medium verifier to verify the validity of the server medium And the like.

The server authentication information is authenticated by the user authentication IC chip 2635 storage information provided in the IC chip 2635 (or USIM) provided in the wireless terminal 120 according to another embodiment of the present invention, The server authentication unit 1 2650 transmits the information of the medium authentication server 1 100 stored in the memory unit 2625 or the server medium authentication information 1 (1) 100) information included in the server medium authentication information (1) by comparing the information of the medium authentication server (1) (100) identified by the communication session information for receiving the medium authentication server The server medium IC chip 2635 authentication information included in the server medium authentication information 1 is transmitted to the IC chip 2635 (or USIM) Server authentication IC chip (2635) storage information to authenticate the server medium IC chip (2635) authentication information, and the server medium IC When the chip 2635 authentication result information is returned, the authentication result information of the server medium IC chip 2635 is read and the validity of the server medium is authenticated.

If one or more pieces of information of the server medium IC chip 2635 authentication information and the medium authentication server (1) 100 information are hashed by the one-way hash function in the server medium authentication information (1) The server authentication unit 1 2650 transmits authentication information of the server medium IC chip 2635 provided in the storage medium and information of the medium authentication server 1 100 confirmed through the communication session The server medium verifier and the server medium authenticator, and verifies the validity of the server medium verifier by comparing the server medium verifier and the server medium authenticator It is preferable to further comprise

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 2615 provided in the wireless terminal 120, (1) 2650 stores the information of the media authentication server 1 (100) stored in the memory unit 2625 (or the media authentication server (1) (100) information with the medium authentication server (1) 100 information included in the server medium authentication information (1) to authenticate the validity of the medium authentication server (1) (Hash) a server authentication information stored in a storage medium provided in (or linked to) the media authentication server (1) 100 through a one-way hash function, and transmits the hashed server authentication information, at least one random number value A random number value included in the server medium authentication information (1)), Generates a server medium authenticator by performing at least one XOR operation on the server 1 (100) information (or the medium authentication server (1) 100 information hashed by the one-way hash function) And verifying the validity of the server medium by comparing the included server medium verifier with the generated server medium verifier.

Those skilled in the art will be able to deduce various methods of authenticating the server medium authentication information 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

When the server medium authentication information 1 is authenticated through any one of the above-described methods, the server authentication unit 1 (2650) transmits the server medium 1 authentication result (1) in cooperation with the radio processing unit 2640 Information to the media authentication server (1) (100).

When the server medium 1 authentication result information is received, the media authentication server (1) 100 generates (or extracts) a terminal medium authentication code corresponding to the authentication result of the server medium (1) The authentication processing unit 2 (2655) receives the terminal medium authentication code from the media authentication server (1) (100).

Then, the authentication processing unit 2 (2655) transmits the received terminal medium authentication code to the medium authentication server (2) 105 through a communication network.

According to the embodiment of the present invention, the authentication processing unit 2 (2655) generates the terminal medium authentication information through the user authentication information and transmits the same (or the same) to the media authentication server (1) (For example, concatenating the terminal medium authentication code with the unique information of the wireless terminal 120) or creating a terminal media verifier including the terminal medium authentication code and the unique information of the wireless terminal 120 The terminal authentication information may be transmitted to the media authentication server 2 105. If the terminal authentication information is generated by the terminal authentication method, The technical features of processing the code will be inferred, and a detailed description thereof will be omitted for the sake of convenience.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code N) generation information for generating the authentication code (N) to be transmitted to the wireless terminal 120, and transmits the authentication code (N) generation information to the wireless terminal 120. In response thereto, the receiving unit 2660 And receives the authentication code (N) generation information through the network.

At this time, if the program code N for generating the authentication code (N) is not provided to the wireless terminal 120 through the authentication code (N) generation information, the medium authentication server (2) (N) for generating the authentication code (N) through the authentication code (N) generation information to the wireless terminal (120) in response to the terminal medium authentication, The receiving unit 2660 further receives the program code N for generating the authentication code N through the wireless processing unit 2640 through the authentication code (N) generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code N to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code N to the wireless terminal 120. In response thereto, (N) via the network.

26, the wireless terminal 120 includes an authentication code generation unit 2665 that generates an authentication code (N) based on authentication code (N) generation information received through the reception unit 2660, And an output processor 2670 for outputting the generated authentication code N in association with the screen output unit 2605. [

If the authentication code generator 2665 is provided with the program code N for generating the authentication code N, the authentication code generating unit 2665 generates an authentication code N for generating the authentication code N through the receiver 2660 N) generation information is received, the authentication code generation unit 2665 generates an authentication code N of N digits using the received authentication code (N) generation information.

On the other hand, when the authentication code generator 2665 does not include the program code N for generating the authentication code N, the authentication code generating unit 2665 generates an authentication code (N) (N) generation information is received, the authentication code generation unit 2665 generates the authentication code (N) by using the received authentication code (N) generation information through the program code (N) It is preferable to generate the authentication code (N).

According to another embodiment of the present invention, when the authentication code N is directly received through the receiver 2660, the authentication code generator 2665 may omit generating the authentication code N, The present invention is not limited thereto.

Those skilled in the art will appreciate that the authentication code generation unit 2665 may generate the authentication code N using the authentication code (N) generation information (for example, , And a hash algorithm). Therefore, a detailed description thereof will be omitted for the sake of convenience.

When the N-digit authentication code N is generated, the output processor 2670 associates the combined N-digit authentication code N with the screen output unit 2605, And outputs it to a predetermined region of the image.

According to one embodiment of the present invention, the output processing unit 2670 outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in cooperation with the screen output unit 2605, To output the generated N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit 2670 outputs the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in association with the screen output unit 2605 And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 27 is a diagram showing a system configuration of a combination type disposable authentication code by medium authentication according to another embodiment of the present invention.

In more detail, FIG. 27 illustrates a wireless terminal 120 function configuration in which the combined disposable authentication code is implemented includes a wireless terminal 120 functional configuration shown in FIG. 26, (N > = 2) digits of the disposable authentication code are implemented so as to implement the disposable authentication codes of N (N &gt; = 2) in the present invention, and those skilled in the art will refer to FIG. 27 The present invention may be embodied in many different forms of implementation of the combined disposable authentication code implementation system configuration through the media authentication, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 27, the system for implementing a combination type disposable authentication code through the medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 26, a wireless terminal 120 connected to the wireless terminal 120, A media authentication server (1) (100) for performing a first terminal medium authentication for the wireless terminal (120) and transmitting a terminal medium authentication code to the wireless terminal (120) in response to the first medium authentication result (N) for generating a N-digit authentication code (N) to the wireless terminal (120) in response to the second medium authentication result, performing a second terminal media authentication for the wireless terminal And a media authentication server (2) (105) for generating the authentication code (N) of N digits and providing it to the wireless terminal (120).

In order to implement the combination type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 receives the terminal medium authentication code from the media authentication server (1) 100 as a result of the first terminal medium authentication, and transmits the received terminal medium authentication code to the media authentication server 2) &lt; / RTI &gt;

In addition, the wireless terminal 120 may generate an authentication code (N) for generating an authentication code (N) of N digits from the medium authentication server (2) 105 in response to the server medium authentication associated with the terminal medium authentication, And generating the authentication code (N) of N digits from the server through the received authentication code (N) generation information.

Alternatively, the wireless terminal 120 receives an N-digit authentication code (N) from the media authentication server (2) 105 in response to the server medium authentication associated with the terminal media authentication.

In FIG. 27, a technical feature of generating the N-digit authentication code (N) in the wireless terminal 120 will be described with reference to FIG. 14, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) 2740 for further storing the terminal medium authentication rule information through information. The storage medium (1) 2740 includes a server medium 1 Further storing the server authentication information (1) for generating the authentication information, or further associating and storing the authentication code generation rule information for generating the terminal medium authentication code.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, It is preferable that one or more of the terminal media authentication rules are stored in the storage medium (1) 2740 when the media authentication server (1) 100 implements the terminal media authentication rules in the form of a program code , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 2740, and thus the present invention is not limited thereto.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 2770 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code (N) generation information for generating an authentication code (N) in the wireless terminal (120) when authenticating the terminal medium, or the wireless terminal (120) generates authentication code And the authentication code generation rule information for generating the authentication code (N) to be transmitted to the terminal (120).

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) When the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 2770, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating authentication code (N) generation information for generating an authentication code (N) in the wireless terminal 120 or a rule for generating authentication code (N It is preferable that at least one rule for creating the authentication code generation rule is defined in the form of a program code in the media authentication server 2 105, The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, when the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information, the storage medium (2) 2770 includes user authentication information (not shown) 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (N) is not provided to the wireless terminal 120, the media authentication server 2 (105) (Or interlocking) program code D / B 2775 for classifying and storing program codes N for generating the authentication code N according to the platform of the wireless terminal 120 according to a program code (e.g., program analyzer, operating system, etc.) .

Those skilled in the art will recognize the technical features of the program code N for generating the authentication code N according to a plurality of wireless terminal 120 platforms, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 includes an interface unit 2700 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 2700 receives terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (N) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system), the interface unit 2700 transmits, And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 27, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An authentication information receiving unit 2705 for receiving the terminal medium authentication information in cooperation with the interface unit, a terminal authentication unit 2705 for reading the received terminal medium authentication information and authenticating a terminal medium corresponding to the wireless terminal 120, An authentication information generation unit (2715) for generating authentication information of a server medium (1) to be transmitted to the wireless terminal (120) upon authentication of the terminal medium; An authentication information transmitting unit 2720 for transmitting authentication information of the server medium 1 to the wireless terminal 120 and server medium authentication result information for the server medium 1 authentication information from the wireless terminal 120 An information receiving unit 2725 for receiving, An authentication code generation unit 2730 for generating a terminal medium authentication code when receiving the server medium authentication result information, and an authentication code generation unit 2730 for transmitting the generated terminal medium authentication code to the wireless terminal 120 in cooperation with the interface unit 2700 And an authentication code transmitting unit 2735 for transmitting the authentication code.

When the wireless terminal 120 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 2705 transmits the terminal medium authentication information to the wireless terminal 120, The authentication information receiving unit 2705 decrypts the encrypted terminal medium authentication information through the decryption key when the terminal medium authentication information is encrypted.

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authentication unit (1) 2710 checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, Authenticates the validity of the wireless terminal 120 and compares the authenticity of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication unit 1 (2710) (1) 2740 with the user authentication information stored in association with the unique information of the wireless terminal 120 and the user authentication information included in the terminal medium authentication information, And validates the validity.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1 ) 2710 transmits at least one of the user authentication information provided in the storage medium (1) 2740 and the unique information of the mobile terminal 120 confirmed through the communication session to the same method as the terminal media verifier And XORing the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 2710 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium 1 (2740) User authentication IC chip storage , Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or if the terminal medium IC chip authentication information is stored in the storage medium (1) 2740) And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit (1) 2710 transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 2740 and the unique information of the wireless terminal 120 confirmed through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication unit (1) 2710 transmits the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 2740 that is authenticated by the terminal authentication unit (1) 2710 and validated to the terminal 120 and stored in association with the unique information of the terminal 120 And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the authentication information generating unit 2715 generates the authentication information based on the server authentication information (1) stored in the storage medium (1) 2740, (Or extracts) server medium (1) authentication information for authenticating a medium corresponding to the medium authentication server (1) (100) at the terminal (120).

According to an embodiment of the present invention, the server authentication information 1 is preferably matched with server authentication information 1 stored in a memory unit (or IC chip or USIM) provided in the wireless terminal 120 And the server authentication information 1 may be stored in a server certificate included in the memory unit (or an IC chip or a USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information (1) is a server medium IC chip (1) authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal And authentication information.

According to another embodiment of the present invention, the server authentication information 1 may be matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120.

When the server authentication information 1 matches with the server authentication information 1 stored in the memory unit (or IC chip or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The authentication information generating unit 2715 generates the server medium 1 authentication information including the server authentication information 1 and the medium authentication server 1 information.

For example, the authentication information generation unit 2715 preferably generates the server medium (1) authentication information by concatenating the server authentication information (1) and the medium authentication server (1) (100) information.

Alternatively, the authentication information generating unit 2715 may have at least one of the server authentication information (1) and the media authentication server (1) (100) information hashed as a one-way hash function, and then XORed to generate a server media verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server authentication information (1), and the medium authentication server (1) (100) information.

(1) authentication information to be included in the server medium (1) authentication information in addition to the server authentication information (1) and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention. And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, the server authentication information (1) is authenticated by the user authentication IC chip storage information provided in the IC chip (or USIM) provided in the wireless terminal 120, The authentication information generating unit 2715 provides the server authentication information 1 from the wireless terminal 120 as the server authentication IC chip storage information provided in the IC chip (or USIM) (1) authentication information including the server medium IC chip authentication information and the medium authentication server (1) (100) information is generated in the form of server medium IC chip authentication information for processing to authenticate the server medium Do.

For example, the authentication information generating unit 2715 preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the medium authentication server (1) 100 information.

Alternatively, the authentication information generation unit 2715 may have at least one of the server medium IC chip authentication information and the medium authentication server (1) 100 information be hashed as a one-way hash function, and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server medium IC chip authentication information, and the medium authentication server (1) 100 information.

The server medium IC chip authentication information and at least one or more additional information items to be included in the server medium 1 authentication information other than the medium authentication server (1) 100 information, if the person skilled in the art is familiar with the present invention And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, when the server authentication information 1 is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, The hash unit 2715 hashes the server authentication information 1 through the one-way hash function and transmits the hashed server authentication information 1, at least one random number value (e.g., a random number value generated by the server) Generates a server media verifier by performing at least one XOR operation on the media authentication server (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) (1) authentication information including the server authentication information (1), at least one or more random number information, and the medium authentication server (1) (100) information, according to the intention of a person skilled in the art, The authentication information generating unit 271 5) is capable of further hashing the server media verifier.

For example, the authentication information generating unit 2715 may generate the authentication information including the server medium verifier (or the hashed server medium verifier), the server authentication information 1, at least one random number information, the medium authentication server 1 To generate the authentication information of the server medium (1).

(1) authentication information other than the server authentication information (1), at least one random number information, and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention It is possible to deduce at least one additional information item (for example, a prime number) and the additional information in the authentication information of the server medium 1, and the present invention can be applied to a case in which all the additional information items .

In addition, those skilled in the art will be able to deduce various methods of generating the server medium (1) authentication information based on the server authentication information (1), in addition to the above- And the present invention is characterized in that it includes all of the above-mentioned embodiments to be inferred.

When the server medium 1 authentication information is generated as described above, the authentication information transmitting unit 2720 transmits authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit Corresponding to the server medium (1), the wireless terminal (120) authenticates the server medium (1) authentication information and then authenticates the server medium (1) And transmits the result information.

The information receiving unit 2725 receives the server medium authentication result information for the server medium 1 authentication information from the wireless terminal 120 when the wireless terminal 120 authenticates the server medium, Upon receiving the server medium authentication result information, the authentication code generation unit 2730 generates (or extracts) the terminal medium authentication code using the authentication code generation rule information.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 2730, the authentication code transmission unit 2735 transmits the generated terminal medium authentication code in cooperation with the interface unit 2700 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

According to the present invention, the media authentication server (2) 105 comprises an interface unit 2745 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 2745 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (N) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system) And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 27, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 associates with the interface unit 2745, (2) 2755 for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal 120, (N) generation information for generating an authentication code (N) in the wireless terminal (120), or the authentication code (N) to be transmitted to the wireless terminal (120) And transmits the generated authentication code (N) generation information (or authentication code (N)) to the wireless terminal 120 in cooperation with the interface unit 2745. [ (2765).

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication code through the communication channel, the authentication code receiving unit 2750 transmits the terminal medium authentication code to the interface unit 2745 When the terminal medium authentication code is encrypted, the authentication code receiving unit 2750 decrypts the encrypted terminal medium authentication code through the decryption key. .

Then, the terminal medium authentication unit (2) 2755 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generation unit 2760 generates authentication code (N) generation information for generating an authentication code (N) from the wireless terminal 120 through the authentication code generation rule information Or extraction).

According to another embodiment of the present invention, the information generating unit 2760 generates (or extracts) the authentication code (N) generation information through the authentication code generation rule information, and generates the authentication code (N) to be transmitted to the wireless terminal (120).

When the authentication code (N) generation information is generated (or extracted) through the information generation unit 2760 according to an embodiment of the present invention, the transmission unit 2765 transmits the authentication code And transmits the generated authentication code (N) generation information to the wireless terminal 120. In response to the generated authentication code (N), the wireless terminal 120 transmits the authentication code (N) .

When the authentication code N is generated (or extracted) through the information generation unit 2760 according to another embodiment of the present invention, the transmission unit 2765 generates the authentication code N in association with the interface unit 2745, (N) to the wireless terminal (120).

If the program code N for generating the authentication code N is not provided to the wireless terminal 120 through the authentication code generation information, the transmission unit 2765 transmits the program code D / (N) for generating the authentication code (N) through the authentication code (N) generation information in conjunction with the B (2775).

FIGS. 28A and 28B are diagrams illustrating a medium authentication procedure for implementing a combined disposable authentication code according to another embodiment of the present invention.

In more detail, Figures 28a and 28b illustrate that when the wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented comprises the wireless terminal 120 functional configuration shown in Figure 26, (1) 100 on the combined disposable authentication code implementation system shown in FIG. 27, and performing a second medium authentication with the medium authentication server (2) 105 Those skilled in the art will be able to refer to and / or modify FIGS. 28a and 28b to illustrate various implementations of the medium authentication process for implementing the combined disposable authentication code However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIGS. 28A and 28B.

Hereinafter, in FIG. 28A and FIG. 28B, the medium authentication server (1) 100 on the combined disposable authentication code implementation system shown in FIG. 27 is referred to as "server 1" for convenience, the medium authentication server 2 Quot; server 2 "for the sake of convenience.

Referring to FIGS. 28A and 28B, the wireless terminal 120 checks whether a menu (or a key button) for implementing a combination type disposable authentication code through media authentication is input (2800), and if the combination disposable authentication code When a menu (or a key button) to be implemented is input 2805, the wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, Is input (2810).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is confirmed that the user authentication information is input (2815), the wireless terminal 120 uses the user authentication information to authenticate the terminal medium corresponding to the wireless terminal 120 in the server 1 Terminal medium authentication information is generated (2820).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated (2825), the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 through the communication channel (2830).

Then, the server 1 reads the terminal medium authentication information in association with the storage medium (1) 2740, and authenticates the terminal medium (2835).

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server on the communication network to authenticate the terminal medium for the wireless terminal 120, The server checks the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 and the wireless terminal 120 included in the terminal medium authentication information, (1) 2740 that is provided (or linked to) the server by comparing the unique information and verifying the validity of the wireless terminal 120, And authenticates the validity of the terminal medium by comparing the information with user authentication information included in the terminal medium authentication information.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and then the result of the XOR operation is included in the terminal media authentication information, (1) 2740 and the unique information of the wireless terminal 120 identified through the communication session in the same manner as the terminal medium verifier, and performs an XOR operation on the at least one or more information, Generating a media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and if the authentication information includes the at least one personal identification number (PIN) Authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information and stores the stored (or linked) The user authentication IC chip storage information provided in the IC chip (or USIM), or the user authentication IC chip storage information provided in the IC chip (or USIM), based on the user authentication information stored in association with the unique information of the wireless terminal 120, (Or the terminal medium IC chip authentication information is stored in the storage medium (1) 2740 through the same logic as the terminal authentication IC chip storage information ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR operation is performed on the terminal medium authentication information, The terminal medium IC chip authentication information included in the storage medium 1 (2740) and the unique information of the wireless terminal 120 confirmed through the communication session, is hashed in the same manner as the terminal medium verifier And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to a server on the communication network, The server verifies the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and transmits the unique information of the wireless terminal 120, which is included in the terminal medium authentication information, (1) 2740 compares the peculiar information of the wireless terminal 120 and verifies the validity of the wireless terminal 120, and stores the unique information of the wireless terminal 120 in the storage medium 1 The user authentication information stored in association with the user authentication information is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value (e.g., Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated (2840), the server 1 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (2845) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

When the terminal medium authentication information is authenticated 2840, the server 1 transmits the server medium from the wireless terminal 120 based on the server authentication information 1 stored in the storage medium 1 (2740) And generates server medium (1) authentication information for authentication (2850).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, The server authentication information is preferably stored in a server certificate included in the memory unit (or IC chip or USIM).

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 .

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through a key input unit provided in the wireless terminal 120. [

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) authentication information including information on the server (1) and the server (1).

For example, the server preferably generates the server medium (1) authentication information by concatenating the server authentication information and the server (1) information.

Alternatively, the server may generate a server media verifier by hashing at least one of the server authentication information and the server (1) information into a one-way hash function and performing an XOR operation on the server verifier, (1) authentication information by concatenating at least one piece of information of the server medium (1).

(1) authentication information and at least one additional information item to be included in the authentication information of the server medium (1) and the additional information in addition to the server authentication information and the server (1) information, (1) It is possible to deduce a technical feature to be included in the authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The server transmits the server authentication information to the server authentication IC chip storage information provided in the IC chip (or USIM) at the wireless terminal 120 to form a server medium IC chip authentication information , And generates the server medium (1) authentication information including the server medium IC chip authentication information and the server (1) information.

For example, the server preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the server (1) information.

Alternatively, the server hashes the server medium IC chip authentication information and the server 1 information with a one-way hash function, and then performs an XOR operation to generate a server medium verifier. The server medium verifier, the server medium IC It is preferable that at least one chip authentication information and server 1 information are concatenated to generate authentication information of the server medium 1.

The server medium 1 may include at least one additional information item to be included in the authentication information of the server medium 1 and the additional information in addition to the server medium IC chip authentication information and the server 1 information, It is possible to deduce a technical characteristic included in the authentication information of the server medium 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, (For example, a random number value generated by the server), the server 1 information (or the server 1 information (or the server 1 hashed by the one-way hash function) (1) information), and generates a server medium verifier, the server medium verifier including at least one server authentication information, at least one random number information, and server information (1) 1) it is desirable to generate authentication information, and it is possible for the server to further hash the server media verifier according to the intent of the person skilled in the art.

For example, the server generates server medium (1) authentication information by concatenating the server medium verifier (or hashed server medium verifier) with the server authentication information, at least one or more random number information, and server .

(1) authentication information other than the server authentication information, the at least one random number information, and the server (1) information, the at least one additional information item (for example, , A prime number) and the additional information are included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

In addition, those skilled in the art will be able to deduce various methods of generating the authentication information of the server medium 1 based on the server authentication information in addition to the above-described embodiment, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

If the server medium 1 authentication information is generated 2855, the server 1 transmits the server medium 1 authentication information to the wireless terminal 120 through a communication channel (2860) The wireless terminal 120 authenticates the server medium through the server medium 1 authentication information (2865).

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information and compares the server authentication information stored in the memory unit (or IC chip or USIM) with the server authentication information included in the server medium (1) authentication information, And verifies the validity of the server medium.

If the server medium verifier is included in the authentication information of the server medium 1, the wireless terminal 120 may have a hash function of at least one of the server authentication information and the server 1 information, Hashes at least one of the server authentication information provided in the memory unit (or the IC chip or the USIM) and the server 1 information confirmed through the communication session in the same manner as the server medium verifier Generating a server medium authenticator by performing an XOR operation on the server medium authenticator, and comparing the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The wireless terminal 120 transmits the server 1 information stored in the memory unit (or the server 1 information confirmed through the communication session information for receiving the server medium 1 authentication information) (1) information included in the authentication information of the medium (1) to authenticate the validity of the server (1), and transmits the server medium IC chip authentication information included in the server medium (Or USIM) to authenticate the server medium IC chip authentication information, and when the server medium IC chip authentication result information is returned, the server medium IC chip authentication result information is read To the server medium It characterized in that to authenticate the validity.

If one or more pieces of information of the server medium IC chip authentication information and the server (1) information are hashed as a one-way hash function and XOR is performed in the server medium (1) authentication information to include a server medium verifier, (120) transmits at least one or more pieces of server medium IC chip authentication information provided in the storage medium (1) (2740) and server (1) information confirmed through the communication session to the server medium verifier To generate a server medium authenticator, and to compare the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, the wireless terminal 120 (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information to authenticate the validity of the server 1, and transmits the server authentication information stored in the storage medium 1 (2740) provided in (or linked to) the server 1 via a one-way hash function Hashed by the hashed server authentication information, at least one random number value (e.g., a random number value included in the server medium (1) authentication information), the server 1 information At least one XOR server (1) And generating a server authentication medium, and by the server, the media (1) comparing an a media server verifier and the generated server authentication media comprises authentication information and wherein the authentication of the validity of the media server.

Those skilled in the art will be able to deduce various methods of authenticating the authentication information of the server medium 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

If the server medium is not authenticated (2870) through the authentication information of the server medium (1), the wireless terminal 120 generates server medium authentication error information and outputs it to the screen (2875) And ends the process of implementing the combination type disposable authentication code.

Meanwhile, if the server medium is authenticated (2870) through the authentication information of the server medium 1, the wireless terminal 120 transmits server medium authentication result information to the server 1 through the communication channel (2880) In response, the server 1 generates a terminal medium authentication code in association with the storage medium 1 (2740) and transmits it to the wireless terminal 120 through the communication channel (2885).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel (2890).

Thereafter, the server 2 reads the terminal medium authentication code in association with the storage medium 2 (2770) and performs a second authentication process on the terminal medium (2892).

If the terminal medium authentication code is not authenticated (2894), the server 2 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (2896) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

If the terminal medium authentication code is authenticated (2894), the server 2 generates an authentication code (N) for generating a combined disposable authentication code through the process shown in FIG. 29, FIG. 30, Information or an authentication code (N) to the wireless terminal (120).

FIG. 29 is a diagram showing a configuration of a completed disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.

More specifically, FIG. 29 is a diagram illustrating a media authentication server (FIG. 26) on the completed disposable authentication code implementation system shown in FIG. 27, from the wireless terminal 120 shown in FIG. 26 through the media authentication process shown in FIGS. 28a and 28b 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (N) generation information as the medium authentication result (N) is generated through the received authentication code (N) generation information and transmitted to the wireless terminal (120), thereby implementing an authentication code for an N-digit complete type call. Those skilled in the art will be able to refer to and / or modify Figure 29 to derive various implementations of the complete disposable authentication code implementation process through media authentication, Is made, including any exemplary method, to which the technical feature that is not limited to the exemplary method shown in the figure 29.

Hereinafter, in FIG. 29, the media authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 27 is referred to as a "server" for convenience.

Referring to FIG. 29, after media authentication is performed through the medium authentication process shown in FIGS. 28A and 28B, the server, in association with the storage medium 2 (2770) (N) generation information for generating an authentication code (N) in the terminal 120 (2900), and transmits the authentication code (N) generation information to the wireless terminal 120 via the communication channel The wireless terminal 120 receives the authentication code (N) generation information through the communication channel (2910), and transmits the authentication code (N) (N) (2915).

If the authentication code N is generated 2920, the wireless terminal 120 outputs the generated authentication code N on the screen of the wireless terminal 120 (2930) N is used for the one-time authentication process through the wireless terminal 120 or the one-time authentication process through at least one disposable authentication code input medium.

FIG. 30 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 30 is a flowchart illustrating a media authentication procedure performed by the wireless terminal 120 shown in FIG. 26 through the medium authentication process shown in FIGS. 28A and 28B, on the completed one- 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) (105) directly generates the authentication code (N) as the medium authentication result, (N) is generated through the received authentication code (N) generation information and is transmitted to the wireless terminal 120 to implement an authentication code for the complete N-digit call of N digits. Those skilled in the art will be able to refer to and / or modify this drawing 30 to deduce various implementations of the complete disposable authentication code implementation process through the medium authentication, Comprised, including the exemplary method, to which the technical feature that is not limited to the exemplary method shown in the figure 30.

Hereinafter, in FIG. 30, the media authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 27 is referred to as a "server" for convenience.

Referring to FIG. 30, after media authentication is performed through the media authentication process shown in FIGS. 28A and 28B, the server, in association with the storage medium 2 (2770) The terminal 120 generates (3000) authentication code (N) generation information for generating the authentication code (N), and generates the authentication code (N) through the generated authentication code (N) ).

If the authentication code N is generated 3010, the server transmits the authentication code N to the wireless terminal 120 through the communication channel 3015 and correspondingly transmits the authentication code N to the wireless terminal 120 Receives the authentication code N through the communication channel 3020 and outputs the received authentication code N on the screen of the wireless terminal 120 in step 3025. The authentication code N ) Is used for the one-time authentication process through the wireless terminal 120, or the one-time authentication process through the at least one disposable authentication code input medium.

FIG. 31 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

More specifically, FIG. 31 is a flowchart illustrating a media authentication process performed by the wireless terminal 120 shown in FIG. 26 through the media authentication process shown in FIGS. 28a and 28b, on the completed one- 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (N) generation information as the medium authentication result (N) to generate the authentication code (N) through the generated authentication code (N) generation information and the authentication code (N) generation information to the wireless terminal (120) The process for generating the authentication code N through the code (N) generation information to implement the authentication code for the N-digit full digit call, and it is understood that those skilled in the art will understand that And / or modifying the medium authentication It is to be understood that the invention is not limited to the embodiments shown in the drawings, but may be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. .

Hereinafter, in FIG. 31, the medium authentication server (2) 105 on the completion type disposable authentication code implementation system shown in FIG. 27 is referred to as "server" for convenience.

Referring to FIG. 31, after media authentication is performed through the medium authentication process shown in FIGS. 28A and 28B, the server, in association with the storage medium 2 (2770) The terminal 120 generates (3100) authentication code (N) generation information for generating an authentication code (N) and transmits the generated program code to the wireless terminal 120 in cooperation with the program code D / B 2775 (N), and transmits the authentication code (N) generation information and the program code (N) through the communication channel (3105).

The wireless terminal 120 receives the authentication code (N) generation information and the program code N through the communication channel (3110), and generates the authentication code (N) based on the program code (N) The authentication code N is generated through the generation information (3115).

If the authentication code N is generated 3120, the wireless terminal 120 outputs the generated authentication code N on the screen of the wireless terminal 120 (3125) N is used for the one-time authentication process through the wireless terminal 120 or the one-time authentication process through at least one disposable authentication code input medium.

FIG. 32 is a diagram illustrating a functional configuration of a wireless terminal 120 that implements a combined disposable authentication code through medium authentication according to another embodiment of the present invention.

FIG. 32 is a block diagram of a mobile communication terminal connected to a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (1) 100 according to a preferred embodiment of the present invention, and more particularly, to a preferred functional configuration of a terminal device implementing a combination type disposable authentication code through the medium authentication, (N > = 2) via the one-time authentication code generation information received from the medium authentication server (2) 105 as a result of the second medium authentication through the medium authentication server (2) FIG. 2 is a diagram showing an embodiment of implementing a combination type of one-time authentication code.

In the present invention, the combination type disposable authentication code of N (N> = 2) digits is referred to as a "combined disposable authentication code" or "authentication code (N)" for convenience.

Those skilled in the art will appreciate that other terminal devices (e.g., HSDPA (High-Speed Downlink Packet (HSDPA), etc.) implementing the combined disposable authentication code through media authentication A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, It is to be understood that the invention is not limited to the particular embodiments set forth and illustrated in the accompanying drawings.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna A battery 3220 and the like, and internally includes a predetermined modem chip (for example, a modem chip) including a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, A frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 32, the wireless terminal 120 implementing the combination type disposable authentication code through the medium authentication includes a controller 3200 corresponding to the modem chip, a screen output unit 3200 corresponding to an LCD (Liquid Crystal Display) A sound processing unit 3210 corresponding to the microphone / speaker, a key input unit 3215 corresponding to the keypad, a radio processing unit 3240 corresponding to the antenna and various RF modules, A memory unit 3225 and a battery 3220 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may include an IC chip 3235 (for example, a financial IC (hereinafter, referred to as a &quot; financial IC &quot; And an IC chip reader 3230 for reading / writing predetermined information (or data) to / from the IC chip 3235 .

The control unit 3200 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and receives a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory device (Or an integrated circuit) provided for the bus BUS for inputting and outputting program data, and a memory 3225 or a memory device (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine recorded on the recording medium of the terminal 120 may be stored in the control unit 3200 for convenience The program routine of the control unit 3200 basically includes an operating system routine (not shown) and at least one system management routine (e.g., a power management routine, a channel (forward / backward) (Not shown), and the control unit 3200 realizes a variety of functional configurations to be implemented in the wireless terminal 120. FIG.

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 3200), the wireless terminal (120) performs a predetermined boot procedure to load the system configuration detailed state, the pilot channel acquisition detailed state, the synchronization channel acquisition detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

(Not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the control unit 3200, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the combination type disposable authentication code through the medium authentication is such that the wireless terminal 120 can be started (i.e., started) through a predetermined key input in an operation mode corresponding to the " Or realized).

The screen output unit 3205 is a function configuration unit for screening operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. One or more And a driver for driving the screen output device. The control unit 3200 may output at least one key data input through the key input unit 3215, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to an embodiment of the present invention, the screen output unit 3205 includes a menu screen corresponding to a function of implementing the combination type disposable authentication code through the medium authentication, a function processing screen for implementing the combination type disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 3210 is a functional unit for processing input and output of sounds in each operation mode of the wireless terminal 120. The function processing unit 3210 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to an embodiment of the present invention, the sound processing unit 3210 may receive a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 3210 may be operable to reproduce at least one or more sound contents or multimedia contents provided in (or downloaded from) the wireless terminal 120 in at least one operation mode including the " It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 3215 may include a key input unit having at least one key button including a predetermined number key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 3200, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the control unit 3200, The control unit 3200 reads predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (e.g., corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (or managing) at least one key data to the key event) And reads a command for executing a predetermined function matched and defined.

According to the embodiment of the present invention, the key input unit 3215 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 3215 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call waiting state" among the operation modes of the wireless terminal 120, It is desirable to perform various functions provided in the terminal 120. [

According to an embodiment of the present invention, the key input unit 3215 preferably performs a function of key input means for inputting at least one key data corresponding to a function of implementing the combination type disposable authentication code through the medium authentication .

The radio processing unit 3240 is a functional unit for connecting a radio channel to a base station on a mobile communication network that operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (for example, a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode, or a Power Control in association with each operation mode of the wireless terminal 120 in cooperation with the control unit 3200, Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 3240 performs a radio frequency signal transmission / reception function (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the combination type disposable authentication code through the medium authentication. Amplification, filtering, and the like).

In particular, the radio processor 3240 may process the information or the signal transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement the combined disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 shown in FIG. 32 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processor 3240 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x-based wireless network, the wireless processing unit 3240 may be configured to include a wireless communication function configuration that implements a combined one- The present invention is not limited to this configuration, and may include a wireless communication function configuration for accessing the IEEE 802.16x-based wireless network and implementing the combined disposable authentication code through the media authentication.

The IC chip reader 3230 may include an IC chip 3235 mounted on or removed from the wireless terminal 120 through an IC chip 3235 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or a function of exchanging at least one piece of information (or data or command) with a financial IC chip 3235, USIM, or the like, (IC card reader) corresponding to the IEC 14443 standard, and the IC card reader is connected to the IC chip 3235 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the specification including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 3235 mounted or detached from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal Output interface (communication) with the IC chip reader unit 3230 through a contact point such as an input / output interface (CLK), a ground (GND), a programming power supply (VPP), or an input / A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating the internal resources of the IC card is stored in the IC chip reader 3230 through a power supply (VCC) contact point of the input / When the power is supplied, the COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 3235, and a clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And controls the exchange of information or data between the IC chip 3235 and the IC chip reader unit 3230 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 3235 storage information (for example, program code and data for IC chip 3235) for implementing a combination type disposable authentication code through medium authentication is stored in the memory of IC chip 3235 The storage information of the IC chip 3235 includes a storage unit (not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer's wireless terminal. And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) which includes an instruction call code for interacting with the instruction set of the COS and an execution code which is processed by the processor unit (Not shown) corresponding to the application is provided. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

In this case, the memory of the IC chip 3235 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a chip serial number (CSN) is stored, The IC chip 3235 storage information for the present invention includes the protection area and the COS control area. The storage area for the IC chip 3235 includes a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service And an element file (EF) including actual information or data. The IC chip 3235 storage information for the present invention also includes the above-described file structure.

According to the embodiment of the present invention, the IC chip 3235 may store the user authentication IC chip 3235 storage information or the terminal authentication IC chip 3235 storage information for authenticating the validity of the user of the wireless terminal 120 It is preferable that one or more of them are provided.

The user authentication IC chip 3235 storage information or the terminal authentication IC chip 3235 storage information may include user authentication information input through the key input unit 3215 to an IC chip 3235 authentication code It is preferable that the authentication result information of the terminal medium IC chip 3235 is returned after authenticating the user of the wireless terminal 120 (or the wireless terminal 120) A technical feature that the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated through the IC chip 3235 authentication code in the IC chip 3235, The technical feature of returning the authentication result information of the terminal medium IC chip 3235 corresponding to the authentication result of the user of the wireless terminal 120 (or the wireless terminal 120) is known, so a detailed description thereof will be omitted for the sake of brevity. .

The IC chip 3235 may store the server authentication IC chip 3235 storage information for authenticating the validity of the medium authentication server 1 100 or the medium authentication server 2 105, As shown in FIG.

The information on the server authentication IC chip 3235 is stored in the medium authentication server 1 100 through the server medium 1 IC chip 3235 authentication information received from the medium authentication server 1 (2) IC chip (3235) authentication information received from the medium authentication server (2) (105) or after returning authentication result information of the server medium (1) It is preferable to return the authentication result information of the server medium 2 IC chip 3235 after validating the validity of the medium authentication server 2 105 through the authentication server 200. In the technical field of the present invention, (1) 100 authentication information through the IC chip 3235 authentication information of the server medium 1 IC chip 3235 and the technical characteristic of authenticating the medium authentication server 1 A server medium 2 corresponding to the authentication result of the IC chip 3235 or a technical feature that returns authentication result information of the server medium 2 IC chip 3235, (2) the authentication result information of the server medium (2) IC chip (3235) corresponding to the authentication result of the medium authentication server (2) (105) The detailed description will be omitted for the sake of brevity.

Alternatively, the memory provided in the IC chip 3235 may store the server authentication information (1) or the server authentication information (2) in order to implement the combination type disposable authentication code through the medium authentication instead of the memory unit The server authentication information 1 or the server authentication information 2 may be provided on the IC chip 3235 in the form of a server certificate provided in the IC chip 3235. [

The memory unit 3225 includes a storage medium for storing at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

In addition, the memory unit 3225 may include a media authentication server (not shown) for the media authentication server (1) 100 that authenticates the terminal medium corresponding to the wireless terminal 120 to implement the combined disposable authentication code through the media authentication, (100) information (for example, address information of the medium authentication server (1) 100, unique information of the medium authentication server (1) 100) (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)).

Referring to FIG. 32, the wireless terminal 120 implementing the combined disposable authentication code through the media authentication includes an information input unit for receiving user authentication information through the key input unit 3215.

The information input unit outputs the user authentication information input interface in cooperation with the screen output unit 3205 to implement the combination type disposable authentication code through the medium authentication, And requests the user to input user authentication information for implementing the disposable authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 3215. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be transmitted to the wireless terminal 120 through the user authentication IC chip 3235 storage information or the terminal authentication IC chip 3235 storage information provided in the IC chip 3235 (or USIM) And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 32, when the server medium is authenticated and the terminal medium is authenticated to implement the combined disposable authentication code, the wireless terminal 120 transmits a media authentication server (1) 100, and receives server medium (1) authentication information corresponding to the medium authentication request information, and transmits the medium authentication request information to the server medium (1) a server authentication unit (1) 3245 for reading the authentication information and performing a first authentication of the server medium; and a server authentication unit (3245) for authenticating the server medium based on the user authentication information input through the information input unit And transmits the generated terminal medium authentication information to the media authentication server (1) (100) on the communication network in cooperation with the radio processor (3240) so that the medium corresponding to the radio terminal (120) (1) authentication result information corresponding to the server medium (1) authentication result information from the medium authentication server (1) (100) in cooperation with the radio processing section (3240) (2) 3255 for transmitting the received terminal medium authentication code to the media authentication server (2) 105 to process the medium corresponding to the wireless terminal 120 to be second authenticated, (N) generation information corresponding to the server medium (2) authentication result information from the medium authentication server (2) (105) in cooperation with the radio processor (3240) .

According to another embodiment of the present invention, when the wireless terminal 120 receives the terminal medium authentication code corresponding to the server medium (1) authentication result information from the media authentication server (1) 100, (2) (not shown) authenticates the server medium in a manner similar to (or equivalent to) the method of authenticating the server medium by the server authentication unit (1) 3245, and the authentication processing unit 2 The authentication processing unit 1 (3250) transmits the authentication information to the wireless terminal 120 through the terminal medium authentication code in a manner similar to (or equivalent to) the first authentication method of the medium corresponding to the wireless terminal 120, (1) 3250 and the server authentication unit (1) 3245, if it is possible to perform the first authentication for the medium corresponding to the authentication processing unit The authentication processing unit 2 (3255) and the server authentication unit 2 (not shown) A technical feature of authenticating the terminal medium and the server medium can be inferred. Therefore, a detailed description thereof will be omitted for the sake of simplicity.

The server authentication unit 1 3245 communicates with the media authentication server 1 on the communication network in cooperation with the wireless processing unit 3240 when the terminal authentication unit 310 authenticates the server medium and then realizes the combined disposable authentication code by authenticating the terminal medium. The media authentication server (1) (100) transmits the medium authentication request information to the media server (100), and the media authentication server (1) (100) (Or extracts) the server medium authentication information (1) for authenticating the medium corresponding to the authentication server (1) (100).

According to an embodiment of the present invention, the server authentication information is preferably matched with the server authentication information stored in the memory unit 3225 (or IC chip 3235 or USIM) provided in the wireless terminal 120 And the server authentication information is stored in the server certificate included in the memory unit 3225 (or the IC chip 3235 or the USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information is transmitted to a server (not shown) authenticated by the user authentication IC chip 3235 stored in the IC chip 3235 (or USIM) And the authentication information of the medium IC chip 3235.

According to another embodiment of the present invention, the server authentication information is preferably matched with information (for example, user authentication information) input through the key input unit 3215 provided in the wireless terminal 120. [

When the server authentication information is matched with the server authentication information stored in the memory unit 3225 (or the IC chip 3235 or the USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The media authentication server (1) (100) preferably generates the server medium authentication information (1) including the server authentication information and the medium authentication server (1) (100) information.

For example, the media authentication server (1) (100) preferably concatenates the server authentication information and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

Alternatively, the media authentication server (1) 100 may have at least one of the server authentication information and the medium authentication server (1) 100 information hashed as a one-way hash function, and then XORed to generate a server medium verifier , The server medium verifier, the server authentication information, and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

(1) 100, at least one additional information item to be included in the server medium authentication information (1) and at least one additional information item to be included in the server medium authentication information (1) It is possible to deduce a technical feature of including the information in the server medium authentication information 1, and the present invention is characterized in that it includes all the inferable information items.

The server authentication information is authenticated by the user authentication IC chip 3235 storage information provided in the IC chip 3235 (or USIM) provided in the wireless terminal 120 according to another embodiment of the present invention. When the IC chip 3235 (or USIM) includes authentication information, the media authentication server (1) 100 transmits the server authentication information to the server A server medium IC chip 3235 authentication information and a server medium IC chip 3235 authentication information provided to the medium authentication server 1 100 as authentication information IC chip 3235 storage information, It is preferable to generate the server medium authentication information (1) including information.

For example, the medium authentication server (1) 100 preferably generates the server medium authentication information (1) by concatenating the server medium IC chip 3235 authentication information and the medium authentication server (1) 100 information Do.

Alternatively, the media authentication server (1) 100 may have at least one or more pieces of information of the server medium IC chip 3235 authentication information and the medium authentication server (1) 100 information be hashed as a one-way hash function, And generates the server medium authentication information (1) by concatenating at least one or more pieces of information of the server medium verifier, the server medium IC chip (3235) authentication information, and the medium authentication server (1) .

The server medium IC chip 3235 authentication information and the medium authentication server 1 100 information may be stored in the server medium authentication information 1 in the server medium authentication information 1, The additional information item and the additional information may be included in the server medium authentication information (1). The present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 3215 provided in the wireless terminal 120, (1) 100 hashash the server authentication information through a one-way hash function, and transmits the hashed server authentication information, at least one random number value (e.g., a random number value generated by the server) (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium verifier, and the generated server medium verifier and the server It is preferable to generate the server medium authentication information 1 including authentication information, at least one or more random number information, and the medium authentication server 1 (100) information, and the medium authentication server 1 ( 100) It is possible to further cut the hash-based media server validation.

For example, the media authentication server (1) 100 may include the server medium verifier (or the hashed server medium verifier), the server authentication information, at least one random number information, and the medium authentication server (1) And generate the server medium authentication information (1) by concatenation.

The server authentication information (1) may include at least one of the server authentication information, at least one random number information, and the media authentication server (1) (100) information in addition to the server authentication information It is possible to deduce a technical feature that the additional information item (e.g., a prime number) and the additional information are included in the server medium authentication information (1), and the present invention includes all the inferable information items do.

In addition, those skilled in the art will be able to deduce various methods of generating the server medium authentication information (1) based on the server authentication information, in addition to the above-described embodiments, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

When the server medium authentication information (1) is generated through any one of the above-described methods, the medium authentication server (1) (100) transmits the server medium authentication information (1) 120 with at least one encryption key for secure transmission.

When the server medium authentication information (1) is generated as described above, the medium authentication server (1) (100) transmits the server medium authentication information (1) to the wireless terminal (120) The server authentication unit 1 3245 receives the server medium authentication information 1 from the medium authentication server 1 100. When the server medium authentication information 1 is encrypted , And decrypt the encrypted server medium authentication information (1) through at least one decryption key.

Wherein the server authentication unit (1) 3245 reads the server medium authentication information (1) and authenticates the server medium when the server medium authentication information (1) is received, (1) is encrypted, the encrypted server medium authentication information (1) is encrypted

When the server authentication information is matched with the server authentication information stored in the memory unit 3225 (or the IC chip 3235 or the USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The server authentication unit 1 3245 receives the information of the medium authentication server 1 (100) stored in the memory unit 3225 (or the medium authenticated by the communication session information for receiving the server medium authentication information (1) (1) (100) information with the medium authentication server (1) (100) information included in the server medium authentication information (1) to verify the validity of the medium authentication server (1) And compares the server authentication information stored in the memory unit 3225 (or the IC chip 3235 or USIM) with the server authentication information included in the server medium authentication information 1 to authenticate the validity of the server medium .

If at least one of the server authentication information and the medium authentication server (1) 100 information is hashed in the server medium authentication information (1) by a one-way hash function and XOR operation is performed, The server authentication unit 1 3245 verifies the server authentication information provided in the memory unit 3225 (or the IC chip 3235 or the USIM) with the medium authentication server (1) 100 confirmed through the communication session, Information of the server medium verifier and the server medium verifier in the same manner as the server medium verifier and then XORs the server medium verifier to generate a server medium verifier and compares the server medium verifier and the server medium verifier to verify the validity of the server medium And the like.

The server authentication information is authenticated by the user authentication IC chip 3235 storage information provided in the IC chip 3235 (or USIM) provided in the wireless terminal 120 according to another embodiment of the present invention. The server authentication unit 1 3245 transmits the information of the medium authentication server 1 100 stored in the memory unit 3225 or the server medium authentication information 1 (1) 100) information included in the server medium authentication information (1) by comparing the information of the medium authentication server (1) (100) identified by the communication session information for receiving the medium authentication server The server medium IC chip 3235 authenticates the validity of the server medium IC chip 3235 included in the server medium authentication information 1 and transmits the server medium IC chip 3235 authentication information included in the server medium authentication information 1 to the IC chip 3235 Server authentication IC chip (3235) storage information to authenticate the server medium IC chip (3235) authentication information, and the server medium IC When the chip 3235 authentication result information is returned, the server medium IC chip 3235 authentication result information is read and the validity of the server medium is authenticated.

If one or more pieces of information of the server medium IC chip 3235 authentication information and the medium authentication server (1) 100 information are hashed by the one-way hash function in the server medium authentication information (1) The server authentication unit 1 3245 transmits the authentication information of the server medium IC chip 3235 provided in the storage medium and the information of the medium authentication server 1 100 confirmed through the communication session The server medium verifier and the server medium authenticator, and verifies the validity of the server medium verifier by comparing the server medium verifier and the server medium authenticator It is preferable to further comprise

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 3215 provided in the wireless terminal 120, (1) 3245 receives the media authentication server 1 (100) information stored in the memory unit 3225 (or the media authentication server (1) (100) information with the medium authentication server (1) 100 information included in the server medium authentication information (1) to authenticate the validity of the medium authentication server (1) (Hash) a server authentication information stored in a storage medium provided in (or linked to) the media authentication server (1) 100 through a one-way hash function, and transmits the hashed server authentication information, at least one random number value A random number value included in the server medium authentication information (1)), Generates a server medium authenticator by performing at least one XOR operation on the server 1 (100) information (or the medium authentication server (1) 100 information hashed by the one-way hash function) And verifying the validity of the server medium by comparing the included server medium verifier with the generated server medium verifier.

Those skilled in the art will be able to deduce various methods of authenticating the server medium authentication information 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

When the server medium authentication information (1) is authenticated through any one of the above methods, the authentication processing unit (1) 3250 authenticates the terminal medium by the medium authentication server (1) 100 on the communication network And generates the terminal medium authentication information based on the user authentication information input through the information input unit for processing.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The authentication processing unit (1) 3250 generates the terminal medium authentication information including the user authentication information and the unique information of the wireless terminal 120. In this case,

For example, the authentication processing unit (1) 3250 preferably generates the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 3250 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the authenticator, the user authentication information, and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 3235 (or USIM) through the user authentication IC chip 3235 storage information or the terminal authentication IC chip 3235 storage information (1) 3250 includes at least one personal identification number (PIN) or password for authenticating the validity of the user of the wireless terminal 120, the authentication processing unit (1) The user authentication information is provided to the user authentication IC chip 3235 stored in the IC chip 3235 (or the USIM) or the terminal authentication IC chip 3235 storage information to be authenticated, When the IC chip 3235 (or the USIM) returns the authentication result information of the terminal medium IC chip 3235 through the user authentication information, the authentication result information of the terminal medium IC chip 3235 returned and the authentication result information of the wireless terminal 120 ) Terminal information including unique information It is preferred to generate the authentication information.

For example, the authentication processing unit (1) 3250 preferably generates the terminal medium authentication information by concatenating authentication result information of the terminal medium IC chip 3235 and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 3250 hashes at least one of the authentication result information of the terminal medium IC chip 3235 and the unique information of the wireless terminal 120 into a one-way hash function, performs XOR operation, And generates the terminal medium authentication information by concatenating at least one of the terminal medium verifier, the terminal medium IC chip 3235 authentication result information, and the wireless terminal 120 specific information.

The terminal medium IC chip 3235 may include at least one additional information item to be included in the terminal medium authentication information in addition to the authentication result information of the terminal medium IC chip 3235 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the authentication processing unit (1) 3250 hashashes the user authentication information through a one-way hash function, and transmits the hashed user authentication information, at least one random number value (For example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function), and generates a terminal media verifier The terminal medium authentication information including the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 , And the authentication processing unit (1) 3250 can further hash the terminal media verifier according to the intention of those skilled in the art.

For example, the authentication processor 1 (3250) concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, It is preferable to generate the medium authentication information.

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processing unit (1) 3250 transmits the terminal medium authentication information to the medium authentication server (1) 100 on the communication network securely (Or the IC chip 3235) with the encryption key included in the memory 3225 (or the IC chip 3235).

When the terminal medium authentication information is generated as described above, the authentication processing unit (1) 3250 associates the generated terminal medium authentication information with the wireless processing unit 3240 in the media authentication server (1) 100 on the communication network, The media authentication server (1) (100) authenticates the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 3235 (or USIM) through the user authentication IC chip 3235 storage information or the terminal authentication IC chip 3235 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And transmits the authentication information to the IC chip 3235 based on the user authentication information stored in association with the unique information of the wireless terminal 120 in a storage medium provided in (or linked to) the media authentication server (1) ) (Or USIM) The terminal medium IC chip 3235 authentication information is generated through the same logic as the user authentication IC chip 3235 storage information or the terminal authentication IC chip 3235 storage information And extracts the terminal medium IC chip 3235 authentication information included in the terminal medium IC chip 3235 authentication information and the terminal medium IC chip 3235 authentication information included in the terminal medium authentication information And verifies the validity of the terminal medium.

If at least one of the authentication result information of the terminal medium IC chip 3235 and the unique information of the wireless terminal 120 is hashed as a one-way hash function and the terminal media verifier is included in the terminal medium authentication information, The media authentication server (1) 100 transmits at least one of the authentication information of the terminal medium IC chip (3235) provided in the storage medium and the unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the medium authentication server (1) (100) generates (or extracts) a terminal medium authentication code corresponding to the terminal medium authentication result, And transmits the terminal authentication code to the wireless terminal (120) through a communication network. The authentication processing unit receives the terminal authentication code from the media authentication server (1) (100).

After that, the authentication processing unit transmits the received terminal medium authentication code to the medium authentication server (2) (105) through a communication network.

According to an embodiment of the present invention, the authentication processing unit generates terminal medium authentication information through the user authentication information and transmits the authentication information to the media authentication server (1) 100 through a similar (or the same) (For example, a terminal media verifier is concatenated with the terminal medium authentication code and the unique information of the wireless terminal 120, or a terminal media verifier including the terminal medium authentication code and the unique information of the wireless terminal 120) (2) 105, and if it is a person having ordinary skill in the art to which the present invention pertains, it is possible to transmit the terminal medium authentication code through a method of generating the terminal medium authentication information, The detailed description thereof will be omitted for the sake of simplicity.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code (Or extracting) authentication code N generation information for generating the authentication code N from the wireless terminal 120 and transmitting the generated authentication code N to the wireless terminal 120. In response to this, And receives the authentication code (N) generation information through the network.

At this time, if the program code N for generating the authentication code (N) is not provided to the wireless terminal 120 through the authentication code (N) generation information, the medium authentication server (2) (N) for generating the authentication code (N) through the authentication code (N) generation information to the wireless terminal (120) in response to the terminal medium authentication, And the receiving unit 3260 further receives the program code N for generating the authentication code N through the wireless processing unit 3240 through the authentication code (N) generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code N to be included in combination with the authentication code N of the wireless terminal 3260 and transmits the authentication code N to the wireless terminal 120. In response to the authentication code N, (N) via the network.

Referring to FIG. 32, the wireless terminal 120 includes an authentication code generation unit 3265 that generates an authentication code (N) through authentication code (N) generation information received through the reception unit 3260 .

If the program code N for generating the authentication code N is provided to the authentication code generation unit 3265, the authentication code N for generating the authentication code N through the reception unit 3260 N) generation information is received, the authentication code generation unit 3256 generates an authentication code N of N digits using the received authentication code (N) generation information.

On the other hand, when the program code N for generating the authentication code N is not provided to the authentication code generation unit 3265, the authentication code generation unit 3265 generates an authentication code (N) (N) generation information is received, the authentication code generation unit 3265 generates an authentication code (N) by using the received authentication code (N) generation information through the program code (N) It is preferable to generate the authentication code (N).

According to another embodiment of the present invention, when the authentication code N is directly received through the receiver 3260, the authentication code generator 3265 may omit generating the authentication code N, The present invention is not limited thereto.

Those skilled in the art will appreciate that the authentication code generation unit 3265 may generate a technical feature (e.g., an authentication code) for generating an authentication code N of N digits using the authentication code , And a hash algorithm). Therefore, a detailed description thereof will be omitted for the sake of convenience.

32, the wireless terminal 120 includes an authentication code generation unit 3265 that generates an authentication code (N) based on authentication code (N) generation information received through the reception unit 3260, And an output processor 3270 for outputting the generated authentication code N in association with the screen output unit 3205.

If the program code N for generating the authentication code N is provided to the authentication code generation unit 3265, the authentication code N for generating the authentication code N through the reception unit 3260 N) generation information is received, the authentication code generation unit 3256 generates an authentication code N of N digits using the received authentication code (N) generation information.

On the other hand, when the program code N for generating the authentication code N is not provided to the authentication code generation unit 3265, the authentication code generation unit 3265 generates an authentication code (N) (N) generation information is received, the authentication code generation unit 3265 generates an authentication code (N) by using the received authentication code (N) generation information through the program code (N) It is preferable to generate the authentication code (N).

According to another embodiment of the present invention, when the authentication code N is directly received through the receiver 3260, the authentication code generator 3265 may omit generating the authentication code N, The present invention is not limited thereto.

Those skilled in the art will appreciate that the authentication code generation unit 3265 may generate a technical feature (e.g., an authentication code) for generating an authentication code N of N digits using the authentication code , And a hash algorithm). Therefore, a detailed description thereof will be omitted for the sake of convenience.

When the N-digit authentication code N is generated, the output processor 3270 associates the combined N-digit authentication code N with the screen output unit 3205, And outputs it to a predetermined region of the image.

According to one embodiment of the present invention, the output processing unit 3270 outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in association with the screen output unit 3205, To output the generated N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit 3270 outputs the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in association with the screen output unit 3205 And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 33 is a diagram illustrating a system configuration of a combined disposable authentication code by medium authentication according to another embodiment of the present invention.

In more detail, FIG. 33 illustrates a wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes a wireless terminal 120 functional configuration shown in FIG. 32, (N > = 2) digits of the disposable authentication code are implemented to be implemented in the present invention, and those skilled in the art will be able to refer to FIG. 33 The present invention may be embodied in many other forms of implementation of the combined disposable authentication code implementation system configuration through the media authentication, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 33, the system for implementing a combination type disposable authentication code through the medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 32, a wireless terminal 120 connected to the wireless terminal 120, A media authentication server (1) (100) for performing a first terminal medium authentication for the wireless terminal (120) and transmitting a terminal medium authentication code to the wireless terminal (120) in response to the first medium authentication result (N) for generating a N-digit authentication code (N) to the wireless terminal (120) in response to the second medium authentication result, performing a second terminal media authentication for the wireless terminal And a media authentication server (2) (105) for generating the authentication code (N) of N digits and providing it to the wireless terminal (120).

In order to implement the combination type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 receives the terminal medium authentication code from the media authentication server (1) 100 as a result of the first terminal medium authentication, and transmits the received terminal medium authentication code to the media authentication server 2) &lt; / RTI &gt;

The wireless terminal 120 may generate authentication code (N) generation information for generating an authentication code (N) of N digits from the media authentication server (2) 105 as a result of the terminal medium authentication after the server medium authentication, And a function of generating an N-digit authentication code (N) from the server through the received authentication code (N) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (N) of N digits from the medium authentication server (2) 105 as a result of terminal medium authentication after authentication of the server medium.

Referring to FIG. 33, a technical feature of generating the N-digit authentication code (N) in the wireless terminal 120 will be described with reference to FIG. 32, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) 3340 for further storing the terminal medium authentication rule information through information. The storage medium (1) 3340 includes a server medium 1, (1) (1) for generating the authentication information, or further associates and stores the authentication code generation rule information for generating the terminal medium authentication code.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, It is preferable that one or more of the terminal authentication rules are stored in the storage medium (1) 3340 when the terminal authentication rule is implemented in the form of a program code in the media authentication server (1) 100 , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 3340, and thus the present invention is not limited thereto.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 3370 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code (N) generation information for generating an authentication code (N) at the wireless terminal (120) when the terminal medium is authenticated, or the storage medium (2) And the authentication code generation rule information for generating the authentication code (N) to be transmitted to the terminal (120).

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) In the case where the terminal medium authentication rule is implemented in the form of program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 3370, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating authentication code (N) generation information for generating an authentication code (N) in the wireless terminal 120 or a rule for generating authentication code (N It is preferable that at least one rule for generating the authentication code generation rule is defined in the form of a program code in the medium authentication server 2 105. The storage medium 2 3370 The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, when the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information, the storage medium (2) 3370 includes user authentication information (not shown) 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (N) is not provided to the wireless terminal 120, the media authentication server 2 (105) (Or interlocking) program code D / B 3375 for classifying and storing program codes N for generating the authentication code N according to the platform of the wireless terminal 120 according to a program code, a program analyzer, an operating system, .

Those skilled in the art will recognize the technical features of the program code N for generating the authentication code N according to a plurality of wireless terminal 120 platforms, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 includes an interface unit 3300 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 3300 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (N) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system) And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system), the interface unit 3300 A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 33, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An information receiving unit 3305 for receiving media authentication request information from the wireless terminal 120 in association with the interface unit when the media authentication request information is received; An authentication information transmitting unit 3315 for transmitting the authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit, An authentication information receiving unit 3320 for receiving the terminal medium authentication information in association with the terminal medium authentication unit 3320 for reading the terminal medium authentication information and for authenticating the terminal medium corresponding to the wireless terminal 120 ) 3325 An authentication code generation unit 3330 for generating a terminal medium authentication code when the terminal medium is authenticated, and an authentication code generation unit 3330 for transmitting the generated terminal medium authentication code to the wireless terminal 120 in cooperation with the interface unit 3300 And an authentication code transmitting unit 3335. [

According to an embodiment of the present invention, the server authentication information 1 is preferably matched with server authentication information 1 stored in a memory unit (or IC chip or USIM) provided in the wireless terminal 120 And the server authentication information 1 may be stored in a server certificate included in the memory unit (or an IC chip or a USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information (1) is a server medium IC chip (1) authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal And authentication information.

According to another embodiment of the present invention, the server authentication information 1 may be matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120.

When the server authentication information 1 matches with the server authentication information 1 stored in the memory unit (or IC chip or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The authentication information generating unit 3310 generates the server medium 1 authentication information including the server authentication information 1 and the medium authentication server 1 information.

For example, the authentication information generation unit 3310 preferably generates the server medium (1) authentication information by concatenating the server authentication information (1) and the medium authentication server (1) (100) information.

Alternatively, the authentication information generating unit 3310 may have at least one of the server authentication information (1) and the medium authentication server (1) 100 information hashed as a one-way hash function, and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server authentication information (1), and the medium authentication server (1) (100) information.

(1) authentication information to be included in the server medium (1) authentication information in addition to the server authentication information (1) and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention. And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, the server authentication information (1) is authenticated by the user authentication IC chip storage information provided in the IC chip (or USIM) provided in the wireless terminal 120, The authentication information generator 3310 provides the server authentication information (1) from the wireless terminal 120 as the server authentication IC chip storage information provided in the IC chip (or USIM) (1) authentication information including the server medium IC chip authentication information and the medium authentication server (1) (100) information is generated in the form of server medium IC chip authentication information for processing to authenticate the server medium Do.

For example, the authentication information generation unit 3310 preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the medium authentication server (1) 100 information.

Alternatively, the authentication information generating unit 3310 may have at least one of the server medium IC chip authentication information and the medium authentication server (1) 100 information is hashed as a one-way hash function and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server medium IC chip authentication information, and the medium authentication server (1) 100 information.

The server medium IC chip authentication information and at least one or more additional information items to be included in the server medium 1 authentication information other than the medium authentication server (1) 100 information, if the person skilled in the art is familiar with the present invention And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, when the server authentication information 1 is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, The hash unit 3310 hashes the server authentication information 1 through the one-way hash function and transmits the hashed server authentication information 1, at least one random number value (e.g., a random number value generated by the server) Generates a server media verifier by performing at least one XOR operation on the media authentication server (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) (1) authentication information including the server authentication information (1), at least one or more random number information, and the medium authentication server (1) (100) information, according to the intention of a person skilled in the art, The authentication information generating unit 331 0) is capable of further hashing the server media verifier.

For example, the authentication information generating unit 3310 may generate the authentication information including the server medium verifier (or the hashed server medium verifier), the server authentication information 1, at least one random number information, the medium authentication server 1 To generate the authentication information of the server medium (1).

(1) authentication information other than the server authentication information (1), at least one random number information, and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention It is possible to deduce at least one additional information item (for example, a prime number) and the additional information in the authentication information of the server medium 1, and the present invention can be applied to a case in which all the additional information items .

In addition, those skilled in the art will be able to deduce various methods of generating the server medium (1) authentication information based on the server authentication information (1), in addition to the above- And the present invention is characterized in that it includes all of the above-mentioned embodiments to be inferred.

When the server medium 1 authentication information is generated as described above, the authentication information transmitting unit 3315 transmits authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit In response to the request, the wireless terminal 120 authenticates the server medium 1 authentication information, and upon authentication of the server medium 1 authentication information, generates the terminal medium authentication information to be transmitted to the medium authentication server .

When the wireless terminal 120 generates the terminal medium authentication information for the terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 3320 transmits the terminal medium authentication information to the wireless terminal 120, When the terminal medium authentication information is encrypted, the authentication information receiving unit 3320 decrypts the encrypted terminal medium authentication information through the decryption key.

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authentication unit (1) 3325 checks the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, Authenticates the validity of the wireless terminal 120 and compares the authenticity of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information (1) 3340 in which the user authentication information stored in association with the unique information of the wireless terminal 120 is compared with the user authentication information included in the terminal media authentication information, And validates the validity.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1 ) 3325 transmits at least one of the user authentication information provided in the storage medium (1) 3340 and the unique information of the mobile terminal 120 confirmed through the communication session to the same method as the terminal media verifier And XORing the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 3325 confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium 1 (3340) User authentication IC chip storage Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or, if the terminal medium IC chip authentication information is stored in the storage medium (1) 3340), the terminal medium IC chip authentication information And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit (1) 3325 transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 3340 and the unique information of the wireless terminal 120 confirmed through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication unit (1) 3325 transmits the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 3340 stored in the terminal medium authenticating unit (1) 3325 and stored in association with the unique information of the wireless terminal 120, And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above-described methods, the authentication code generation unit 3330 generates (or extracts) the terminal medium authentication code through the authentication code generation rule information do.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 3330, the authentication code transmission unit 3335 transmits the generated terminal medium authentication code in cooperation with the interface unit 3300 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

According to the present invention, the media authentication server (2) 105 includes an interface unit 3345 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 3345 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (N) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system), the interface unit 3345 transmits, And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system), the interface unit 3345 A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 33, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 transmits the terminal authentication code to the terminal An authentication code receiving unit 3350 for receiving the medium authentication code, a terminal medium authentication unit (2) 3355 for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal 120, (N) generation information for generating an authentication code (N) in the wireless terminal (120), or the authentication code (N) to be transmitted to the wireless terminal (120) (N) generation information (or authentication code (N)) to the wireless terminal 120 in cooperation with the interface unit 3345, (3365).

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the generated terminal medium authentication code over the communication channel, the authentication code receiving unit 3350 transmits the terminal medium authentication code to the interface unit 3345 When the terminal medium authentication code is encrypted, the authentication code receiving unit 3350 preferably decrypts the encrypted terminal medium authentication code through the decryption key. .

Then, the terminal medium authentication unit (2) 3355 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generator 3360 generates authentication code (N) generation information for generating an authentication code (N) from the wireless terminal 120 through the authentication code generation rule information Or extraction).

According to another embodiment of the present invention, the information generating unit 3360 generates (or extracts) the authentication code (N) generation information through the authentication code generation rule information, and generates the authentication code (N) to be transmitted to the wireless terminal (120).

When the authentication code (N) generation information is generated (or extracted) through the information generation unit 3360 according to an embodiment of the present invention, the transmission unit 3365 transmits the authentication code And transmits the generated authentication code (N) generation information to the wireless terminal 120. In response to the generated authentication code (N), the wireless terminal 120 transmits the authentication code (N) .

When the authentication code N is generated (or extracted) through the information generation unit 3360 according to another embodiment of the present invention, the transmission unit 3365 generates the authentication code N in association with the interface unit 3345, (N) to the wireless terminal (120).

If the program code N for generating the authentication code N is not provided to the wireless terminal 120 through the authentication code generation information, the transmission unit 3365 transmits the program code D / (N) for generating the authentication code (N) through the authentication code (N) generation information in association with the authentication code (B) 3375 of the wireless terminal (120).

FIGS. 34A and 34B illustrate a medium authentication process for implementing a combined disposable authentication code according to another embodiment of the present invention.

In more detail, FIGS. 34a and 34b illustrate that when the wireless terminal 120 functional configuration in which the combined disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 32, the wireless terminal 120 (1) 100 on the combined disposable authentication code implementing system shown in FIG. 33, and performing a second medium authentication with the medium authentication server (2) 105 Those skilled in the art will be able to refer to and / or modify the drawings 34a and 34b to derive various implementations of the media authentication process for implementing the combined disposable authentication code However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited to those of the embodiments shown in FIGS. 34A and 34B.

Hereinafter, in FIG. 34A and FIG. 34B, the medium authentication server (1) 100 on the combined disposable authentication code implementation system shown in FIG. 33 is referred to as "server 1" for convenience, the medium authentication server 2 Quot; server 2 "for the sake of convenience.

Referring to FIGS. 34A and 34B, the wireless terminal 120 checks whether a menu (or a key button) for implementing a combination type disposable authentication code through media authentication is input (3400), and if the combination disposable authentication code When a menu (or a key button) for implementing the wireless terminal 120 is input 3405, the wireless terminal 120 connects a communication channel with the server 1 and transmits the medium authentication request information to the server 1 (3410 ).

Thereafter, the server 1 transmits a request for authenticating the server medium from the wireless terminal 120 based on the server authentication information (1) stored in the storage medium (1) 3340 in response to the medium authentication request information The server medium 1 authentication information is generated (3415).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, The server authentication information is preferably stored in a server certificate included in the memory unit (or IC chip or USIM).

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 .

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through a key input unit provided in the wireless terminal 120. [

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) authentication information including information on the server (1) and the server (1).

For example, the server preferably generates the server medium (1) authentication information by concatenating the server authentication information and the server (1) information.

Alternatively, the server may generate a server media verifier by hashing at least one of the server authentication information and the server (1) information into a one-way hash function and performing an XOR operation on the server verifier, (1) authentication information by concatenating at least one piece of information of the server medium (1).

(1) authentication information and at least one additional information item to be included in the authentication information of the server medium (1) and the additional information in addition to the server authentication information and the server (1) information, (1) It is possible to deduce a technical feature to be included in the authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The server transmits the server authentication information to the server authentication IC chip storage information provided in the IC chip (or USIM) at the wireless terminal 120 to form a server medium IC chip authentication information , And generates the server medium (1) authentication information including the server medium IC chip authentication information and the server (1) information.

For example, the server preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the server (1) information.

Alternatively, the server hashes the server medium IC chip authentication information and the server 1 information with a one-way hash function, and then performs an XOR operation to generate a server medium verifier. The server medium verifier, the server medium IC It is preferable that at least one chip authentication information and server 1 information are concatenated to generate authentication information of the server medium 1.

The server medium 1 may include at least one additional information item to be included in the authentication information of the server medium 1 and the additional information in addition to the server medium IC chip authentication information and the server 1 information, It is possible to deduce a technical characteristic included in the authentication information of the server medium 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, (For example, a random number value generated by the server), the server 1 information (or the server 1 information (or the server 1 hashed by the one-way hash function) (1) information), and generates a server medium verifier, the server medium verifier including at least one server authentication information, at least one random number information, and server information (1) 1) it is desirable to generate authentication information, and it is possible for the server to further hash the server media verifier according to the intent of the person skilled in the art.

For example, the server generates server medium (1) authentication information by concatenating the server medium verifier (or hashed server medium verifier) with the server authentication information, at least one or more random number information, and server .

(1) authentication information other than the server authentication information, the at least one random number information, and the server (1) information, the at least one additional information item (for example, , A prime number) and the additional information are included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

In addition, those skilled in the art will be able to deduce various methods of generating the authentication information of the server medium 1 based on the server authentication information in addition to the above-described embodiment, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

If the server medium 1 authentication information is generated 3420, the server 1 transmits the server medium 1 authentication information to the wireless terminal 120 through the communication channel 3425, The wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, and checks whether the user authentication information is input through the interface (3430).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is determined that the user authentication information is input (3435), the wireless terminal 120 authenticates the server medium through the server medium (1) authentication information based on the user authentication information (3440).

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information and compares the server authentication information stored in the memory unit (or IC chip or USIM) with the server authentication information included in the server medium (1) authentication information, And verifies the validity of the server medium.

If the server medium verifier is included in the authentication information of the server medium 1, the wireless terminal 120 may have a hash function of at least one of the server authentication information and the server 1 information, Hashes at least one of the server authentication information provided in the memory unit (or the IC chip or the USIM) and the server 1 information confirmed through the communication session in the same manner as the server medium verifier Generating a server medium authenticator by performing an XOR operation on the server medium authenticator, and comparing the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The wireless terminal 120 transmits the server 1 information stored in the memory unit (or the server 1 information confirmed through the communication session information for receiving the server medium 1 authentication information) (1) information included in the authentication information of the medium (1) to authenticate the validity of the server (1), and transmits the server medium IC chip authentication information included in the server medium (Or USIM) to authenticate the server medium IC chip authentication information, and when the server medium IC chip authentication result information is returned, the server medium IC chip authentication result information is read To the server medium It characterized in that to authenticate the validity.

If one or more pieces of information of the server medium IC chip authentication information and the server (1) information are hashed as a one-way hash function and XOR is performed in the server medium (1) authentication information to include a server medium verifier, (120) transmits at least one or more pieces of server medium IC chip authentication information provided in the storage medium (1) (3340) and server (1) information confirmed through the communication session to the server medium verifier To generate a server medium authenticator, and to compare the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, the wireless terminal 120 (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information to authenticate the validity of the server 1, and transmits the server authentication information stored in the storage medium (1) 3340 provided to (or linked to) the server 1 through a one- Hashed by the hashed server authentication information, at least one random number value (e.g., a random number value included in the server medium (1) authentication information), the server 1 information At least one XOR server (1) And generating a server authentication medium, and by the server, the media (1) comparing an a media server verifier and the generated server authentication media comprises authentication information and wherein the authentication of the validity of the media server.

Those skilled in the art will be able to deduce various methods of authenticating the authentication information of the server medium 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

If the server medium is not authenticated (3445) through the authentication information of the server medium (1), the wireless terminal 120 generates server medium authentication error information and outputs it to the screen (3450) And ends the process of implementing the combination type disposable authentication code.

If the server medium is authenticated (3445) through the authentication information of the server medium 1, the wireless terminal 120 transmits the authentication information corresponding to the wireless terminal 120 in the server 1 using the user authentication information Terminal medium authentication information for authenticating the terminal medium is generated (3455).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated (3460), the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 via the communication channel (3465).

Then, the server 1 reads the terminal medium authentication information in association with the storage medium 1 (3340) and authenticates the terminal medium (3470).

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server on the communication network to authenticate the terminal medium for the wireless terminal 120, The server checks the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 and the wireless terminal 120 included in the terminal medium authentication information, (1) 3340 compares the unique information with the authentication information and authenticates the validity of the wireless terminal 120, and stores in the storage medium 1 (3340) And authenticates the validity of the terminal medium by comparing the information with user authentication information included in the terminal medium authentication information.

If the terminal media verifier is included in the terminal media authentication information, the server hashes the at least one of the user authentication information and the unique information of the wireless terminal 120 into the one-way hash function and XORs the terminal authentication information, 1) 3340 and the unique information of the wireless terminal 120 identified through the communication session, in the same manner as the terminal media verifier, and performs an XOR operation on the at least one information, Generating an authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and if the authentication information includes the at least one personal identification number (PIN) Authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information and stores the stored (or linked) The user authentication IC chip storage information provided in the IC chip (or USIM) or the user authentication IC chip storage information provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120, (Or storing the terminal medium IC chip authentication information when the terminal medium IC chip authentication information is stored in the storage medium (1) 3340) via the same logic as the terminal authentication IC chip storage information ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR operation is performed on the terminal medium authentication information, 3340, and the unique information of the wireless terminal 120 that is confirmed through the communication session, in the same manner as the terminal media verifier, And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to a server on the communication network, The server verifies the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and transmits the unique information of the wireless terminal 120, which is included in the terminal medium authentication information, (1) 3340 compares the peculiar information of the wireless terminal 120 and verifies the validity of the wireless terminal 120, and stores the unique information of the wireless terminal 120 in the storage medium 1 (3340) The user authentication information stored in association with the user authentication information is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value (e.g., Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal media authentication information is not authenticated (3475), the server 1 generates terminal media authentication error information and transmits it to the wireless terminal 120 through the communication channel (3480) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

When the terminal medium authentication information is authenticated (3475), the server 1 generates a terminal medium authentication code in association with the storage medium (1) 3340 and transmits it to the wireless terminal 120 through the communication channel (3485).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel (3490).

Thereafter, the server 2 reads the terminal medium authentication code in conjunction with the storage medium (2) 3370 and performs a second authentication process on the terminal medium (3492).

If the terminal medium authentication code is not authenticated (3494), the server 2 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (3496) The wireless terminal 120 ends the process of implementing the combination type disposable authentication code through the medium authentication.

Meanwhile, if the terminal medium authentication code is authenticated (3494), the server 2 generates authentication code (N) generation information for generating a combined disposable authentication code through the process shown in FIG. 35, FIG. 36, And generates and transmits an authentication code (N) to the wireless terminal (120).

FIG. 35 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 35 is a flowchart illustrating a media authentication process performed by the wireless terminal 120 shown in FIG. 32 through the media authentication process shown in FIGS. 34a and 34b, on the completed one- 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (N) generation information as the medium authentication result (N) is generated through the received authentication code (N) generation information and transmitted to the wireless terminal (120), thereby implementing an authentication code for an N-digit complete type call. Those skilled in the art will be able to refer to and / or modify Figure 35 to derive various implementations of the complete disposable authentication code implementation process through media authentication, Is made, including any exemplary method, to which the technical feature that is not limited to the exemplary method shown in the figure 35.

Hereinafter, in FIG. 35, the media authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 33 is referred to as a "server" for convenience.

Referring to FIG. 35, after media authentication is performed through the medium authentication process shown in FIGS. 34A and 34B, the server, in association with the storage medium 2 (3370) (N) generation information for generating an authentication code (N) in the terminal 120 (3500), and transmits the authentication code (N) generation information to the wireless terminal 120 via the communication channel The wireless terminal 120 receives the authentication code (N) generation information through the communication channel (3510) in response to the authentication code (3505) (N) (3515).

If the authentication code N is generated 3520, the wireless terminal 120 outputs the generated authentication code N on the screen of the wireless terminal 120 (3530) N is used for the one-time authentication process through the wireless terminal 120 or the one-time authentication process through at least one disposable authentication code input medium.

FIG. 36 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 36 is a flowchart illustrating a media authentication process performed by the wireless terminal 120 shown in FIG. 32 through the medium authentication process shown in FIGS. 34a and 34b, on the completed one- 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) (105) directly generates the authentication code (N) as the medium authentication result, (N) is generated through the received authentication code (N) generation information and is transmitted to the wireless terminal 120 to implement an authentication code for the complete N-digit call of N digits. Those skilled in the art will be able to refer to and / or modify the FIG. 36 to derive various implementations of the complete disposable authentication code implementation process through the medium authentication, Comprised, including the exemplary method, to which the technical feature that is not limited to the exemplary method shown in the figure 36.

Hereinafter, in FIG. 36, the media authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 33 is referred to as a "server" for convenience.

Referring to FIG. 36, after the media authentication is performed through the media authentication process shown in FIGS. 34A and 34B, the server, in association with the storage medium 2 (3370) The terminal 120 generates (3600) authentication code (N) generation information for generating an authentication code (N), and generates an authentication code (N) through the generated authentication code (N) ).

If the authentication code N is generated 3610, the server transmits the authentication code N to the wireless terminal 120 through the communication channel 3615 and correspondingly transmits the authentication code N to the wireless terminal 120 Receives (3620) the authentication code (N) through the communication channel, outputs the received authentication code (N) to the screen of the wireless terminal 120 (3625), and then transmits the authentication code N ) Is used for the one-time authentication process through the wireless terminal 120, or the one-time authentication process through the at least one disposable authentication code input medium.

FIG. 37 is a diagram illustrating a configuration of a completed disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 37 is a flowchart illustrating a media authentication process performed by the wireless terminal 120 shown in FIG. 32 through the medium authentication process shown in FIGS. 34a and 34b, on the completed one- 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (N) generation information as the medium authentication result (N) to generate the authentication code (N) through the generated authentication code (N) generation information and the authentication code (N) generation information to the wireless terminal (120) The process for generating the authentication code N through the code (N) generation information to implement the authentication code for the N-digit complete type one-sided call. If the person skilled in the art is familiar with the present invention, And / or modifying the medium authentication However, the present invention is not limited to the above-described embodiments, but includes all of the above-described embodiments. The technical features of the present invention are not limited only to the implementation method shown in FIG. 37 .

Hereinafter, in FIG. 37, the media authentication server (2) 105 on the completed disposable authentication code implementation system shown in FIG. 33 is referred to as a "server" for convenience.

Referring to FIG. 37, after media authentication is performed through the media authentication process shown in FIGS. 34A and 34B, the server, in association with the storage medium 2 (3370) The terminal 120 generates (3700) authentication code (N) generation information for generating an authentication code (N) and transmits the generated program code to the wireless terminal 120 in association with the program code D / B 3375 (N), and transmits the authentication code (N) generation information and the program code (N) through the communication channel (3705).

The wireless terminal 120 receives the authentication code N and the program code N through the communication channel 3710 and transmits the authentication code N to the wireless terminal 120 based on the program code N. [ The authentication code N is generated through the generation information (3715).

If the authentication code N is generated 3720, the wireless terminal 120 outputs the generated authentication code N on the screen of the wireless terminal 120 (3725) N is used for the one-time authentication process through the wireless terminal 120 or the one-time authentication process through at least one disposable authentication code input medium.

FIG. 38 is a diagram illustrating a functional configuration of a wireless terminal 120 implementing a hybrid disposable authentication code via medium authentication according to an embodiment of the present invention.

In more detail, FIG. 38 illustrates a case where a mobile communication terminal accessing a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (1) 100 in the wireless terminal 120, and the media authentication server (1) 100 in the wireless terminal 120. The media authentication server (100) (1 < = n < N) digits from the media authentication server (1) 100 after authentication of the terminal medium 1 through the n-digit partial disposable Generates the authentication code, receives the partial disposable authentication code generation information of (Nn) digits from the medium authentication server (2) 105 after authentication of the terminal medium 2 through the medium authentication server (2) 105 Nn) number of digits (1 < = n < N) digits of partial disposable authentication codes and (Nn) digits of the partial disposable authentication codes after generating the partial disposable authentication codes Fig.

In the present invention, the mixed type disposable authentication code with N (N> = 2) digits is referred to as "mixed type disposable authentication code" or "authentication code (N)" for convenience, The partial disposable authentication code is referred to as a "first partial disposable authentication code" or "authentication code (n)" for convenience, and the partial disposable authentication code of the (Nn) Code (Nn) &quot;.

Those skilled in the art will appreciate that other terminal devices (e.g., HSDPA (High-Speed Downlink Packet (HSDPA), etc.) implementing the hybrid type disposable authentication code through the media authentication may refer to and / A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, The present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited thereto.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna And a battery 3820. A predetermined modem chip (for example, a modem chip) including functions of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, A frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 38, the wireless terminal 120 implementing the hybrid type disposable authentication code through the medium authentication includes a control unit 3800 corresponding to the modem chip, a screen output unit (not shown) corresponding to an LCD (Liquid Crystal Display) A sound processing unit 3810 corresponding to the microphone / speaker, a key input unit 3815 corresponding to the keypad, a radio processing unit 3840 corresponding to the antenna and various RF modules, A memory unit 3825, and a battery 3820 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may further include an IC chip 3835 mounted on or removed from the wireless terminal 120 for providing various financial (or settlement) services or various additional services corresponding thereto And an IC chip reader unit 3830 for reading / writing predetermined information (or data) to / from the IC chip 3835 .

The control unit 3800 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and is provided with a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory element (Or an integrated circuit) provided for the bus and the bus for inputting / outputting program data, and the memory unit 3825 or the memory device (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 may be stored in the control unit 3800 for convenience The program routine of the controller 3800 basically includes an operating system routine (not shown) and at least one system management routine (e.g., a power management routine, a channel (forward / backward) A control routine, a handoff routine, and the like), and the control unit 3800 realizes various functional configurations to be implemented in the wireless terminal 120. FIG.

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 3800), the wireless terminal (120) performs a predetermined boot procedure to load the system setting detailed state, the pilot channel obtaining detailed state, the synchronous channel obtaining detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

After executing the booting procedure, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the control unit 3800, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the hybrid type disposable authentication code through the medium authentication is such that the wireless terminal 120 is started (i.e., in the operation mode corresponding to the " Or realized).

The screen output unit 3805 is a function configuration unit for a screen for checking operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. The screen output unit 3805 includes one or more And a driver for driving the screen output device. The control unit 3800 may output at least one key data input through the key input unit 3815, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to the embodiment of the present invention, the screen output unit 3805 may include a menu screen corresponding to the function of implementing the mixed type disposable authentication code through the medium authentication, a function processing screen for implementing the mixed disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 3810 is a functional unit for processing input and output of sound in each operation mode of the wireless terminal 120. The function processing unit 3810 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to the embodiment of the present invention, the sound processing unit 3810 is configured to generate a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 3810 may be operable to reproduce at least one sound content or multimedia content provided (or downloaded) from the wireless terminal 120 in at least one operation mode including the "mobile station call waiting state & It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 3815 may include a key input unit having at least one key button including a predetermined number key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 3800, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the control unit 3800, The control unit 3800 reads predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (e.g., corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (or managing) at least one key data to the key event) And reads a command for executing a predetermined function matched and defined.

According to the embodiment of the present invention, the key input unit 3815 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 3815 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is desirable to perform various functions provided in the terminal 120. [

According to the embodiment of the present invention, the key input unit 3815 preferably performs a function of key input means for inputting at least one key data corresponding to a function for implementing the mixed type disposable authentication code through the medium authentication .

The radio processing unit 3840 is a functional unit for connecting a radio channel to a base station on a mobile communication network that operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (e.g., a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A slot mode or a power control in response to each operation mode of the wireless terminal 120 in cooperation with the control unit 3800. [ Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 3840 performs a radio frequency signal transmission / reception function (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the mixed- Amplification, filtering, and the like).

Particularly, the radio processor 3840 processes the information or the signal transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement the hybrid type disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 shown in FIG. 38 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processor 3840 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x based wireless network, the wireless processing unit 3840 may be configured to include a wireless communication function configuration that implements a hybrid type disposable authentication code And a wireless communication function configuration in which the hybrid type disposable authentication code is authenticated through the media authentication by accessing the IEEE 802.16x-based wireless network, and thus the present invention is not limited thereto.

The IC chip reader unit 3830 includes an IC chip 3835 mounted on or removed from the wireless terminal 120 through an IC chip 3835 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or a financial IC chip 3835, USIM, or the like), the contact type IC card reader corresponding to the ISO / IEC 7816 standard, or the ISO / (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 3835 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the specification including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 3835 mounted or detached from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal (Input / output interface) for communicating (e.g., command or data exchange) with the IC chip reader unit 3830 through contact points such as CLK, ground GND, programming power supply VPP, or input / output A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating the internal resources of the IC card is stored in the IC chip reader 3830 via a power supply (VCC) contact point of the input / The COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 3835 and the clock frequency of the clock signal CLK contact point (e.g., 3.57 MHz or 4.9 MHz) And controls the exchange of information or data between the IC chip 3835 and the IC chip reader unit 3830 through an APDU (Application Protocol Data Unit).

According to the present invention, the memory of the IC chip 3835 stores the IC chip 3835 storage information (for example, program code and data for the IC chip 3835) that implements the mixed disposable authentication code through medium authentication The storage information of the IC chip 3835 may include a storage unit (not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer's wireless terminal. And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) which includes an instruction call code for interacting with the instruction set of the COS and an execution code which is processed by the processor unit (Not shown) corresponding to the application is provided. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 3835 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a chip serial number (CSN) is stored, And the IC chip 3835 storage information for the present invention includes the protection area and the COS control area. The storage area for the IC chip 3835 includes a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service And an element file (EF) including substantial information or data. The IC chip 3835 storage information for the present invention also includes the above-described file structure.

The IC chip 3835 may store the user authentication IC chip 3835 storage information or the terminal authentication IC chip 3835 storage information for authenticating the validity of the user of the wireless terminal 120 It is preferable that one or more of them are provided.

The user authentication IC chip 3835 storage information or the terminal authentication IC chip 3835 storage information is used to authenticate the user authentication information input through the key input unit 3815 with an IC chip 3835 authentication code It is preferable that the authentication result information of the terminal medium IC chip 3835 is returned after authenticating the user of the wireless terminal 120 (or the wireless terminal 120) A technical feature of authenticating the user of the wireless terminal 120 (or the wireless terminal 120) through the IC chip 3835 authentication code in the IC chip 3835, The technical feature of returning the authentication result information of the terminal medium IC chip 3835 corresponding to the authentication result of the user of the wireless terminal 120 (or the wireless terminal 120) is known, .

The memory unit 3825 includes a storage medium for storing at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

According to an embodiment of the present invention, the memory unit 3825 includes a medium authentication server 1 (100) for authenticating a terminal medium corresponding to the wireless terminal 120 to implement a mixed type disposable authentication code through the medium authentication (For example, the address information of the medium authentication server 1 (100), the unique information of the medium authentication server (1) 100) and the medium authentication server (2) 105 (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)) with respect to the medium authentication server (2)

Referring to FIG. 38, the wireless terminal 120 implementing the hybrid type disposable authentication code through the medium authentication includes an information input unit for receiving user authentication information through the key input unit 3815.

In order to implement the mixed type disposable authentication code through the medium authentication, the information input unit outputs a user authentication information input interface in cooperation with the screen output unit 3805, And requests the user to input user authentication information for implementing the one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 3815. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be stored in the wireless terminal 120 through the user authentication IC chip 3835 stored in the IC chip 3835 (or USIM) or the terminal authentication IC chip 3835 storage information. And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 38, when the hybrid type disposable authentication code is implemented through the terminal medium authentication, the wireless terminal 120 generates terminal medium authentication information based on the user authentication information input through the information input unit , And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processor (3840), so that the medium corresponding to the wireless terminal (120) is firstly authenticated , The media authentication server (1) (100) receives the terminal medium authentication code from the medium authentication server (1) (100) at the terminal medium authentication and transmits the received terminal medium authentication code to the medium authentication server (N) from the media authentication server (1) (100) to the media authentication server (1) (105) to process the media corresponding to the wireless terminal (120) Receiving the generation information (2) for receiving the authentication code (Nn) generation information from the media authentication server (2) (105) in cooperation with the radio processing section (3840) at the time of the second authentication .

According to another embodiment of the present invention, the wireless terminal 120 transmits the terminal medium authentication information (or the medium authentication server (2) 105) to the medium authentication server (2) 105 for the second authentication Receiving the terminal medium authentication code from the medium authentication server (2) 105 may be omitted when transmitting the terminal medium authentication code (information set to be received from the wireless terminal 120). In this case, It is preferable to transmit the authentication information (or information set to be received from the wireless terminal 120 for the second authentication in the medium authentication server 2 (105)) to the medium authentication server (2) 105, And the terminal medium authentication code is omitted.

When the hybrid type disposable authentication code is implemented through the terminal medium authentication, the authentication processing unit may be configured to allow the media authentication server (1) (100) on the communication network to authenticate the terminal medium And generates terminal medium authentication information based on the authentication information.

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the media authentication server on the communication network for authenticating the terminal medium for the wireless terminal 120 , The authentication processing unit transmits the user authentication information and the unique information (e.g., MIN (Mobile Identification Number) information or ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) (E.g., International Mobile Subscriber Identity (IMSI) information, MSISDN (Mobile Station International ISDN Number), USIM specific information, etc.) provided in the terminal.

For example, the authentication processing unit preferably generates the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120. [

Alternatively, the authentication processor may generate a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, And at least one information unique to the wireless terminal 120 to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 3835 (or USIM) through the user authentication IC chip 3835 storage information or the terminal authentication IC chip 3835 storage information When the authentication processing unit includes at least one of a personal identification number (PIN) or a password for authenticating the validity of the user of the wireless terminal 120, the authentication processing unit may transmit the user authentication information through the IC chip reader unit 3830 (3835) stored in the IC chip 3835 (or USIM), or the terminal authentication IC chip 3835 storage information provided in the IC chip 3835 (or the USIM) (Or USIM) returns the authentication result information of the terminal medium IC chip 3835 through the user authentication information, the authentication result information of the returned terminal medium IC chip 3835 and the unique information of the wireless terminal 120 A terminal medium authentication certificate To produce the preferred.

For example, the authentication processing unit may generate the terminal medium authentication information by concatenating authentication result information of the terminal medium IC chip 3835 and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit may generate a terminal media verifier by performing an XOR operation on at least one of the authentication result information of the terminal medium IC chip 3835 and the unique information of the wireless terminal 120, as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip 3835 authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information in addition to authentication result information of the terminal medium IC chip 3835 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal media authentication information generation factor for generating terminal media authentication information to be transmitted to the media authentication server on the communication network, The authentication processing unit hashashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (e.g., a random number value generated by the terminal) The mobile terminal 120 generates the terminal media verifier by performing at least one XOR operation on the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) Generating terminal medium authentication information including at least one random number information and unique information of the wireless terminal 120 And the authentication processing unit can further hash the terminal media verifier according to the intention of a person skilled in the art.

For example, the authentication processing unit generates the terminal media authentication information by concatenating the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processor transmits the terminal medium authentication information to the memory unit (1) 100 to securely transmit the terminal medium authentication information to the medium authentication server 3825) (or the IC chip 3835) using at least one encryption key.

When the terminal medium authentication information is generated as described above, the authentication processing unit transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processing unit 3840 , And the media authentication server (1) (100) performs first authentication of the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 3835 (or USIM) through the user authentication IC chip 3835 storage information or the terminal authentication IC chip 3835 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And transmits the authentication information to the IC chip 3835 based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium provided in (or linked to) the media authentication server (1) ) (Or USIM) The terminal medium IC chip 3835 authentication information is generated through the same logic as the user authentication IC chip 3835 storage information or the terminal authentication IC chip 3835 storage information (3835) authentication information included in the terminal medium IC chip 3835 authentication information and the terminal medium IC chip 3835 authentication information included in the terminal medium authentication information And verifies the validity of the terminal medium.

If at least one of the authentication result information of the terminal medium IC chip 3835 and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR is performed in the terminal medium authentication information, The media authentication server (1) 100 transmits at least one of the authentication information of the terminal medium IC chip (3835) provided in the storage medium and the unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the medium authentication server (1) (100) generates (or extracts) a terminal medium authentication code corresponding to the terminal medium authentication result, And transmits the terminal authentication code to the wireless terminal (120) through a communication network. The authentication processing unit receives the terminal authentication code from the media authentication server (1) (100).

According to an embodiment of the present invention, when the medium authentication server (1) 100 authenticates the terminal medium authentication information, the medium authentication server (1) 100 transmits an authentication code ( (or extracting) authentication code (n) generation information for generating the authentication code (n) to be transmitted to the wireless terminal 120, and the receiving unit 1 correspondingly transmits (N) generation information via the authentication code (n).

If the program code n for generating the authentication code (n) is not provided to the wireless terminal 120 through the authentication code (n) generation information, the medium authentication server (100) (N) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in response to the terminal medium authentication, , The receiving unit 1 further receives the program code (n) for generating the authentication code (n) through the wireless processing unit 3840 through the authentication code (n) generation information.

According to another embodiment of the present invention, when the media authentication server (1) (100) authenticates the terminal medium authentication information, the media authentication server (1) (100) (Or extracts) an authentication code n to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code n to the wireless terminal 120. In response to the authentication code n, (N) is received via the authentication code (n).

Then, the authentication processing unit transmits the received terminal medium authentication code to the medium authentication server (2) (105) through a communication network.

According to an embodiment of the present invention, the authentication processing unit generates terminal medium authentication information through the user authentication information and transmits the authentication information to the media authentication server (1) 100 through a similar (or the same) (For example, a terminal media verifier is concatenated with the terminal medium authentication code and the unique information of the wireless terminal 120, or a terminal media verifier including the terminal medium authentication code and the unique information of the wireless terminal 120) (2) 105, and if it is a person having ordinary skill in the art to which the present invention pertains, it is possible to transmit the terminal medium authentication code through a method of generating the terminal medium authentication information, The detailed description thereof will be omitted for the sake of simplicity.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code (Or extracts) the authentication code (Nn) generation information for generating the authentication code (Nn) to the wireless terminal (120), and the receiving unit (2) And receives the authentication code (Nn) generation information through the network.

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the medium authentication server 2 (105) (Nn) for generating the authentication code (Nn) through the authentication code (Nn) generation information to the wireless terminal (120) in response to the terminal medium authentication, The receiving unit 2 further receives a program code Nn for generating the authentication code Nn through the wireless communication unit 3840 through the authentication code Nn generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code Nn to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code Nn to the wireless terminal 120. In response to the authentication code Nn, The authentication code Nn is received via the authentication code Nn.

Referring to FIG. 38, the wireless terminal 120 generates an authentication code (n) through the authentication code (n) generation information received through the receiving unit 1, And an authentication code generation unit for generating an authentication code (Nn) through the authentication code (Nn) generation information.

If the program code (n) for generating the authentication code (n) is provided in the authentication code generation unit, the authentication code generation unit uses the authentication code (n) generation information received via the reception unit (N) is generated by combining the authentication code (n) and the authentication code (Nn) by the output processing unit to generate an authentication code (n) (N) may be generated at any time before generation of the authentication code (n), and the present invention is not limited by the generation timing of the authentication code (n).

On the other hand, when the authentication code generating unit is provided with the program code (n) for generating the authentication code (n), the authentication code generating unit generates the authentication code (n) It is preferable to generate an authentication code (n) of n digits using the authentication code (n) generation information received via the network 1.

According to another embodiment of the present invention, when the authentication code (n) is directly received through the receiving unit 1, the authentication code generating unit may omit generating the authentication code (n) Is not limited.

If the program code Nn for generating the authentication code Nn is provided in the authentication code generation unit, an authentication code Nn for generating the authentication code Nn is generated through the reception unit 2 Information is received, the authentication code generation unit generates an authentication code (Nn) of (Nn) digits using the received authentication code (Nn) generation information.

On the other hand, when the program code Nn for generating the authentication code Nn is not provided in the authentication code generation unit, an authentication code Nn for generating the authentication code Nn through the reception unit 2 is generated. When the generation information is received, the authentication code generation unit generates an authentication code (Nn) of (Nn) digits using the received authentication code (Nn) generation information through the program code (Nn) received through the receiver (2) .

According to another embodiment of the present invention, when the authentication code Nn is directly received through the receiver 2, the authentication code generator may be omitted from generating the authentication code Nn, Is not limited.

The authentication code generating unit may be configured to generate the authentication code (n) using the authentication code (n) generation information, , And the authentication code (Nn) of (Nn) digits is generated by using the authentication code (Nn) generation information. Therefore, detailed description thereof will be omitted for the sake of convenience.

38, the wireless terminal 120 includes a code combining unit for generating an authentication code (N) by combining the authentication code (n) and the authentication code (Nn), and a code combining unit for combining the screen output unit 3805 And an output processing unit for outputting the generated authentication code (N) in association with each other.

(N) and an authentication code (Nn) are generated by the authentication code generation unit, the code combination unit combines the authentication code (n) and the authentication code (Nn) .

According to an embodiment of the present invention, it is preferable that the code combining unit generates the N-digit authentication code (N) by concatenating the authentication code (n) and the authentication code (Nn).

For example, if the authentication code (n) is "123" and the authentication code (Nn) is "456", the code combination unit concatenates the authentication code (n) It is preferable to generate "123456 &quot;.

According to another embodiment of the present invention, the code combining unit may generate an N-digit authentication code N by ORing the authentication code n and the authentication code Nn, If the position of the authentication code Nn is designated, the code combining unit inserts the corresponding code into the position of the authentication code n and the authentication code Nn to generate an authentication code N of N digits desirable.

For example, if the authentication code (n) is "103050" and the authentication code (Nn) is "020406", the code combining unit ORs the authentication code (n) ) "123456 &quot;.

Alternatively, if the authentication code (n) is "1 to 3? 5?" And the authentication code (Nn) is "? 2 to 4? 6", the code combining unit generates the authentication code Nn) to generate the authentication code (N) "123456 &quot;.

According to still another embodiment of the present invention, the code combining unit substitutes the authentication code (n) and the authentication code (Nn) into at least one code generation function (e.g., a hash function) N), and the present invention is not limited by the above code generation function type and algorithm.

When an authentication code N of N digits is generated by combining the authentication code n and the authentication code Nn, the output processing unit generates an authentication code N by combining the N-digit authentication code (N) to a predetermined area on the screen of the wireless terminal (120).

According to an embodiment of the present invention, the output processing unit outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in cooperation with the screen output unit 3805, It is preferable to output the N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit outputs (or allocates) the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in cooperation with the screen output unit 3805 , And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 39 is a diagram showing a configuration of a mixed type disposable authentication code implementing system through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 39 shows a case where the wireless terminal 120 functional configuration in which the hybrid type disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 38, (N > = 2) digits of the disposable authentication code to be implemented in the system according to an embodiment of the present invention, and is a person skilled in the art. The present invention may be embodied in many different forms of implementation of the system for implementing the hybrid type disposable authentication code through the medium authentication, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 39, the hybrid type disposable authentication code implementation system using the medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 38, a wireless terminal 120 connected to the wireless terminal 120, (N) for performing a first terminal media authentication for the wireless terminal 120 and generating an n-digit authentication code (n) to the wireless terminal 120 in response to the first media authentication result, (1) 100 for providing the generation information or generating an authentication code (n) of n digits to the wireless terminal 120 and a second terminal medium (Nn) generation information for generating a (Nn) digit authentication code (Nn) to the wireless terminal (120) in response to the second medium authentication result, or (Nn) And generates and transmits the authentication code Nn of the number of digits to the wireless terminal 120 Including a body authentication server 2 (105) is characterized in that formed.

In order to implement the hybrid type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

In addition, the wireless terminal 120 receives authentication code (n) generation information for generating an authentication code (n) of n digits from the media authentication server (1) 100 as a result of the first terminal media authentication And a function of generating an authentication code (n) of n digits through the received authentication code (n) generation information.

Alternatively, the wireless terminal 120 receives n-digit authentication code (n) from the media authentication server (1) 100 as a result of the first terminal media authentication.

Also, the wireless terminal 120 receives the terminal medium authentication code from the media authentication server (1) 100 as a result of the first terminal medium authentication, and transmits the received terminal medium authentication code to the media authentication server 2) &lt; / RTI &gt;

Also, the wireless terminal 120 may generate authentication code (Nn) generation information (Nn) for generating an authentication code (Nn) from the media authentication server (2) 105 as a result of the second terminal media authentication, And a function of generating an authentication code (Nn) of (Nn) digits through the received authentication code (Nn) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 as a result of the second terminal medium authentication.

When the authentication code N of the n digits is generated and the authentication code Nn of the number Nn is generated, the wireless terminal 120 combines the authentication code n and the authentication code Nn into N (N), and outputs the generated authentication code (n) to the screen of the wireless terminal (120).

39, a technical characteristic of generating the authentication code Nn of the n-digit authentication code n and the (Nn) digit in the wireless terminal 120 and the technical characteristic of generating the authentication code n and the authentication code Nn The technical features of generating an N-digit authentication code (n) by combining the authentication code (n) will be described with reference to FIG. 38, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) 3935 for further associating and storing the terminal medium authentication rule information through the information storage medium (1) 3935. The storage medium And the authentication code generation rule information for generating the terminal medium authentication code is further stored in association with each other.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, (1) 3935, if the terminal authentication rule is implemented in the form of a program code in the media authentication server (1) 100, it is possible to omit it from being stored in the storage medium , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 3935, and thus the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (n) is not provided to the wireless terminal 120, the media authentication server (1) A program code D / B (1) 3940 for classifying and storing program codes (n) for generating the authentication code (n) according to the platform of the wireless terminal 120 according to a program analyzer, an operating system, And interlocked).

Those skilled in the art will recognize the technical features of the program code n for generating the authentication code n according to a plurality of wireless terminal 120 platforms, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 3970 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code The storage medium 2 3970 may generate authentication code Nn generation information for generating an authentication code Nn at the wireless terminal 120 when the terminal medium is authenticated, The authentication code generation rule information for generating the authentication code Nn to be transmitted to the terminal 120 is further stored in association with each other.

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) When the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 3970, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 or a rule for generating the authentication code (Nn) to be transmitted to the wireless terminal 120 It is preferable that at least one rule for creating the authentication code generation rule is defined in the form of a program code in the medium authentication server 2 105. The storage medium 2 3970 The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

According to another embodiment of the present invention, when the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information, the storage medium (2) 3970 includes user authentication information (not shown) 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code Nn is not provided to the wireless terminal 120, the media authentication server 2 (105) A program code D / B (2) 3975 for classifying and storing the program codes Nn for generating the authentication codes Nn according to the platforms of the wireless terminals 120 according to the program codes D / B (program analyzer, operating system, etc.) And interlocked).

Those skilled in the art will appreciate the technical features of the program code Nn for generating the authentication code Nn according to a plurality of wireless terminal platforms 120, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 includes an interface unit 3900 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 3900 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system) And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 39, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An authentication information receiving unit 3905 for receiving the terminal medium authentication information in association with the interface unit 3900 when the terminal unit 3900 transmits the terminal medium authentication information, An authentication code generation unit 3915 for generating a terminal medium authentication code when authenticating the terminal medium, and an authentication code generation unit 3915 for generating the terminal medium authentication code in association with the interface unit 3900 And an authentication code transmitting unit (3920) for transmitting the terminal medium authentication code to the wireless terminal (120).

When the wireless terminal 120 generates terminal medium authentication information for the terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiver 3905 transmits the terminal medium authentication information to the interface unit 3900 When the terminal medium authentication information is encrypted, the authentication information receiver 3905 decrypts the encrypted terminal medium authentication information through the decryption key. .

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authentication unit (1) 3910 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, And authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and providing the authentication information to the terminal medium authentication unit 1 (1) (3935), which is stored in association with the unique information of the wireless terminal (120), with the user authentication information included in the terminal medium authentication information, And validates the validity.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1 ) 3910 transmits at least one of the user authentication information provided in the storage medium (1) 3935 and the unique information of the wireless terminal 120 confirmed through the communication session to the same method as the terminal media verifier And XORing the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 3910 confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium (1) 3935 provided in (or linked to) User authentication IC chip storage , Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or when the terminal medium IC chip authentication information is stored in the storage medium (1) 3935), the terminal medium IC chip authentication information And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit 1 (3910) transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 3935 and the unique information of the wireless terminal 120 confirmed through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication section (1) 3910 generates the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 3935 stored in the terminal medium authentication unit (1) 3910 (in association with the unique information of the wireless terminal 120) And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the authentication code generation unit 3915 generates (or extracts) the terminal medium authentication code through the authentication code generation rule information do.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 3915, the authentication code transmission unit 3920 transmits the generated terminal medium authentication code in association with the interface unit 3900 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

Referring to FIG. 39, the media authentication server (1) 100 generates an authentication code (n) at the wireless terminal 120 at the time of first authentication by the terminal medium authentication unit (1) 3910 (1) 3925 for generating the authentication code (n) generation information for generating the authentication code (n) to be transmitted to the wireless terminal 120 or generating the authentication code (n) to be transmitted to the wireless terminal 120, (1) 3930 for transmitting the generated authentication code (n) generation information (or authentication code (n)) to the wireless terminal 120.

Upon the first authentication by the terminal medium authentication unit (1) 3910, the information generation unit (1) 3925 generates the authentication code (n) from the wireless terminal 120 through the authentication code generation rule information (Or extracting) authentication code (n) generation information for performing authentication.

According to another embodiment of the present invention, the information generation unit (1) 3925 generates (or extracts) the authentication code (n) generation information through the authentication code generation rule information, And generates the authentication code (n) to be transmitted to the wireless terminal (120) through the generated information.

When the authentication code (n) generation information is generated (or extracted) through the information generation unit 1 (3925) according to an embodiment of the present invention, the transmission unit (1) And transmits the generated authentication code (n) generation information to the wireless terminal 120 in association with the authentication code (n) 3900. In response to the authentication code (n) generation information, And generates the authentication code (n).

When the authentication code n is generated (or extracted) through the information generation unit 1 (3925) according to another embodiment of the present invention, the transmission unit (1) 3930 transmits the authentication code And transmits the generated authentication code (n) to the wireless terminal 120 in association with the authentication code (n).

If the program code n for generating the authentication code n is not provided to the wireless terminal 120 through the authentication code n generation information, the transmitter 1 (3930) It is preferable to further transmit the program code (n) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in connection with the code D / B (1) 3940 Do.

According to the present invention, the media authentication server (2) 105 includes an interface unit 3945 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 3945 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system), the interface unit 3945 transmits, And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 39, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 associates with the interface unit 3945, (2) 3955 for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal 120, (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) or generating the authentication code (Nn) to be transmitted to the wireless terminal (120) (Or the authentication code Nn) to the wireless terminal 120 in association with the interface unit 3945. The information generating unit 2 3960 generates the authentication code Nn, And a transfer unit (2) (3965) for transferring the image data.

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the generated terminal medium authentication code through the communication channel, the authentication code receiving unit 3950 transmits the terminal medium authentication code to the interface unit 3945 When the terminal medium authentication code is encrypted, the authentication code receiving unit 3950 preferably decrypts the encrypted terminal medium authentication code through the decryption key. .

Then, the terminal medium authentication unit (2) 3955 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generation unit (2) 3960 generates authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 through the authentication code generation rule information (Or extracts) the image data.

According to another embodiment of the present invention, the information generation unit (2) 3960 generates (or extracts) the authentication code (Nn) generation information through the authentication code generation rule information, And generates the authentication code (Nn) to be transmitted to the wireless terminal (120) through the generated information.

When the authentication code (Nn) generation information is generated (or extracted) through the information generation unit (2) 3960 according to an embodiment of the present invention, the transmission unit (2) And transmits the generated authentication code (Nn) generation information to the wireless terminal (120) in association with the authentication code (N) generated by the wireless terminal (120) And generates an authentication code (Nn).

When the authentication code Nn is generated (or extracted) through the information generation unit 2 3960 according to another embodiment of the present invention, the transmission unit 2 3965 transmits the authentication code Nn to the interface unit 3945 And transmits the generated authentication code Nn to the wireless terminal 120 in association with the authentication code Nn.

If the wireless terminal 120 does not include the program code Nn for generating the authentication code Nn through the authentication code Nn generation information, the transmitter 2 (3965) It is preferable to further transmit the program code Nn for generating the authentication code Nn through the authentication code Nn generation information to the wireless terminal 120 in conjunction with the code D / B (2) 3975 Do.

40 is a diagram illustrating a medium authentication process for implementing a hybrid type disposable authentication code according to an embodiment of the present invention.

In more detail, FIG. 40 illustrates a wireless terminal 120 function configuration in which the hybrid type disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 398, A method for performing a first medium authentication with a medium authentication server (1) (100) on a mixed type disposable authentication code implementation system and performing a second medium authentication with a medium authentication server (2) (105) Those skilled in the art will be able to refer to and modify various aspects of the media authentication process for implementing the mixed disposable authentication code, It is to be understood that the invention is not limited to the particular embodiments set forth herein.

For example, in the embodiment shown in FIG. 40, the media authentication server (1) 100 simultaneously generates the first authentication terminal medium authentication code and the authentication code (n) generation information to the wireless terminal 120 However, the present invention is not limited thereto, and the terminal medium authentication code and the authentication code (n) generation information may be separately transmitted to the wireless terminal 120 according to those skilled in the art, It is possible to omit the transmission of the medium authentication code to the wireless terminal 120, and the present invention is characterized in that it includes all the methods that can be inferred as described above.

Hereinafter, in FIG. 40, the media authentication server (1) 100 on the hybrid type disposable authentication code implementation system shown in FIG. 39 is referred to as "server 1" for convenience and the media authentication server (2) Quot; server 2 &quot;.

Referring to FIG. 40, the wireless terminal 120 checks (4000) whether a menu (or a key button) for implementing a mixed type disposable authentication code through medium authentication is input (4000) When a menu (or a key button) is input (4005), the wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, and if user authentication information is input through the interface (4010).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is confirmed in step 4015 that the user authentication information has been input, the wireless terminal 120 may authenticate the terminal medium corresponding to the wireless terminal 120 in the server 1 using the user authentication information And generates terminal medium authentication information (4020).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated in step 4025, the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 through the communication channel (4030).

Then, the server 1 reads the terminal medium authentication information in cooperation with the storage medium 1 (3935), and performs a first authentication process on the terminal medium (4035).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The server 1 confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and includes the specific information of the wireless terminal 120 and the terminal medium authentication information (1) 3935 stored in the server (1) (3935) by comparing the unique information of the wireless terminal (120) with the unique information of the wireless terminal Authenticating the validity of the terminal medium by comparing user authentication information stored in association with unique information and user authentication information included in the terminal medium authentication information.

If the terminal 1 includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal medium authentication information, the server 1 may include a terminal media verifier, (1) 3935 and unique information of the wireless terminal 120 identified through the communication session in the same manner as the terminal media verifier, and then performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server 1 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal authentication information, and transmits the terminal authentication information to the server 1 , Verifies the validity of the wireless terminal (120) by comparing the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (Or USIM) stored in the storage medium (1) (3935) connected to the IC chip (or linked), based on user authentication information stored in association with the unique information of the wireless terminal (120) In addition The terminal medium IC chip authentication information is generated through the same logic as the terminal authentication IC chip storage information (or when the terminal medium IC chip authentication information is stored in the storage medium (1) 3935) ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and the terminal media verifier is included in the terminal medium authentication information, 1) transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 3935 and the unique information of the wireless terminal 120 confirmed through the communication session to the same terminal medium verifier And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The server 1 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 to the terminal 1, (1) 3935 that is provided (or linked to) the server 1 by comparing the unique information of the wireless terminal 120 included in the medium authentication information to authenticate the validity of the wireless terminal 120 The user authentication information stored in association with the unique information of the wireless terminal 120 is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated 4040, the server 1 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel 4045, The wireless terminal 120 ends the hybrid type disposable authentication code implementation process through the media authentication.

When the terminal medium authentication information is authenticated 4040, the server 1 generates the terminal medium authentication code and the authentication code (n) generation information in association with the storage medium 1 (3935) To the wireless terminal 120 (4050).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel (4055).

Then, the server 2 reads the terminal medium authentication code in association with the storage medium (2) 3970 and performs a second authentication process on the terminal medium (4060).

If the terminal medium authentication code is not authenticated 4065, the server 2 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel 4070, The wireless terminal 120 ends the hybrid type disposable authentication code implementation process through the media authentication.

If the terminal medium authentication code is authenticated (4065), the server 2 generates authentication code (Nn) information for generating a hybrid type disposable authentication code through the process shown in FIG. 41, FIG. 42, And transmits the generated authentication code Nn to the wireless terminal 120.

FIG. 41 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 41 is a flowchart of the media authentication server 1 (FIG. 39) on the mixed disposable authentication code implementation system shown in FIG. 39, from the wireless terminal 120 shown in FIG. 398 through the medium authentication process shown in FIG. 100, and the medium authentication server 2 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result, Generates the authentication code (n) through the authentication code (n) generation information at the wireless terminal 120 and transmits the authentication code (Nn) through the received authentication code (Nn) (N) by combining the authentication code (n) and the authentication code (Nn), and if the person skilled in the art is familiar with the present invention, 41 is referred to and / or modified so that the mixed type once through the medium authentication Would have a variety of exemplary methods for the authentication code implementation can be inferred, the present invention is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 41.

For example, in FIG. 41, the process of generating the authentication code (n) through the authentication code (n) generation information received from the medium authentication server (1) The present invention is not limited thereto, and the process of generating the authentication code (n) may include generating the authentication code (n) (n) and the authentication code (Nn) are combined with each other.

Hereinafter, in FIG. 41, the media authentication server (2) 105 on the mixed disposable authentication code implementation system shown in FIG. 39 is referred to as a "server" for convenience.

Referring to FIG. 41, after the media authentication is performed through the medium authentication process shown in FIG. 40, the server communicates with the storage medium 2 (3970) (Nn) generation information for generating an authentication code (Nn) for generating the authentication code (Nn) from the wireless terminal (120) via the communication channel (4105) The wireless terminal 120 receives the authentication code Nn generation information through the communication channel 4110 and transmits the authentication code n received from the media authentication server 1 100 to the wireless terminal 120, Generates the authentication code (n) through the generation information, and generates the authentication code (Nn) through the received authentication code (Nn) generation information (4115).

If the authentication code n and the authentication code Nn are generated 4120, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 through the disposable authentication process through the wireless terminal 120 or at least the authentication code N is transmitted to the wireless terminal 120 And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 42 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

More specifically, FIG. 42 is a diagram illustrating a media authentication server 1 (FIG. 39) on the mixed disposable authentication code implementation system shown in FIG. 39, from the wireless terminal 120 shown in FIG. 398 through the medium authentication process shown in FIG. The medium authentication server 2 105 generates the authentication code Nn as the medium authentication result directly after the medium authentication through the medium authentication server 2 100 and the medium authentication server 2 105, The wireless terminal 120 generates the authentication code n through the authentication code n generation information and transmits the generated authentication code n and the received authentication code Nn (N) according to an embodiment of the present invention. Referring to FIG. 42, a hybrid type disposable authentication code implemented through the medium authentication can be implemented by a person skilled in the art. Inferring the various practices for the process Would be, the invention is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 42.

For example, in FIG. 42, the process of generating the authentication code (n) through the authentication code (n) generation information received from the medium authentication server (1) The process of generating the authentication code n may be performed after the authentication code nn is received from the authentication code nn. However, the present invention is not limited thereto, ) And the authentication code (Nn) are combined with each other.

Hereinafter, in FIG. 42, the medium authentication server (2) 105 on the mixed type disposable authentication code implementation system shown in FIG. 39 is referred to as a "server" for convenience.

Referring to FIG. 42, after the media authentication is performed through the media authentication process shown in FIG. 40, the server associates with the storage medium 2 (3970) (Nn) generation information for generating an authentication code Nn in step S 4205 and generates an authentication code Nn through the generated authentication code Nn generation information 4205.

If the authentication code Nn is generated 4210, the server transmits the authentication code Nn to the wireless terminal 120 through the communication channel 4215 and correspondingly transmits the authentication code Nn to the wireless terminal 120 Receives the authentication code Nn through the communication channel 4220 and generates the authentication code n through the authentication code n received from the media authentication server 100 (4225).

If the authentication code n is generated 4230, the wireless terminal 120 generates an authentication code N by combining the authentication code n and the authentication code Nn 4235, (N) to the wireless terminal 120 on the screen of the wireless terminal 120 in step 4240. The authentication code N is then transmitted to the wireless terminal 120 through the one-time authentication process through the wireless terminal 120, And is used for a one-time authentication process through the medium.

FIG. 43 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 43 is a diagram illustrating a media authentication server 1 (FIG. 39) on the mixed disposable authentication code implementation system shown in FIG. 39, from the wireless terminal 120 shown in FIG. 398 through the media authentication process shown in FIG. 100) and the medium authentication server (2) 105, the medium authentication server (2) 105 generates the authentication code (Nn) generation information as the medium authentication result, and the generation When the program code Nn for generating the authentication code Nn is transmitted to the wireless terminal 120 through the authentication code Nn generation information and the authentication code Nn generation information, Generates an authentication code (n) through the authentication code (n) generation information, generates an authentication code (Nn) based on the authentication code (Nn) generation information based on the received program code (Nn) The authentication code (N) and the authentication code (Nn) are combined to implement the authentication code (N) Those skilled in the art will be able to refer to and / or modify FIG. 43 to infer various implementations of the method of implementing the mixed-type disposable authentication code through the medium authentication However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 43, the process of generating the authentication code (n) through the authentication code (n) generation information received from the media authentication server (1) The present invention is not limited thereto, and the process of generating the authentication code (n) may include generating the authentication code (n) (n) and the authentication code (Nn) are combined with each other.

It is to be noted that, in FIG. 43, the program code Nn is provided to the wireless terminal 120 by the medium authentication server 2 (105) for convenience sake, however, the present invention is not limited thereto. (N) is not provided in the wireless terminal 120, the media authentication server (2) 105 may further include the program code (n) in the wireless terminal 120 I will reveal.

Hereinafter, in FIG. 43, the medium authentication server (2) 105 on the mixed disposable authentication code implementation system shown in FIG. 39 is referred to as a "server" for convenience.

Referring to FIG. 43, after the media authentication is performed through the medium authentication process shown in FIG. 40, the server communicates with the storage medium 2 (3970) (Nn) generation information for generating an authentication code (Nn) in step (4300) and confirms the program code Nn to be transmitted to the wireless terminal 120 in connection with the program code D / B , And transmits the authentication code (Nn) generation information and the program code Nn through the communication channel (4305).

If the program code n is not provided to the wireless terminal 120 according to the embodiment of the present invention, the server confirms the program code n to be transmitted from the program code D / B to the wireless terminal 120 It is possible to further include the program code (n) through the communication channel, and thus the present invention is not limited thereto.

The wireless terminal 120 receives the authentication code Nn generation information and the program code Nn through the communication channel 4310 and transmits the authentication code Nn to the wireless terminal 120 using the authentication code received from the media authentication server 1 and generates the authentication code Nn based on the authentication code Nn based on the program code Nn 4315. The authentication code Nn is generated based on the authentication code Nn.

If the authentication code n and the authentication code Nn are generated 4320, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn (N) to the wireless terminal 120 (step 4330), and then the authentication code N is transmitted to the wireless terminal 120 via the wireless terminal 120 And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 44 is a diagram illustrating a functional configuration of a wireless terminal 120 implementing a hybrid disposable authentication code via medium authentication according to another embodiment of the present invention.

In more detail, FIG. 44 is a block diagram of a mobile terminal accessing a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) 120, which is a functional configuration of a terminal device that implements a mixed type disposable authentication code through the medium authentication. More specifically, the wireless terminal 120 includes a media authentication server 1 (100 (1 < = n < N) digits from the medium authentication server (1) (100) after performing authentication by associating the terminal medium (1) Generates a partial one-time authentication code of n digits by receiving the code generation information, and after the terminal medium 2 is authenticated via the medium authentication server 2 (105), the (Nn) Generate partial disposable authentication code (1 < = n < N) digits of partial disposable authentication codes and (Nn) digits of the partial disposable authentication codes to generate an N number of mixed authentication codes, 1 shows an embodiment of implementing a disposable authentication code.

In the present invention, the mixed type disposable authentication code with N (N > = 2) digits is referred to as "mixed type disposable authentication code" or "authentication code (N)" for convenience, The disposable authentication code is referred to as a "first partial disposable authentication code" or "authentication code (n)" for convenience, and the partial disposable authentication code of the (Nn) (Nn) &quot;.

Those skilled in the art will appreciate that other terminal devices (e.g., HSDPA (High-Speed Downlink Packet (HSDPA), etc.) implementing the hybrid type disposable authentication code through the media authentication may refer to and / A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, It is to be understood that the invention is not limited to the particular embodiments set forth herein.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna And a battery 4420. A predetermined modem chip (for example, a modem chip) including functions of a Code Division Multiple Access (CDMA) modem, a CPU / MPU (Central Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, A frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 44, the wireless terminal 120 implementing the hybrid type disposable authentication code through the medium authentication includes a controller 4400 corresponding to the modem chip, a screen output unit (not shown) corresponding to an LCD (Liquid Crystal Display) A sound processing unit 4410 corresponding to the microphone / speaker, a key input unit 4415 corresponding to the keypad, a radio processing unit 4440 corresponding to the antenna and various RF modules, A memory unit 4425 and a battery 4420 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may include an IC chip 4435 (for example, a financial IC (hereinafter, referred to as a &quot; financial IC &quot;)) mounted or detached from the wireless terminal 120 for providing various financial And an IC chip reader unit 4430 for reading / writing predetermined information (or data) to / from the IC chip 4435 .

The control unit 4400 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and receives a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory device A bus BUS for inputting / outputting program data, and a predetermined electronic circuit (or an integrated circuit) provided for the bus BUS. The memory unit 4425, or the memory device 4425, (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 may be stored in the control unit 4400 for convenience The program routine of the controller 4400 basically includes an operating system routine (not shown) and at least one system management routine (e.g., a power management routine, a channel (forward / backward) (Not shown), and the control unit 4400 realizes various functional configurations to be implemented in the wireless terminal 120. The control unit 4400 may be implemented in various functional configurations.

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 4400), the wireless terminal (120) performs a predetermined boot procedure to load the system configuration detailed state, the pilot channel acquisition detailed state, the synchronization channel acquisition detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

After executing the booting procedure, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the control unit 4400, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the hybrid type disposable authentication code through the medium authentication is such that the wireless terminal 120 is started (i.e., in the operation mode corresponding to the " Or realized).

The screen output unit 4405 is a function configuration unit for a screen for confirming each operation mode of the wireless terminal 120 and a corresponding operation state of the wireless terminal 120, And a driver for driving the screen output device. The control unit 4400 may output at least one key data input through the key input unit 4415, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to the embodiment of the present invention, the screen output unit 4405 may include a menu screen corresponding to the function of implementing the mixed disposable authentication code through the medium authentication, a function processing screen for implementing the mixed disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 4410 processes a sound input / output in each operation mode of the wireless terminal 120. The function processing unit 4410 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to the embodiment of the present invention, the sound processing unit 4410 may receive a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 4410 may be operable to reproduce at least one or more sound contents or multimedia contents provided in (or downloaded from) the wireless terminal 120 in at least one operation mode including the " It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 4415 may include a key input unit having at least one key button including a predetermined numeric key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 4400, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the controller 4400, The control unit 4400 reads predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (for example, in the input mode or in the operation mode, Reading the key data from the key table storing (or managing) at least one key data to the key event) And reads a command for executing a predetermined function matched and defined.

According to an embodiment of the present invention, the key input unit 4415 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 4415 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is desirable to perform various functions provided in the terminal 120. [

According to an embodiment of the present invention, the key input unit 4415 preferably performs a function of key input means for inputting at least one key data corresponding to the function of implementing the mixed type disposable authentication code through the medium authentication .

The radio processing unit 4440 is a functional unit for connecting a radio channel to a base station on a mobile communication network that operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (for example, a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode or a Power Control in response to each operation mode of the wireless terminal 120 in cooperation with the control unit 4400. The control unit 4400 controls the operation of the wireless terminal 120, Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 4440 may perform radio frequency signal transmission and reception functions (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the hybrid type disposable authentication code through the medium authentication. Amplification, filtering, and the like).

In particular, the radio processing unit 4440 may process the information or signal transmitted from the wireless terminal 120 to the base station into a CDMA stack to implement the hybrid type disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 illustrated in FIG. 44 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processor 4440 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x-based wireless network, the wireless processing unit 4440 may include a wireless communication function configuration that implements a hybrid type disposable authentication code And a wireless communication function configuration in which the hybrid type disposable authentication code is authenticated through the media authentication by accessing the IEEE 802.16x-based wireless network, and thus the present invention is not limited thereto.

The IC chip reader unit 4430 may include an IC chip 4435 mounted on or removed from the wireless terminal 120 through an IC chip 4435 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or a function of exchanging at least one piece of information (or data or command) with the ISO / IEC 7816 standard or the ISO / IEC 7816 standard, (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 4435 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the specification including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 4435 mounted or detached from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal (Input / output interface) for communicating (e.g., exchanging commands or data) with the IC chip reader unit 4430 via contact points such as a clock signal CLK, ground GND, programming power supply VPP, or input / output A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating internal resources of the IC card is stored in the IC chip reader 4430 via a power supply (VCC) contact point of the input / When the power is supplied, the COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 4435, and the clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And controls the exchange of information or data between the IC chip 4435 and the IC chip reader 4430 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 4435 storage information (for example, program code and data for IC chip 4435) for implementing a mixed type disposable authentication code through medium authentication is stored in the memory of IC chip 4435 (Not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer wireless terminal and read and / or used, And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) which includes an instruction call code for interacting with the instruction set of the COS and an execution code which is processed by the processor unit (Not shown) corresponding to the application is provided. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 4435 includes a security structure based on ISO / IEC 10202. According to this, the memory includes a protection area in which secret information such as a CSN (Chip Serial Number) is stored, The IC chip 4435 storage information for the present invention includes the protection area and the COS control area. The area for storing the IC chip 4435 includes a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service And an element file (EF) including substantial information or data. The IC chip 4435 storage information for the present invention also includes the above-described file structure.

The IC chip 4435 may store the user authentication IC chip 4435 storage information or the terminal authentication IC chip 4435 storage information for authenticating the validity of the user of the wireless terminal 120 It is preferable that one or more of them are provided.

The user authentication IC chip 4435 storage information or the terminal authentication IC chip 4435 storage information is used to authenticate the user authentication information input through the key input unit 4415 to an IC chip 4435 authentication code It is preferable that the authentication result information of the terminal medium IC chip 4435 is returned after the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated using the identification information A technical feature that the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated through the IC chip 4435 authentication code in the IC chip 4435, The technical characteristics of returning authentication result information of the terminal medium IC chip 4435 corresponding to the authentication result of the user of the wireless terminal 120 (or the wireless terminal 120) are known, .

According to the embodiment of the present invention, the IC chip 4435 is provided with server authentication IC chip 4435 storage information for authenticating the validity of the medium authentication server (1) 100 to the medium authentication server (2) As shown in FIG.

The storage information of the server authentication IC chip 4435 is stored in the media authentication server 1 100 via the server medium 1 IC chip 4435 authentication information received from the medium authentication server 1 (2) the IC chip (4435) authentication information received from the medium authentication server (2) (105), or after returning the authentication result information of the server medium (1) It is preferable to return the authentication result information of the server medium 2 IC chip 4435 after authenticating the validity of the medium authentication server 2 105 through the authentication server 105. In the technical field of the present invention, (1) 100 authentication information through the IC chip 4435 authentication information of the server medium 1 IC chip 4435 and the media authentication server 1 A server medium 2 corresponding to the authentication result of the server medium 2 (IC chip 4435) (2) the authentication result information of the server medium (2) IC chip (4435) corresponding to the authentication result of the medium authentication server (2) (105) The detailed description will be omitted for the sake of brevity.

Alternatively, the memory provided in the IC chip 4435 stores the server authentication information (1) or the server authentication information (2) in order to implement the mixed type disposable authentication code through the medium authentication instead of the memory unit The server authentication information 1 or the server authentication information 2 may be provided on the IC chip 4435 in the form of a server certificate provided in the IC chip 4435. [

The memory unit 4425 includes a storage medium for storing at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

According to an embodiment of the present invention, the memory unit 4425 includes a medium authentication server 1 (100) for authenticating a terminal medium corresponding to the wireless terminal 120 to implement a mixed type disposable authentication code through the medium authentication (For example, the address information of the medium authentication server 1 (100), the unique information of the medium authentication server (1) 100) and the medium authentication server (2) 105 (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)) with respect to the medium authentication server (2)

Referring to FIG. 44, the wireless terminal 120 implementing the hybrid type disposable authentication code through the medium authentication includes an information input unit for receiving user authentication information through the key input unit 4415.

The information input unit outputs the user authentication information input interface in cooperation with the screen output unit 4405 to implement the mixed type disposable authentication code through the medium authentication, And requests the user to input user authentication information for implementing the one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 4415. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be stored in the wireless terminal 120 through the user authentication IC chip 4435 stored in the IC chip 4435 (or the USIM) or the terminal authentication IC chip 4435 storage information, And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 44, when the hybrid type disposable authentication code is implemented through the server medium authentication performed in association with the terminal medium authentication, the wireless terminal 120 transmits the user authentication information, which is input through the information input unit, And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the wireless processing unit 4440 to generate a medium corresponding to the wireless terminal 120 (1) authentication information from the medium authentication server (1) (100), and reads the authentication information of the server medium (1) A server authentication unit 1 for transmitting the authentication result information of the server medium 1 to the media authentication server 1 100 in cooperation with the radio processing unit 4440, And Receives the terminal medium authentication code corresponding to the server medium (1) authentication result information from the body authentication server (1) 100, and transmits the received terminal medium authentication code to the medium authentication server (2) 105 (N) generation information from the media authentication server (1) (100) at the time of the first authentication, the authentication processing unit (2) for processing the medium corresponding to the wireless terminal (2) authentication result information corresponding to the server medium (2) authentication result information from the medium authentication server (2) (105) in cooperation with the radio processing unit (4440) And a receiving unit (2) for receiving the generated information.

According to another embodiment of the present invention, when the terminal 120 receives the terminal medium authentication code corresponding to the server medium 1 authentication result information from the medium authentication server (1) 100, The authentication processing unit 2 transmits the authentication information to the wireless terminal 120 through the terminal medium authentication code in a manner similar to (or identical to) the first authentication method of the medium corresponding to the wireless terminal 120 in the authentication processing unit 1 Authenticates the server medium in a manner similar to (or in the same manner as) the method of authenticating the corresponding medium by the server authentication unit 2 (not shown) and authenticating the server medium by the server authentication unit 1 The authentication processing unit 2 and the server authentication unit 2 may be provided on the basis of the technical features of the authentication processing unit 1 and the server authentication unit 1, (Not shown) authenticates the terminal medium and the server medium The detailed description thereof will be omitted for the sake of simplicity.

According to another embodiment of the present invention, the wireless terminal 120 transmits the terminal medium authentication information (or the medium authentication server 2 (105) to the medium authentication server (2) 105 for the second authentication Receiving the terminal medium authentication code from the medium authentication server (2) 105 may be omitted when transmitting the terminal medium authentication code (information set to be received from the wireless terminal 120). In this case, It is preferable to transmit the authentication information (or information set to be received from the wireless terminal 120 for the second authentication in the medium authentication server 2 (105)) to the medium authentication server (2) 105, And the terminal medium authentication code is omitted.

When the hybrid type disposable authentication code is implemented through the server medium authentication performed in association with the terminal medium authentication, the authentication processing unit 1 performs processing to authenticate the terminal medium by the medium authentication server (1) 100 on the communication network The terminal authentication information is generated based on the user authentication information input through the information input unit.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The authentication processing unit 1 generates terminal medium authentication information including the user authentication information and the unique information of the wireless terminal 120. In this case,

For example, the authentication processing unit 1 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120. [

Alternatively, the authentication processing unit 1 generates a terminal media verifier by hashing at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be stored in the IC chip 4435 (or USIM) through the user authentication IC chip 4435 storage information or the terminal authentication IC chip 4435 storage information The authentication processing unit 1 transmits the authentication information to the IC chip reader unit 4430 through the IC chip reader unit 4430, Information to the user authentication IC chip 4435 storage information or the terminal authentication IC chip 4435 storage information provided in the IC chip 4435 (or the USIM) so as to authenticate the information, When the authentication result information of the terminal medium IC chip 4435 through the user authentication information is returned from the authentication server 4435 (or USIM), the authentication result information of the returned terminal medium IC chip 4435 and the unique information A terminal medium authentication It is preferred to generate a beam.

For example, the authentication processing unit 1 may generate the terminal medium authentication information by concatenating authentication result information of the terminal medium IC chip 4435 and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit 1 hashes the at least one of the authentication result information of the terminal medium IC chip 4435 and the unique information of the wireless terminal 120 into a one-way hash function, and performs an XOR operation to generate a terminal media verifier The terminal medium verifier, the terminal medium IC chip 4435 authentication result information, and the unique information of the wireless terminal 120 to generate the terminal medium authentication information.

The terminal medium IC chip 4435 authentication result information and the unique information of the wireless terminal 120, at least one additional information item to be included in the terminal medium authentication information, and at least one additional information item to be included in the terminal medium authentication information, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; The authentication processing unit 1 hashashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (e.g., And generates a terminal media verifier by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The terminal authentication information including the medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 It is preferred, and the authentication processing unit (1) according to one of ordinary skill in the intent it is possible to further cut the MS medium verification hash.

For example, the authentication processing unit 1 may concatenate the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processing unit 1 transmits the terminal medium authentication information to the medium authentication server (1) 100 on the communication network securely It is preferable to encrypt it with at least one encryption key provided in the memory unit 4425 (or the IC chip 4435).

When the terminal medium authentication information is generated as described above, the authentication processing unit 1 transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processing unit 4440 And the media authentication server (1) (100) authenticates the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be stored in the IC chip 4435 (or USIM) through the user authentication IC chip 4435 storage information or the terminal authentication IC chip 4435 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, Based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium that is provided to (or associated with) the media authentication server (1) 100, the IC chip 4435 ) (Or USIM) (Or the terminal medium IC chip 4435) authentication information through the same logic as the user authentication IC chip 4435 storage information or the terminal authentication IC chip 4435 storage information (4435) authentication information of the terminal medium IC chip (4435) included in the terminal medium IC chip (4435) authentication information and the terminal medium authentication information And verifies the validity of the terminal medium.

If at least one of the authentication result information of the terminal medium IC chip 4435 and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR operation is performed on the terminal medium authentication information, The media authentication server (1) 100 transmits at least one or more pieces of authentication information of the terminal medium IC chip (4435) provided in the storage medium and unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal authentication information is authenticated through any one of the above-described methods, the media authentication server (1) (100) authenticates the medium authentication (1) based on the server authentication information stored in the storage medium (Or extracts) the server medium authentication information (1) for authenticating the medium corresponding to the server (1) (100).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit 4425 (or an IC chip 4435 or USIM) provided in the wireless terminal 120 And the server authentication information is stored in the server certificate included in the memory unit 4425 (or the IC chip 4435, or USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information is transmitted to a server (not shown) authenticated by the user authentication IC chip 4435 stored in the IC chip 4435 (or USIM) It is preferable to include the authentication information of the medium IC chip 4435.

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through the key input unit 4415 provided in the wireless terminal 120. [

When the server authentication information is matched with the server authentication information stored in the memory unit 4425 (or the IC chip 4435 or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The media authentication server (1) (100) preferably generates the server medium authentication information (1) including the server authentication information and the medium authentication server (1) (100) information.

For example, the media authentication server (1) (100) preferably concatenates the server authentication information and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

Alternatively, the media authentication server (1) 100 may have at least one of the server authentication information and the medium authentication server (1) 100 information hashed as a one-way hash function, and then XORed to generate a server medium verifier , The server medium verifier, the server authentication information, and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

(1) 100, at least one additional information item to be included in the server medium authentication information (1) and at least one additional information item to be included in the server medium authentication information (1) It is possible to deduce a technical feature of including the information in the server medium authentication information 1, and the present invention is characterized in that it includes all the inferable information items.

The server authentication information is authenticated by the user authentication IC chip 4435 stored in the IC chip 4435 (or USIM) included in the wireless terminal 120 according to another embodiment of the present invention. When the IC chip 4435 includes authentication information of the IC chip 4435, the media authentication server 1 100 transmits the server authentication information from the wireless terminal 120 to the server 4435 (or USIM) The server medium IC chip 4435 authentication information and the server medium IC chip 4435 authentication information in the server medium IC chip 4435 authentication information form for processing to be authenticated by providing the authentication IC chip 4435 as storage information, It is preferable to generate the server medium authentication information (1) including information.

For example, the medium authentication server (1) 100 preferably generates the server medium authentication information (1) by concatenating the server medium IC chip 4435 authentication information and the medium authentication server (1) 100 information Do.

Alternatively, the medium authentication server (1) 100 may have at least one of the authentication information of the server medium IC chip 4435 and the medium authentication server (1) 100 be hashed as a one-way hash function, and then subjected to XOR operation And generates the server medium authentication information (1) by concatenating at least one or more pieces of information of the server medium verifier, the server medium IC chip (4435) authentication information, and the medium authentication server (1) .

The server medium IC chip 4435 and the medium authentication server 1 100 may be provided with at least one or more than one of the server medium IC chip 4435 and the medium authentication server 1 100, The additional information item and the additional information may be included in the server medium authentication information (1). The present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 4415 provided in the wireless terminal 120, (1) 100 hashash the server authentication information through a one-way hash function, and transmits the hashed server authentication information, at least one random number value (e.g., a random number value generated by the server) (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium verifier, and the generated server medium verifier and the server It is preferable to generate the server medium authentication information 1 including authentication information, at least one or more random number information, and the medium authentication server 1 (100) information, and the medium authentication server 1 ( 100) It is possible to further cut the hash-based media server validation.

For example, the media authentication server (1) 100 may include the server medium verifier (or the hashed server medium verifier), the server authentication information, at least one random number information, and the medium authentication server (1) And generate the server medium authentication information (1) by concatenation.

The server authentication information (1) may include at least one of the server authentication information, at least one random number information, and the media authentication server (1) (100) information in addition to the server authentication information It is possible to deduce a technical feature that the additional information item (e.g., a prime number) and the additional information are included in the server medium authentication information (1), and the present invention includes all the inferable information items do.

In addition, those skilled in the art will be able to deduce various methods of generating the server medium authentication information (1) based on the server authentication information, in addition to the above-described embodiments, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

When the server medium authentication information (1) is generated through any one of the above-described methods, the medium authentication server (1) (100) transmits the server medium authentication information (1) 120 with at least one encryption key for secure transmission.

When the server medium authentication information (1) is generated as described above, the medium authentication server (1) (100) transmits the server medium authentication information (1) to the wireless terminal (120) , The server authentication unit (1) receives server medium authentication information (1) from the medium authentication server (1) (100), and when the server medium authentication information (1) Decrypt the server medium authentication information (1) through the at least one decryption key.

Wherein the server authentication unit (1) reads the server medium authentication information (1) and authenticates the server medium when the server medium authentication information (1) is received, wherein the server medium authentication information (1) It is preferable that the encrypted server medium authentication information (1) is decrypted through at least one decryption key.

When the server authentication information is matched with the server authentication information stored in the memory unit 4425 (or the IC chip 4435 or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The server authenticating section 1 receives the media authentication server 1 information 100 stored in the memory section 4425 or the media authentication server 100 authenticated through the communication session information for receiving the server medium authentication information 1 (1) (100) information with the medium authentication server (1) 100 information included in the server medium authentication information (1) to authenticate the validity of the medium authentication server (1) The server authentication information stored in the memory unit 4425 (or the IC chip 4435 or USIM) is compared with the server authentication information included in the server medium authentication information 1 to authenticate the validity of the server medium .

If at least one of the server authentication information and the media authentication server (1) 100 information is hashed in the server medium authentication information (1) by a one-way hash function and XOR operation is performed, The server authenticating section 1 authenticates the server authentication information provided in the memory section 4425 (or the IC chip 4435 or USIM) and the information of the medium authentication server 1 (100) The server medium verifier and the server medium authenticator, and verifies the validity of the server medium verifier by comparing the server medium verifier and the server medium authenticator It is preferable to further comprise

The server authentication information is authenticated by the user authentication IC chip 4435 stored in the IC chip 4435 (or USIM) included in the wireless terminal 120 according to another embodiment of the present invention. The server authentication unit 1 receives the information (or the server medium authentication information 1) of the medium authentication server 1 (100) stored in the memory unit 4425 (1) 100) information included in the server medium authentication information (1) by comparing the information of the medium authentication server (1) (100) 1) 100 and transmits the server medium IC chip 4435 authentication information included in the server medium authentication information 1 to the server authentication IC 403 provided in the IC chip 4435 (or USIM) Chip 4435 storage information to authenticate the server medium IC chip 4435 authentication information, and the server medium IC chip 44 35) Upon returning the authentication result information, the authentication result information of the server medium IC chip 4435 is read and the validity of the server medium is authenticated.

If one or more pieces of information of the server medium IC chip 4435 authentication information and the medium authentication server 1 (100) information are hashed by the one-way hash function in the server medium authentication information (1) The server authentication unit 1 may authenticate the server medium IC chip 4435 included in the storage medium and at least one of the medium authentication server 1 100 information confirmed through the communication session, Further comprising the step of hashing the above information in the same manner as the server media verifier and then performing an XOR operation to generate a server media authenticator and comparing the server media verifier and the server medium authenticator to authenticate the validity of the server medium .

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 4415 provided in the wireless terminal 120, The control unit 1 receives the information about the media authentication server 1 (100) stored in the memory unit 4425 (or the media authentication server 1 (which is confirmed through the communication session information for receiving the server medium authentication information (1) 100) information with the medium authentication server (1) 100 information included in the server medium authentication information (1) to authenticate the validity of the medium authentication server (1) (100) (Hash) function of the server authentication information stored in a storage medium provided in (or linked to) the server 1 (100), and transmits the hashed server authentication information, at least one random number value A random number value included in the authentication information (1)), (1) (100) information (or the medium authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium authenticator and include the server medium authentication information (1) And verifying the validity of the server medium by comparing the generated server medium authenticator with the generated server medium authenticator.

Those skilled in the art will be able to deduce various methods of authenticating the server medium authentication information 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

When the server medium authentication information 1 is authenticated through one of the above methods, the server authentication unit 1 associates the server medium 1 authentication result information with the radio processing unit 4440, To the medium authentication server (1) (100).

When the server medium 1 authentication result information is received, the media authentication server (1) 100 generates (or extracts) a terminal medium authentication code corresponding to the authentication result of the server medium (1) The authentication processing unit 2 receives the terminal medium authentication code from the media authentication server 1 (100).

According to an embodiment of the present invention, when the medium authentication server (1) 100 authenticates the terminal medium authentication information, the medium authentication server (1) 100 transmits an authentication code ( (or extracting) authentication code (n) generation information for generating the authentication code (n) to be transmitted to the wireless terminal 120, and the receiving unit 1 correspondingly transmits (N) generation information via the authentication code (n).

If the program code n for generating the authentication code (n) is not provided to the wireless terminal 120 through the authentication code (n) generation information, the medium authentication server (100) (N) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in response to the terminal medium authentication, The receiving unit 1 further receives the program code n for generating the authentication code n through the wireless processing unit 4440 through the authentication code n generating information.

According to another embodiment of the present invention, when the media authentication server (1) (100) authenticates the terminal medium authentication information, the media authentication server (1) (100) (Or extracts) the authentication code n to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code n to the wireless terminal 120. In response to the authentication code n, (N) is received via the authentication code (n).

Then, the authentication processing unit 2 transmits the received terminal medium authentication code to the medium authentication server (2) 105 through a communication network.

According to an embodiment of the present invention, the authentication processing unit 2 generates terminal medium authentication information through the user authentication information and transmits the same (or the same) method as that transmitted to the media authentication server (1) 100 (For example, concatenating the terminal medium authentication code with the unique information of the wireless terminal 120 or generating a terminal medium verifier including the terminal medium authentication code and the unique information of the wireless terminal 120) It is preferable to transmit the terminal authentication code to the media authentication server (2) 105. If the terminal medium authentication information is generated by the terminal authentication method, The detailed description thereof will be omitted for the sake of simplicity.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code (Or extracts) the authentication code Nn generation information for generating the authentication code Nn and transmits the generated authentication code Nn to the wireless terminal 120. The receiving unit 2 receives the authentication code Nn from the wireless processing unit 4440 And receives the authentication code (Nn) generation information through the network.

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the medium authentication server 2 (105) (Nn) for generating the authentication code (Nn) through the authentication code (Nn) generation information to the wireless terminal (120) in response to the terminal medium authentication, The receiving unit 2 further receives the program code Nn for generating the authentication code Nn through the wireless communication unit 4440 through the authentication code Nn generation information.

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code Nn to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code Nn to the wireless terminal 120. In response to the authentication code Nn, The authentication code Nn is received via the authentication code Nn.

Referring to FIG. 44, the wireless terminal 120 generates an authentication code (n) through the authentication code (n) generation information received through the receiving unit 1, And an authentication code generation unit for generating an authentication code (Nn) through the authentication code (Nn) generation information.

If the program code (n) for generating the authentication code (n) is provided in the authentication code generation unit, the authentication code generation unit uses the authentication code (n) generation information received via the reception unit (N) is generated by combining the authentication code (n) and the authentication code (Nn) by the output processing unit to generate an authentication code (n) (N) may be generated at any time before generation of the authentication code (n), and the present invention is not limited by the generation timing of the authentication code (n).

On the other hand, when the authentication code generating unit is provided with the program code (n) for generating the authentication code (n), the authentication code generating unit generates the authentication code (n) It is preferable to generate an authentication code (n) of n digits using the authentication code (n) generation information received via the network 1.

According to another embodiment of the present invention, when the authentication code (n) is directly received through the receiving unit 1, the authentication code generating unit may omit generating the authentication code (n) Is not limited.

If the program code Nn for generating the authentication code Nn is provided in the authentication code generation unit, an authentication code Nn for generating the authentication code Nn is generated through the reception unit 2 Information is received, the authentication code generation unit generates an authentication code (Nn) of (Nn) digits using the received authentication code (Nn) generation information.

On the other hand, when the program code Nn for generating the authentication code Nn is not provided in the authentication code generation unit, an authentication code Nn for generating the authentication code Nn through the reception unit 2 is generated. When the generation information is received, the authentication code generation unit generates an authentication code (Nn) of (Nn) digits using the received authentication code (Nn) generation information through the program code (Nn) received through the receiver (2) .

According to another embodiment of the present invention, when the authentication code Nn is directly received through the receiver 2, the authentication code generator may be omitted from generating the authentication code Nn, Is not limited.

The authentication code generating unit may be configured to generate the authentication code (n) using the authentication code (n) generation information, , And the authentication code (Nn) of (Nn) digits is generated by using the authentication code (Nn) generation information. Therefore, detailed description thereof will be omitted for the sake of convenience.

44, the wireless terminal 120 includes a code combining unit for generating an authentication code (N) by combining the authentication code (n) and the authentication code (Nn), and a code combining unit for combining the screen output unit 4405 And an output processing unit for outputting the generated authentication code (N) in association with each other.

(N) and an authentication code (Nn) are generated by the authentication code generation unit, the code combination unit combines the authentication code (n) and the authentication code (Nn) .

According to an embodiment of the present invention, it is preferable that the code combining unit generates the N-digit authentication code (N) by concatenating the authentication code (n) and the authentication code (Nn).

For example, if the authentication code (n) is "123" and the authentication code (Nn) is "456", the code combination unit concatenates the authentication code (n) It is preferable to generate "123456 &quot;.

According to another embodiment of the present invention, the code combining unit may generate an N-digit authentication code N by ORing the authentication code n and the authentication code Nn, If the position of the authentication code Nn is designated, the code combining unit inserts the corresponding code into the position of the authentication code n and the authentication code Nn to generate an authentication code N of N digits desirable.

For example, if the authentication code (n) is "103050" and the authentication code (Nn) is "020406", the code combining unit ORs the authentication code (n) ) "123456 &quot;.

Alternatively, if the authentication code (n) is "1 to 3? 5?" And the authentication code (Nn) is "? 2 to 4? 6", the code combining unit generates the authentication code Nn) to generate the authentication code (N) "123456 &quot;.

According to still another embodiment of the present invention, the code combining unit substitutes the authentication code (n) and the authentication code (Nn) into at least one code generation function (e.g., a hash function) N), and the present invention is not limited by the above code generation function type and algorithm.

When the N number of authentication codes N are generated by combining the authentication code n and the authentication code Nn, the output processor 4405 associates the screen output unit 4405 with the N-digit authentication code (N) to a predetermined area on the screen of the wireless terminal (120).

According to an embodiment of the present invention, the output processing unit outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in association with the screen output unit 4405, It is preferable to output the N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit outputs (or allocates) the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in cooperation with the screen output unit 4405 , And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 45 is a diagram showing a configuration of a hybrid type disposable authentication code implementation system through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 45 illustrates a wireless terminal 120 functional configuration in which the hybrid type disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 44, (N > = 2) digits of the disposable authentication code to be implemented in the authentication system of the present invention, and those skilled in the art will refer to FIG. 45 The present invention may be embodied in many different forms of implementation of the system for implementing the mixed disposable authentication code through the media authentication, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 45, the hybrid type disposable authentication code implementation system through the medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 44, a wireless terminal 120 connected to the wireless terminal 120, (N) for performing a first terminal media authentication for the wireless terminal 120 and generating an n-digit authentication code (n) to the wireless terminal 120 in response to the first media authentication result, (1) 100 for providing the generation information or generating an authentication code (n) of n digits to the wireless terminal 120 and a second terminal medium (Nn) generation information for generating a (Nn) digit authentication code (Nn) to the wireless terminal (120) in response to the second medium authentication result, or (Nn) And generates and transmits the authentication code Nn of the number of digits to the wireless terminal 120 Including a body authentication server 2 (105) is characterized in that formed.

In order to implement the hybrid type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 receives authentication code (n) generation information for generating an authentication code (n) of n digits from the medium authentication server (1) 100 as a result of the first medium authentication , And a function of generating an authentication code (n) of n digits through the received authentication code (n) generation information.

Alternatively, the wireless terminal 120 receives n-digit authentication code (n) from the media authentication server (1) 100 as a result of the first medium authentication.

Also, the wireless terminal 120 receives the terminal medium authentication code from the medium authentication server (1) 100 as a result of the first medium authentication, and transmits the received terminal medium authentication code to the medium authentication server 2 (105). &Lt; / RTI &gt;

In addition, the wireless terminal 120 may generate authentication code (Nn) generation information for generating an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 as a result of the second medium authentication And a function of generating an authentication code (Nn) of (Nn) digits through the received authentication code (Nn) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 in response to the server medium authentication associated with the second medium authentication do.

When the authentication code N of the n digits is generated and the authentication code Nn of the number Nn is generated, the wireless terminal 120 combines the authentication code n and the authentication code Nn into N (N), and outputs the generated authentication code (n) to the screen of the wireless terminal (120).

In FIG. 45, the wireless terminal 120 has a technical feature of generating an authentication code (Nn) of n-digit number of authentication codes (n) and (Nn) The technical features of generating an N-digit authentication code (n) in combination will be described with reference to FIG. 44, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) 4550 for further storing the terminal medium authentication rule information through information. The storage medium (1) 4550 includes a server medium 1 Further storing the server authentication information (1) for generating the authentication information, or further associating and storing the authentication code generation rule information for generating the terminal medium authentication code.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, (1) 4550 may be omitted if the terminal authentication rule is implemented in the form of a program code in the media authentication server (1) 100, , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code format, it is optional to store the authentication code generation rule information in the storage medium (1) 4550, and thus the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (n) is not provided to the wireless terminal 120, the media authentication server (1) (1) 4555 for classifying and storing the program code (n) for generating the authentication code (n) according to the platform of the wireless terminal 120 according to the program code D / B (program analyzer, operating system, And interlocked).

Those skilled in the art will recognize the technical features of the program code n for generating the authentication code n according to a plurality of wireless terminal 120 platforms, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 4585 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code And the storage medium 2 4585 generates authentication code Nn generation information for generating an authentication code Nn at the wireless terminal 120 when the terminal medium is authenticated, The authentication code generation rule information for generating the authentication code Nn to be transmitted to the terminal 120 is further stored in association with each other.

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) When the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 4585, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 or a rule for generating the authentication code (Nn) to be transmitted to the wireless terminal 120 It is preferable that at least one rule for creating the authentication code generation rule is defined in the form of a program code in the media authentication server 2 105. The storage medium 2 4585 The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

When the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information according to another embodiment of the present invention, the storage medium 2 4585 may store user authentication information (not shown), a wireless terminal 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code Nn is not provided to the wireless terminal 120, the media authentication server 2 (105) A program code D / B (2) 4590 for classifying and storing program codes Nn for generating the authentication codes Nn according to platforms of the wireless terminals 120 according to a program analyzer, an operating system, And interlocked).

Those skilled in the art will appreciate the technical features of the program code Nn for generating the authentication code Nn according to a plurality of wireless terminal platforms 120, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 includes an interface unit 4500 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 4500 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system) And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 45, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An authentication information receiving unit 4505 receiving the terminal medium authentication information in cooperation with the interface unit, a terminal 4502 for reading the received terminal medium authentication information and authenticating the terminal medium corresponding to the wireless terminal 120, An authentication information generation unit 4515 for generating authentication information of a server medium 1 to be transmitted to the wireless terminal 120 upon authentication of the terminal medium; An authentication information transmission unit 4520 for transmitting the authentication information of the server medium 1 to the wireless terminal 120 and a server medium authentication result information for the server medium 1 authentication information from the wireless terminal 120 An information receiving unit 4525 for receiving, An authentication code generation unit 4530 that generates a terminal medium authentication code when receiving the server medium authentication result information, and an authentication code generation unit 4530 that transmits the generated terminal medium authentication code to the wireless terminal 120 in cooperation with the interface unit 4500 And an authentication code transmitting unit 4535 for transmitting the authentication code.

When the wireless terminal 120 generates the terminal medium authentication information for the terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 4505 transmits the terminal medium authentication information to the wireless terminal 120, It is preferable that the authentication information receiving unit 4505 decrypts the encrypted terminal medium authentication information through the decryption key when the terminal medium authentication information is encrypted.

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authenticator 1 4510 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, 120 authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (1) 4550 in which the user authentication information stored in association with the unique information of the wireless terminal 120 is compared with the user authentication information included in the terminal media authentication information, And validates the validity.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1 ) 4510 transmits at least one of the user authentication information provided in the storage medium (1) 4550 and the unique information of the mobile terminal 120 confirmed through the communication session to the same method as the terminal media verifier And XORing the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 4510 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium 1 (4550) User authentication IC chip storage , Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or, if the terminal medium IC chip authentication information is stored in the storage medium (1) 4550, the terminal medium IC chip authentication information And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit 1 4510 receives at least one of the terminal medium IC chip authentication information provided in the storage medium 1 4550 and the unique information of the wireless terminal 120 identified through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal medium authentication information includes a terminal medium verifier, the terminal medium authentication unit (1) 4510 transmits the terminal medium authentication information according to the terminal medium authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 4550 that is authenticated with the terminal 120 authenticated by the user and authenticated to the terminal medium authentication unit 1 (4510) and stored in association with the unique information of the wireless terminal 120 And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is authenticated through any one of the above methods, the authentication information generating unit 4515 generates the authentication information based on the server authentication information (1) stored in the storage medium (1) (Or extracts) server medium (1) authentication information for authenticating a medium corresponding to the medium authentication server (1) (100) at the terminal (120).

According to an embodiment of the present invention, the server authentication information 1 is preferably matched with server authentication information 1 stored in a memory unit (or IC chip or USIM) provided in the wireless terminal 120 And the server authentication information 1 may be stored in a server certificate included in the memory unit (or an IC chip or a USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information (1) is a server medium IC chip (1) authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal And authentication information.

According to another embodiment of the present invention, the server authentication information 1 may be matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120.

When the server authentication information 1 matches with the server authentication information 1 stored in the memory unit (or IC chip or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The authentication information generation unit 4515 generates the server medium 1 authentication information including the server authentication information 1 and the medium authentication server 1 information.

For example, the authentication information generation unit 4515 preferably generates the server medium (1) authentication information by concatenating the server authentication information (1) and the medium authentication server (1) (100) information.

Alternatively, the authentication information generating unit 4515 may have at least one of the server authentication information (1) and the media authentication server (1) (100) information hashed as a one-way hash function and then XORed to generate a server media verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server authentication information (1), and the medium authentication server (1) (100) information.

(1) authentication information to be included in the server medium (1) authentication information in addition to the server authentication information (1) and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention. And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, the server authentication information (1) is authenticated by the user authentication IC chip storage information provided in the IC chip (or USIM) provided in the wireless terminal 120, The authentication information generator 4515 provides the server authentication information (1) from the wireless terminal 120 as the server authentication IC chip storage information included in the IC chip (or USIM) (1) authentication information including the server medium IC chip authentication information and the medium authentication server (1) (100) information is generated in the form of server medium IC chip authentication information for processing to authenticate the server medium Do.

For example, the authentication information generation unit 4515 preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the medium authentication server (1) 100 information.

Alternatively, the authentication information generation unit 4515 may have at least one of the server medium IC chip authentication information and the medium authentication server (1) 100 information is hashed as a one-way hash function, and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server medium IC chip authentication information, and the medium authentication server (1) 100 information.

The server medium IC chip authentication information and at least one or more additional information items to be included in the server medium 1 authentication information other than the medium authentication server (1) 100 information, if the person skilled in the art is familiar with the present invention And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, when the server authentication information 1 is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, Unit 4515 hash the server authentication information 1 through the one-way hash function and transmits the hashed server authentication information 1, at least one random number value (e.g., a random number value generated by the server) Generates a server media verifier by performing at least one XOR operation on the media authentication server (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) (1) authentication information including the server authentication information (1), at least one or more random number information, and the medium authentication server (1) (100) information, according to the intention of a person skilled in the art, The authentication information generating unit 451 5) is capable of further hashing the server media verifier.

For example, the authentication information generation unit 4515 generates the authentication information by using the server medium verifier (or hashed server medium verifier), the server authentication information 1, at least one random number information, the medium authentication server 1 To generate the authentication information of the server medium (1).

(1) authentication information other than the server authentication information (1), at least one random number information, and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention It is possible to deduce at least one additional information item (for example, a prime number) and the additional information in the authentication information of the server medium 1, and the present invention can be applied to a case in which all the additional information items .

In addition, those skilled in the art will be able to deduce various methods of generating the server medium (1) authentication information based on the server authentication information (1), in addition to the above- And the present invention is characterized in that it includes all of the above-mentioned embodiments to be inferred.

When the server medium 1 authentication information is generated as described above, the authentication information transmitting unit 4520 transmits the authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit Corresponding to the server medium (1), the wireless terminal (120) authenticates the server medium (1) authentication information and then authenticates the server medium (1) And transmits the result information.

The information receiving unit 4525 receives server medium authentication result information for the server medium 1 authentication information from the wireless terminal 120 when the wireless terminal 120 authenticates the server medium, Upon receiving the server medium authentication result information, the authentication code generation unit 4530 generates (or extracts) the terminal medium authentication code through the authentication code generation rule information.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 4530, the authentication code transmission unit 4535 transmits the generated terminal medium authentication code in association with the interface unit 4500 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

Referring to FIG. 45, the media authentication server (1) 100 generates an authentication code (n) at the wireless terminal 120 at the time of first authentication by the terminal medium authentication unit (1) 4510 (1) 4545 for generating the authentication code (n) generation information for generating the authentication code (n) to be transmitted to the wireless terminal 120 or generating the authentication code (n) to be transmitted to the wireless terminal 120, And a transmitting unit (1) for transmitting the generated authentication code (n) generation information (or authentication code (n)) to the wireless terminal (120).

(1) 4545 generates the authentication code (n) at the wireless terminal 120 through the authentication code generation rule information at the time of the first authentication by the terminal medium authentication unit (1) 4510, (Or extracting) authentication code (n) generation information for performing authentication.

According to another embodiment of the present invention, the information generation unit 1 4545 generates (or extracts) the authentication code (n) generation information through the authentication code generation rule information, And generates the authentication code (n) to be transmitted to the wireless terminal (120) through the generated information.

When the authentication code (n) generation information is generated (or extracted) through the information generation unit 1 4545 according to an embodiment of the present invention, the transmission unit 1 transmits the authentication code And transmits the generated authentication code (n) generation information to the wireless terminal 120 in cooperation with the wireless terminal 120. In response to the authentication code (n) generation information, n).

When the authentication code n is generated (or extracted) through the information generation unit 1 4545 in accordance with another embodiment of the present invention, the transmission unit 1 is connected to the interface unit 4500 And transmits the generated authentication code (n) to the wireless terminal (120).

If the program code n for generating the authentication code n is not provided to the wireless terminal 120 through the authentication code n generation information, the transmission unit 1 transmits the program code D / (N) for generating the authentication code (n) through the authentication code (n) generation information in conjunction with the B (1) 4555 to the wireless terminal 120. [

According to the present invention, the media authentication server (2) 105 includes an interface unit 4560 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 4560 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system) And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the medium authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system), the interface unit 4560 A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 45, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 transmits the terminal authentication code to the terminal A terminal medium authentication unit (2) 4570 for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal 120, an authentication code receiving unit 4565 for receiving the medium authentication code, (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) or generating the authentication code (Nn) to be transmitted to the wireless terminal (120) (Or the authentication code Nn) to the wireless terminal 120 in cooperation with the interface unit 4560. The information generating unit 2 4545 generates the authentication code Nn, And a transfer unit (2) 4580 for transferring the image data.

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication code through the communication channel, the authentication code receiving unit 4565 transmits the terminal medium authentication code to the interface unit 4560 When the terminal medium authentication code is encrypted, the authentication code receiving unit 4565 decrypts the encrypted terminal medium authentication code through the decryption key. .

Then, the terminal medium authentication unit (2) 4570 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generation unit 2 (4575) generates an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 through the authentication code generation rule information (Or extracts) the image data.

According to another embodiment of the present invention, the information generation unit 2 (4575) generates (or extracts) the authentication code (Nn) generation information through the authentication code generation rule information, And generates the authentication code (Nn) to be transmitted to the wireless terminal (120) through the generated information.

When the authentication code (Nn) generation information is generated (or extracted) through the information generation unit 2 (4575) according to an embodiment of the present invention, the transmission unit (2) And transmits the generated authentication code (Nn) generation information to the wireless terminal 120 in association with the authentication code (Nn) generation information in response to the authentication code And generates an authentication code (Nn).

When the authentication code Nn is generated (or extracted) through the information generation unit 2 (4575) according to another embodiment of the present invention, the transmission unit (2) 4580 transmits the authentication code And transmits the generated authentication code Nn to the wireless terminal 120 in association with the authentication code Nn.

If the wireless terminal 120 does not include the program code Nn for generating the authentication code Nn through the authentication code Nn generation information, the transmission unit 2 (4580) It is preferable to further transmit the program code Nn to the wireless terminal 120 for generating the authentication code Nn through the authentication code Nn generation information in conjunction with the code D / B (2) 4590 Do.

FIGS. 46A and 46B are diagrams showing a medium authentication process for implementing a hybrid type disposable authentication code according to another embodiment of the present invention.

In more detail, Figures 46a and 46b illustrate that when the wireless terminal 120 functional configuration in which the hybrid disposable authentication code is implemented comprises the wireless terminal 120 functional configuration shown in Figure 44, (1) 100 on the mixed type disposable authentication code implementation system shown in FIG. 45, and performing a second medium authentication with the medium authentication server (2) 105 Those skilled in the art will appreciate that the various embodiments of the medium authentication process for implementing the hybrid disposable authentication code may be referred to and / or modified by reference to FIGS. 46a and 46b. However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited to those of the embodiments shown in FIGS. 46A and 46B.

For example, in the method shown in FIG. 46, the media authentication server (1) 100 simultaneously generates the first authentication terminal medium authentication code and the authentication code (n) generation information to the wireless terminal 120 However, the present invention is not limited thereto, and the terminal medium authentication code and the authentication code (n) generation information may be separately transmitted to the wireless terminal 120 according to those skilled in the art, It is possible to omit the transmission of the medium authentication code to the wireless terminal 120, and the present invention is characterized in that it includes all the methods that can be inferred as described above.

Hereinafter, in FIG. 46A and FIG. 46B, the medium authentication server (1) 100 on the mixed type disposable authentication code implementation system shown in FIG. 45 is referred to as "server 1" for convenience and the medium authentication server 2 Quot; server 2 "for the sake of convenience.

Referring to FIGS. 46A and 46B, the wireless terminal 120 checks whether a menu (or a key button) for implementing a mixed type disposable authentication code through medium authentication is input (4600), and if the mixed disposable authentication code When a menu (or a key button) to be implemented is input (4605), the wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, Is input (4610).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is confirmed in step 4615 that the user authentication information has been input, the wireless terminal 120 authenticates the terminal medium corresponding to the wireless terminal 120 in the server 1 using the user authentication information Terminal medium authentication information is generated (4620).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

If the user has a general knowledge in the technical field of the present invention, at least one additional information item to be included in the terminal medium authentication information and the additional information, in addition to the user authentication information and the unique information of the wireless terminal 120, The technical characteristics to be included in the authentication information can be inferred, and the present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated (4625), the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 via the communication channel (4630).

Then, the server 1 reads the terminal medium authentication information in association with the storage medium 1 (4550) and authenticates the terminal medium (4635).

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server on the communication network to authenticate the terminal medium for the wireless terminal 120, The server checks the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 and the wireless terminal 120 included in the terminal medium authentication information, Authenticates the validity of the wireless terminal 120 by comparing the unique information and transmits the user authentication information stored in the storage medium 1 4550 stored in the server in association with the unique information of the wireless terminal 120 And authenticates the validity of the terminal medium by comparing the information with user authentication information included in the terminal medium authentication information.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and then the result of the XOR operation is included in the terminal media authentication information, (1) 4550 and the unique information of the wireless terminal 120 identified through the communication session in the same manner as the terminal medium verifier, and performs XOR operation on the at least one or more information, Generating a media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and if the authentication information includes the at least one personal identification number (PIN) Authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information and stores the stored (or linked) The user authentication IC chip storage information provided in the IC chip (or USIM), or the user authentication IC chip storage information provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120, (Or the terminal medium IC chip authentication information is stored in the storage medium (1) 4550 through the same logic as the terminal authentication IC chip storage information ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR operation is performed on the terminal medium authentication information, (1) 4550, and unique information of the wireless terminal 120 identified through the communication session, in the same manner as the terminal medium verifier, And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to a server on the communication network, The server verifies the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and transmits the unique information of the wireless terminal 120, which is included in the terminal medium authentication information, The wireless terminal 120 is authenticated to the wireless terminal 120 by comparing the unique information of the wireless terminal 120 and the unique information of the wireless terminal 120 is stored in the storage medium 1 (4550) The user authentication information stored in association with the user authentication information is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value (e.g., Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated (4640), the server 1 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (4645) The wireless terminal 120 ends the hybrid type disposable authentication code implementation process through the media authentication.

If the terminal medium authentication information is authenticated (4640), the server 1 transmits the server medium from the wireless terminal 120 based on the server authentication information (1) stored in the storage medium 1 (4550) The server medium 1 authentication information for authentication is generated (4650).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, The server authentication information is preferably stored in a server certificate included in the memory unit (or IC chip or USIM).

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 .

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through a key input unit provided in the wireless terminal 120. [

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) authentication information including information on the server (1) and the server (1).

For example, the server preferably generates the server medium (1) authentication information by concatenating the server authentication information and the server (1) information.

Alternatively, the server may generate a server media verifier by hashing at least one of the server authentication information and the server (1) information into a one-way hash function and performing an XOR operation on the server verifier, (1) authentication information by concatenating at least one piece of information of the server medium (1).

(1) authentication information and at least one additional information item to be included in the authentication information of the server medium (1) and the additional information in addition to the server authentication information and the server (1) information, (1) It is possible to deduce a technical feature to be included in the authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The server transmits the server authentication information to the server authentication IC chip storage information provided in the IC chip (or USIM) at the wireless terminal 120 to form a server medium IC chip authentication information , And generates the server medium (1) authentication information including the server medium IC chip authentication information and the server (1) information.

For example, the server preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the server (1) information.

Alternatively, the server hashes the server medium IC chip authentication information and the server 1 information with a one-way hash function, and then performs an XOR operation to generate a server medium verifier. The server medium verifier, the server medium IC It is preferable that at least one chip authentication information and server 1 information are concatenated to generate authentication information of the server medium 1.

The server medium 1 may include at least one additional information item to be included in the authentication information of the server medium 1 and the additional information in addition to the server medium IC chip authentication information and the server 1 information, It is possible to deduce a technical characteristic included in the authentication information of the server medium 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, (For example, a random number value generated by the server), the server 1 information (or the server 1 information (or the server 1 hashed by the one-way hash function) (1) information), and generates a server medium verifier, the server medium verifier including at least one server authentication information, at least one random number information, and server information (1) 1) it is desirable to generate authentication information, and it is possible for the server to further hash the server media verifier according to the intent of the person skilled in the art.

For example, the server generates server medium (1) authentication information by concatenating the server medium verifier (or hashed server medium verifier) with the server authentication information, at least one or more random number information, and server .

(1) authentication information other than the server authentication information, the at least one random number information, and the server (1) information, the at least one additional information item (for example, , A prime number) and the additional information are included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

In addition, those skilled in the art will be able to deduce various methods of generating the authentication information of the server medium 1 based on the server authentication information in addition to the above-described embodiment, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

If the server medium 1 authentication information is generated 4655, the server 1 transmits the server medium 1 authentication information to the wireless terminal 120 through a communication channel 4660, The wireless terminal 120 authenticates the server medium through the server medium 1 authentication information (4665).

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information and compares the server authentication information stored in the memory unit (or IC chip or USIM) with the server authentication information included in the server medium (1) authentication information, And verifies the validity of the server medium.

If the server medium verifier is included in the authentication information of the server medium 1, the wireless terminal 120 may have a hash function of at least one of the server authentication information and the server 1 information, Hashes at least one of the server authentication information provided in the memory unit (or the IC chip or the USIM) and the server 1 information confirmed through the communication session in the same manner as the server medium verifier Generating a server medium authenticator by performing an XOR operation on the server medium authenticator, and comparing the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The wireless terminal 120 transmits the server 1 information stored in the memory unit (or the server 1 information confirmed through the communication session information for receiving the server medium 1 authentication information) (1) information included in the authentication information of the medium (1) to authenticate the validity of the server (1), and transmits the server medium IC chip authentication information included in the server medium (Or USIM) to authenticate the server medium IC chip authentication information, and when the server medium IC chip authentication result information is returned, the server medium IC chip authentication result information is read To the server medium It characterized in that to authenticate the validity.

If one or more pieces of information of the server medium IC chip authentication information and the server (1) information are hashed as a one-way hash function and XOR is performed in the server medium (1) authentication information to include a server medium verifier, (120) transmits at least one or more pieces of server medium IC chip authentication information provided in the storage medium (1) (4550) and server (1) information confirmed through the communication session to the server medium verifier To generate a server medium authenticator, and to compare the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, the wireless terminal 120 (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information to authenticate the validity of the server 1, and transmits the server authentication information stored in the storage medium 1 (4550) included in (or linked to) the server 1 via a one-way hash function Hashed by the hashed server authentication information, at least one random number value (e.g., a random number value included in the server medium (1) authentication information), the server 1 information At least one XOR server (1) And generating a server authentication medium, and by the server, the media (1) comparing an a media server verifier and the generated server authentication media comprises authentication information and wherein the authentication of the validity of the media server.

Those skilled in the art will be able to deduce various methods of authenticating the authentication information of the server medium 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

If the server medium is not authenticated through the authentication information of the server medium 1 (4670), the wireless terminal 120 generates server medium authentication error information and outputs it to the screen (4675) And ends the process of implementing the mixed one-time authentication code through

Meanwhile, if the server medium is authenticated through the authentication information of the server medium 1 (4670), the wireless terminal 120 transmits server medium authentication result information to the server 1 through the communication channel (4680) The server 1 generates the terminal medium authentication code and the authentication code (n) generation information in association with the storage medium 1 (4550), and transmits the generation result to the wireless terminal 120 through the communication channel (4685).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel 4690.

Thereafter, the server 2 reads the terminal medium authentication code in association with the storage medium 2 (4585), and performs a second authentication process on the terminal medium (4692).

If the terminal medium authentication code is not authenticated (4694), the server 2 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (4696) The wireless terminal 120 ends the hybrid type disposable authentication code implementation process through the media authentication.

In contrast, when the terminal medium authentication code is authenticated (4694), the server 2 generates an authentication code (Nn) for generating a hybrid type disposable authentication code through the process shown in FIG. 47, FIG. 48, Information or an authentication code (Nn) to the wireless terminal (120).

FIG. 47 is a diagram showing a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 47 is a block diagram illustrating a media authentication server (FIG. 44) on the mixed disposable authentication code implementation system shown in FIG. 45 in the wireless terminal 120 shown in FIG. 44 through the media authentication process shown in FIGS. 46a and 46b 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result Generates the authentication code (n) through the authentication code (n) generation information at the wireless terminal 120 and transmits the authentication code (n) to the wireless terminal 120 through the authentication code (N) and then combining the authentication code (n) and the authentication code (Nn) to implement the authentication code (N). If the person skilled in the art is familiar with the present invention , Referring to and / or modifying FIG. 47, Type would be able to infer a variety of exemplary methods for the one-time authentication code implementation, the present invention is made, including any exemplary way in which the inference, to which the the technical features are not limited to the exemplary method shown in the figure 47.

For example, in FIG. 47, the process of generating the authentication code (n) through the authentication code (n) generation information received from the media authentication server (1) The present invention is not limited thereto, and the process of generating the authentication code (n) may include generating the authentication code (n) (n) and the authentication code (Nn) are combined with each other.

Hereinafter, in FIG. 47, the medium authentication server (2) 105 on the mixed type disposable authentication code implementation system shown in FIG. 45 is referred to as a "server" for convenience.

Referring to FIG. 47, after media authentication is performed through the medium authentication process shown in FIGS. 46A and 46B, the server, in association with the storage medium 2 (4585) The terminal 120 generates (4700) authentication code (Nn) generation information for generating an authentication code (Nn), and transmits the authentication code (Nn) generation information to the wireless terminal 120 through the communication channel The wireless terminal 120 receives the authentication code (Nn) generation information through the communication channel in response to the authentication code (4705), and the wireless terminal (120) (n), and generates the authentication code (Nn) through the received authentication code (Nn) generation information (4715).

If the authentication code n and the authentication code Nn are generated 4720, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 via the wireless terminal 120 in step 4725 and the generated authentication code N is output on the screen of the wireless terminal 120 in step 4730. Thereafter, And is used in a disposable authentication process through at least one disposable authentication code input medium.

FIG. 48 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 48 shows a flowchart of a media authentication process performed by the media authentication server (FIG. 44) on the mixed disposable authentication code implementation system shown in FIG. 45 in the wireless terminal 120 shown in FIG. 44 through the media authentication process shown in FIGS. 46a and 46b 1) 100 and the medium authentication server (2) 105, the media authentication server (2) 105 directly generates the authentication code (Nn) as the medium authentication result, (N) from the authentication code (n) generation information at the wireless terminal 120 and transmits the generated authentication code (n) and the received authentication code (n) to the wireless terminal 120 Nn) to implement the authentication code (N). Those skilled in the art will appreciate that, referring to and / or modified with respect to FIG. 48, the hybrid disposable Various implementation methods for the authentication code implementation process It should be understood that the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 48, the process of generating the authentication code (n) through the authentication code (n) generation information received from the media authentication server (1) The process of generating the authentication code n may be performed after the authentication code nn is received from the authentication code nn. However, the present invention is not limited thereto, ) And the authentication code (Nn) are combined with each other.

Hereinafter, in FIG. 48, the medium authentication server (2) 105 on the mixed disposable authentication code implementation system shown in FIG. 45 is referred to as a "server" for convenience.

Referring to FIG. 48, after the media authentication is performed through the medium authentication process shown in FIGS. 46A and 46B, the server communicates with the storage medium 2 (4585) The terminal 120 generates the authentication code Nn generation information for generating the authentication code Nn 4800 and generates the authentication code Nn through the generated authentication code Nn 4805 ).

If the authentication code Nn is generated 4810, the server transmits the authentication code Nn to the wireless terminal 120 through the communication channel 4815 and correspondingly transmits the authentication code Nn to the wireless terminal 120 Receives the authentication code Nn through the communication channel in step 4820 and generates the authentication code n through the authentication code generation information received from the media authentication server 1 (4825).

If the authentication code n is generated 4830, the wireless terminal 120 generates an authentication code N by combining the authentication code n and the authentication code Nn (4835) (N) to the wireless terminal 120 on the screen of the wireless terminal 120 in step 4840. The authentication code N is then transmitted to the wireless terminal 120 through the one-time authentication process through the wireless terminal 120, And is used for a one-time authentication process through the medium.

FIG. 49 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 49 shows a flowchart of a media authentication process performed by the media authentication server (FIG. 44) on the hybrid disposable authentication code implementation system shown in FIG. 45 in the wireless terminal 120 shown in FIG. 44 through the media authentication process shown in FIGS. 46a and 46b 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result And transmits a program code Nn for generating an authentication code Nn through the generated authentication code Nn and the authentication code Nn to the wireless terminal 120, 120) generates an authentication code (n) through the authentication code (n) generation information and generates an authentication code (Nn) through the authentication code (Nn) generation information based on the received program code The authentication code N is obtained by combining the authentication code n and the authentication code Nn, A person skilled in the art will be able to refer to and / or modify the FIG. 49 to implement various methods of implementing the mixed disposable authentication code through the medium authentication However, the present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 49, the process of generating the authentication code (n) through the authentication code (n) generation information received from the medium authentication server (1) The present invention is not limited thereto, and the process of generating the authentication code (n) may include generating the authentication code (n) (n) and the authentication code (Nn) are combined with each other.

49 that the program code Nn is provided to the wireless terminal 120 by the medium authentication server 2 (105) for convenience sake, however, the present invention is not limited thereto, (N) is not provided in the wireless terminal 120, the media authentication server (2) 105 may further include the program code (n) in the wireless terminal 120 I will reveal.

Hereinafter, in FIG. 49, the medium authentication server (2) 105 on the mixed disposable authentication code implementation system shown in FIG. 45 is referred to as a "server" for convenience.

Referring to FIG. 49, after media authentication is performed through the media authentication process shown in FIGS. 46A and 46B, the server, in association with the storage medium 2 (4585) The terminal 120 generates (4900) authentication code (Nn) generation information for generating the authentication code Nn and transmits the program code Nn to be transmitted to the wireless terminal 120 in association with the program code D / And transmits the authentication code (Nn) generation information and the program code Nn through the communication channel (4905).

If the program code n is not provided to the wireless terminal 120 according to the embodiment of the present invention, the server confirms the program code n to be transmitted from the program code D / B to the wireless terminal 120 It is possible to further include the program code (n) through the communication channel, and thus the present invention is not limited thereto.

The wireless terminal 120 receives the authentication code Nn generation information and the program code Nn through the communication channel 4910 and transmits the authentication code Nn to the wireless terminal 120 using the authentication code and generates the authentication code Nn based on the authentication code Nn based on the program code Nn in step 4915. The authentication code Nn is generated based on the authentication code Nn.

If the authentication code n and the authentication code Nn are generated 4920, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn (N) to the wireless terminal 120 (step 4930), and then the authentication code N is transmitted to the wireless terminal 120 through the disposable authentication process through the wireless terminal 120, And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 50 is a diagram illustrating a functional configuration of a wireless terminal 120 implementing a hybrid type disposable authentication code via medium authentication according to another embodiment of the present invention.

In more detail, FIG. 50 is a diagram illustrating a configuration of a mobile communication terminal connected to a mobile communication network operating on a Code Division Multiple Access (WCDMA) / Wideband Code Division Multiple Access (CDMA) (1) 100 in the wireless terminal 120, and the media authentication server (1) 100 in the wireless terminal 120. The media authentication server (100) (1 < = n < N) digits from the medium authentication server (1) (100) after authenticating the server medium (1) Generates the partial one-time authentication code of n digits by receiving the generation information and transmits the partial one-time authentication code from the medium authentication server (2) 105 to the (Nn) digits after authentication of the terminal medium 2 via the medium authentication server (2) Generate partial one-time verification codes (1 < = n < N) digits of partial disposable authentication codes and (Nn) digits of the partial disposable authentication codes to generate an N number of mixed authentication codes, 1 shows an embodiment of implementing a disposable authentication code.

In the present invention, the mixed type disposable authentication code with N (N > = 2) digits is referred to as "mixed type disposable authentication code" or "authentication code (N)" for convenience, The disposable authentication code is referred to as a "first partial disposable authentication code" or "authentication code (n)" for convenience, and the partial disposable authentication code of the (Nn) (Nn) &quot;.

As a person skilled in the art to which the present invention pertains, another terminal device (for example, HSDPA (High-Speed Downlink Packet (HSDPA) A wireless terminal device connected to a wireless access network based on IEEE 802.16x, or a wireless terminal device connected to a wireless Internet based on IEEE 802.16x), and an implementation method for various functional configurations corresponding to each terminal device characteristic, It is to be understood that the invention is not limited to the particular embodiments set forth herein.

The wireless terminal 120 that provides CDMA / WCDMA based mobile communication services according to an embodiment of the present invention includes an outer body, a speaker and a microphone, a keypad, an LCD (Liquid Crystal Display), an antenna A battery 5020 and the like and internally includes a modem chip (for example, a modem chip) having a function of a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) A duplexer filter for separating a transmission signal from a single antenna, a power amplifier for amplifying a transmission signal, a high power amplifier (HPA), a high power amplifier An isolator that prevents reverse transmission of the transmitted signal, an RF / IF SAW filter to remove the desired out-of-band spurious signal, a frequency upstream circuit of the transmission path, A frequency downconverting circuit, a VCTCXO (Voltage Controlled Temperature Compensated X-tal Oscillator) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal of frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal And the internal components are gradually integrated into the modem chip. In addition to the core components for the mobile communication service, the modem chip may include various multimedia services or additional services Are being integrated together.

Referring to FIG. 50, the wireless terminal 120 implementing the hybrid type disposable authentication code through the medium authentication includes a control unit 5000 corresponding to the modem chip, a screen output unit corresponding to an LCD (Liquid Crystal Display) A sound processing unit 5010 corresponding to the microphone / speaker, a key input unit 5015 corresponding to the keypad, a radio processing unit 5040 corresponding to the antenna and various RF modules, A memory unit 5025 and a battery 5020 for supplying a predetermined power.

In addition, the wireless terminal 120 may further include a camera unit (not shown) for reading predetermined image information for providing various multimedia services or various supplementary services corresponding thereto, or may be provided with a predetermined short- It is preferable to further include a local communication unit (not shown) for connecting the channels.

The wireless terminal 120 may include an IC chip 5035 (for example, a financial IC (hereinafter, referred to as a &quot; financial IC &quot;) And an IC chip reader unit 5030 for reading / writing predetermined information (or data) to / from the IC chip 5035 .

The control unit 5000 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and is provided with a predetermined program routine for providing a function peculiar to the wireless terminal 120 from a predetermined memory element. A bus (BUS) for inputting / outputting program data, and a predetermined electronic circuit (or an integrated circuit) provided for the bus. The memory unit 5025 or the memory device (Or a chipset) loaded into the execution memory and processed through the processor to perform a specific function, or a generic term of program data (thus, A predetermined program routine to be recorded on the recording medium of the terminal 120 is conveniently stored in the control unit 5000 The program routine of the control unit 5000 basically includes an operating system routine (not shown) and at least one system management routine (e.g., a power management routine, a channel (forward / backward) (Not shown), and the control unit 5000 realizes various functional configurations to be implemented in the wireless terminal 120. The control unit 5000 may be implemented in various functional configurations.

According to the method of the present invention, after power is supplied to the wireless terminal 120, the operating system routine (not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the control unit 5000), the wireless terminal 120 can perform a predetermined boot procedure to load the system configuration detailed state, the pilot channel acquisition detailed state, the synchronization channel acquisition detailed state, and the timing conversion Quot; mobile station initialization state "including the detailed state.

(Not shown), at least one or more system management routines (not shown) and various system variables corresponding thereto are loaded into an execution memory provided in the control unit 5000, The mobile terminal 120 is set to the operation mode corresponding to the "mobile station call waiting state &quot;,the" system access state &quot;, or the " Call Processing) procedure.

According to the embodiment of the present invention, the function of implementing the hybrid type disposable authentication code through the medium authentication is such that the wireless terminal 120 is started (i.e., in the operation mode corresponding to the " Or realized).

The screen output unit 5005 is a function configuration unit for a screen for checking operation modes of the wireless terminal 120 and corresponding operation states of the wireless terminal 120. One or more And a driver for driving the screen output device. The control unit 5000 may output at least one key data input through the key input unit 5015 in association with the control unit 5000, A function processing screen and a function processing result screen corresponding to at least one function (or program) provided in the wireless terminal 120 or at least a function screen And outputs one or more contents (e.g., text contents, image contents, multimedia contents).

According to an embodiment of the present invention, the screen output unit 5005 includes a menu screen corresponding to a function for implementing the mixed disposable authentication code through the medium authentication, a function processing screen for implementing the mixed disposable authentication code, It is preferable to perform a function of screen output means for outputting a function process result screen for outputting the disposable authentication code.

The sound processing unit 5010 is a functional unit for processing input and output of sound in each operation mode of the wireless terminal 120. The function processing unit 5010 decodes at least one or more encoded sound data and supplies the decoded sound data to the wireless terminal 120 And a vocoder and a codec for encoding a sound signal input through a microphone provided in the wireless terminal 120 and encoding the sound signal.

According to an embodiment of the present invention, the sound processing unit 5010 may receive a sound corresponding to a predetermined ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 120 It is preferable to decode and output the data or to encode a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state &quot;, or to decode and output a predetermined voice signal through a speaker.

In addition, the sound processing unit 5010 may reproduce at least one sound content or multimedia content provided (or downloaded) from the wireless terminal 120 in at least one operation mode including the "mobile station call waiting state" It is preferable that the sound data corresponding to the content to be reproduced is decoded and output.

The key input unit 5015 may include a key input unit having at least one key button including a predetermined number key, a character key, or a function key, And a driver for driving the key input device. Accordingly, it is possible to detect at least one key input signal generated by clicking (or inputting) the key button in the key input device .

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode or at least one operation mode controlled by the controller 5000, (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the control unit 5000 The control unit 5000 reads out predetermined key data corresponding to the key event in the current input mode or the operation mode of the wireless terminal 120 (e.g., corresponding to a specific key event in each input mode or operation mode) Reading the key data from the key table storing (or managing) at least one key data to the key event) And reads a command for executing a predetermined function matched and defined.

According to an embodiment of the present invention, the key input unit 5015 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to change the operation mode of the wireless terminal 120 to the operation mode corresponding to the "system access state &quot;.

The key input unit 5015 inputs a predetermined function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 120, It is preferable to perform various functions provided in the display unit 120. [

According to the embodiment of the present invention, the key input unit 5015 preferably performs a function of a key input unit for inputting at least one key data corresponding to a function for implementing the mixed type disposable authentication code through the medium authentication .

The radio processing unit 5040 is a functional unit for connecting a radio channel to a base station on a mobile communication network that operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (e.g., a duplexer filter, Amplifier, a high power amplifier (HPA), an isolator, an RF / IF SAW filter, a frequency upstream circuit, a frequency downconversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, A Slot Mode, or a Power Control in response to each operation mode of the wireless terminal 120 in cooperation with the control unit 5000. [ Hand-off, or a call processing procedure according to an embodiment of the present invention.

According to an embodiment of the present invention, the radio processing unit 5040 may perform a radio frequency signal transmission / reception function (e.g., antenna control, modulation, synthesis, and transmission of radio frequency signals) corresponding to the function of implementing the hybrid type disposable authentication code through the medium authentication. Amplification, filtering, and the like).

In particular, the radio processing unit 5040 processes information or signals transmitted from the wireless terminal 120 to the base station into a CDMA stack in order to implement the hybrid type disposable authentication code through the medium authentication, And a function of reading predetermined information or signals from the CDMA stack.

If the wireless terminal 120 shown in FIG. 50 is a wireless terminal device connected to a HSDPA-based wireless network according to another embodiment of the present invention, the wireless processor 5040 accesses the HSDPA-based wireless network, Or if the wireless terminal 120 is a wireless terminal device connected to an IEEE 802.16x-based wireless network, the wireless processing unit 5040 may include a wireless communication function configuration that implements a hybrid one- And a wireless communication function configuration in which the hybrid type disposable authentication code is authenticated through the media authentication by accessing the IEEE 802.16x-based wireless network, and thus the present invention is not limited thereto.

The IC chip reader unit 5030 may include an IC chip 5035 mounted on or removed from the wireless terminal 120 through an IC chip 5035 standard including ISO / IEC 7816 or ISO / IEC 14443, IEC 7816 standard, or a function of exchanging at least one information (or data or command) with a financial IC chip 5035, USIM, or the like, (IC card reader) corresponding to the IEC 14443 standard. The IC card reader is connected to the IC chip 5035 via an APDU (Application Protocol Data Unit) ) Is exchanged.

Referring to the specification including ISO / IEC 7816 or ISO / IEC 14443, the IC chip 5035 mounted or detached from the customer's wireless terminal receives power supply VCC, a reset signal RST, a clock signal (Input / output interface) for communicating (e.g., exchanging commands or data) with the IC chip reader unit 5030 via contact points such as a clock signal CLK, ground GND, programming power supply VPP, or input / output A processor unit (not shown) having at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor; a read only memory (ROM) A memory (not shown) made up of at least one memory element including a RAM (Random Access Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), and an FM The above memory elements A chip operating system (COS) for managing and operating the internal resources of the IC card is stored in the IC chip reader unit 5030 via a power supply (VCC) contact point of the input / The COS stored in the memory is loaded into a predetermined execution memory to control the overall operation of the IC chip 5035 and the clock frequency of the clock signal CLK contact point (for example, 3.57 MHz or 4.9 MHz) And controls exchange of information or data between the IC chip 5035 and the IC chip reader unit 5030 through an APDU (Application Protocol Data Unit).

According to the present invention, IC chip 5035 storage information (for example, program code and data for IC chip 5035) for implementing a mixed type disposable authentication code through medium authentication is stored in the memory of IC chip 5035 The storage information of the IC chip 5035 includes a storage unit (not shown) for storing a data set corresponding to predetermined information or data read and / or used by the processor of the customer's wireless terminal. And a program routine (for example, a Javacard), which is operated or executed by a computation function of the processor unit and a command set provided by the COS, JAVA Applet)) which includes an instruction call code for interacting with the instruction set of the COS and an execution code which is processed by the processor unit (Not shown) corresponding to the application is provided. In particular, the processing unit (not shown) reads the command provided from the processor provided in the customer wireless terminal via the input / output interface through the APDU, (Not shown) stored in the storage unit (not shown) on the basis of the received information or data, and transmits the result or the read information or data to the customer wireless terminal via the input / output interface through the APDU Processor.

Here, the memory of the IC chip 5035 includes a security structure based on ISO / IEC 10202. According to this, the memory has a protection area in which secret information such as a chip serial number (CSN) is stored, The IC chip 5035 storage information for the present invention includes the protection area and the COS control area. The storage area for the IC chip 5035 includes a protection area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) It is preferable to store it in the excluded area.

According to the ISO / IEC 7816 or ISO / IEC 14443 ICC standard, the memory has one master file (MF) corresponding to a root file and at least one storage An ATR (Answer To Reset) including function information on information, at least one Dedicated File (DF) corresponding to each ICC storage information, and a Smart Card service (EF) file containing substantial information or data. The IC chip 5035 storage information for the present invention also includes the file structure as described above.

According to the embodiment of the present invention, the IC chip 5035 may store at least the user authentication IC chip 5035 storage information for authenticating the validity of the user of the wireless terminal 120 or the terminal authentication IC chip 5035 storage information It is preferable that one or more of them are provided.

The user authentication IC chip 5035 storage information or the terminal authentication IC chip 5035 storage information is used to store the user authentication information input through the key input unit 5015 to the IC chip 5035 authentication code (Or the wireless terminal 120) by using the identification information of the terminal medium IC chip 5035 as identification information of the mobile terminal 120, and returns the authentication result information of the terminal medium IC chip 5035, A technical feature that the user of the wireless terminal 120 (or the wireless terminal 120) is authenticated through the IC chip 5035 authentication code in the IC chip 5035, Since the user of the wireless terminal 120 (or the wireless terminal 120) knows the technical characteristic of returning the authentication result information of the terminal medium IC chip 5035 corresponding to the authentication result, a detailed description thereof will be omitted for the sake of simplicity. .

According to the embodiment of the present invention, the IC chip 5035 is provided with a server authentication IC chip 5035 for storing the validity of the media authentication server (1) 100 to the medium authentication server (2) 105, As shown in FIG.

The storage information of the server authentication IC chip 5035 is stored in the medium authentication server 1 100 via the server medium 1 IC chip 5035 authentication information received from the medium authentication server 1 (2) IC chip (5035) authentication information received from the medium authentication server (2) (105), or after returning authentication result information of the server medium (1) It is preferable to return the authentication result information of the server medium 2 IC chip 5035 after validating the validity of the medium authentication server 2 105 through the authentication server 105. In the technical field of the present invention, The IC chip 5035 may authenticate the media authentication server 1 100 through the authentication information of the server medium 1 IC chip 5035 and the media authentication server 1 (1) the IC chip 5035 corresponding to the authentication result of the server medium 2 (100) (2) IC chip (5035) authentication result information corresponding to the authentication result of the medium authentication server (2) (105) and the authentication result information of the server medium The detailed description will be omitted for the sake of brevity.

Alternatively, the memory provided in the IC chip 5035 may store the server authentication information 1 or the server authentication information 2 to implement the mixed type disposable authentication code through the medium authentication instead of the memory unit 5025 The server authentication information 1 or the server authentication information 2 may be provided on the IC chip 5035 in the form of a server certificate provided in the IC chip 5035. [

The memory unit 5025 includes a storage medium that stores at least one piece of information (or data) in the wireless terminal 120, or a nonvolatile memory corresponding to a recording medium that records a program code corresponding to at least one program routine A ROM (Read Only Memory) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to an embodiment of the present invention, system information of the non-volatile memory that should not be erased is stored in the non-volatile memory, and the flash memory is provided with operating system routines, call processing program routines, Program routines and information or data therefor are stored in the EEPROM. In the EEPROM, at least one or more of the terminal registration related parameters, telephone numbers (e.g., address book), or at least one Information (or data) is preferably stored.

According to an embodiment of the present invention, the memory unit 5025 includes a medium authentication server 1 (100) for authenticating a terminal medium corresponding to the wireless terminal 120 to implement a mixed type disposable authentication code through the medium authentication (For example, the address information of the medium authentication server 1 (100), the unique information of the medium authentication server (1) 100) and the medium authentication server (2) 105 (E.g., address information of the medium authentication server 2 (105), unique information of the medium authentication server (2) (105)) with respect to the medium authentication server (2)

Referring to FIG. 50, the wireless terminal 120 implementing the hybrid type disposable authentication code through the medium authentication includes an information input unit for receiving user authentication information through the key input unit 5015.

The information input unit outputs the user authentication information input interface in cooperation with the screen output unit 5005 to implement the mixed type disposable authentication code through the medium authentication, And requests the user to input user authentication information for implementing the one-time authentication code, whereby the authentication processing unit processes the user authentication information to be input to the user authentication information interface through the key input unit 5015. [

Here, the user authentication information may include at least one of a personal identification number (PIN) registered to authenticate the terminal medium for the wireless terminal 120 in the media authentication server (1) 100 on the communication network, It is preferable to include at least one of them.

Alternatively, the user authentication information may be stored in the wireless terminal 120 through the user authentication IC chip 5035 storage information or the terminal authentication IC chip 5035 storage information provided in the IC chip 5035 (or USIM) And at least one personal identification number (PIN) or password for authenticating the validity of the user.

Alternatively, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network, Or more.

Referring to FIG. 50, when the hybrid type disposable authentication code is implemented by authenticating the terminal medium after authenticating the server medium, the wireless terminal 120 transmits a media authentication server (1) 100, and receives server medium (1) authentication information corresponding to the medium authentication request information, and transmits the medium authentication request information to the server medium (1) a server authentication unit (1) 5045 for reading the authentication information and performing a first authentication of the server medium, and a server authentication unit (5045) for authenticating the server medium authentication information based on the user authentication information input through the information input unit And transmits the generated terminal medium authentication information to the media authentication server (1) 100 on the communication network in cooperation with the radio processing unit 5040, so that the medium corresponding to the radio terminal 120 is authenticated (1) authentication result information corresponding to the server medium (1) authentication result information from the medium authentication server (1) (100) in cooperation with the radio processing section (5040) (2) 5055 for transmitting the received terminal medium authentication code to the media authentication server (2) 105 to process the medium corresponding to the wireless terminal 120 so as to be second authenticated, (1) 5060 that receives authentication code (n) generation information from the media authentication server (1) 100 at the time of the first authentication, and a reception unit (2) 5065 for receiving the authentication code (Nn) generation information corresponding to the server medium (2) authentication result information from the medium authentication server (2) (105).

According to another embodiment of the present invention, when the wireless terminal 120 receives the terminal medium authentication code corresponding to the server medium (1) authentication result information from the media authentication server (1) 100, (2) (not shown) authenticates the server medium in a manner similar to (or identical to) the method of authenticating the server medium by the server authentication unit (1) 5045, and the authentication processing unit 2 The authentication processing unit 1 (5050) transmits the authentication information to the wireless terminal 120 through the terminal medium authentication code in a manner similar to (or equivalent to) the first authentication method of the medium corresponding to the wireless terminal 120, (1) 5050 and the server authentication unit (1) 5045, it is possible to perform the first authentication for the medium corresponding to the authentication processing unit (1) 5050, and if the person skilled in the art is familiar with the present invention, (2) 5055 and a server authentication unit 2 (not shown) A detailed description of the terminal medium and the server medium will be omitted for the sake of simplicity.

According to another embodiment of the present invention, the wireless terminal 120 transmits the terminal medium authentication information (or the medium authentication server 2 (105) to the medium authentication server (2) 105 for the second authentication Receiving the terminal medium authentication code from the medium authentication server (2) 105 may be omitted when transmitting the terminal medium authentication code (information set to be received from the wireless terminal 120). In this case, It is preferable to transmit the authentication information (or information set to be received from the wireless terminal 120 for the second authentication in the medium authentication server 2 (105)) to the medium authentication server (2) 105, And the terminal medium authentication code is omitted.

The server authenticating unit 1 5045 communicates with the media authentication server 1 on the communication network in cooperation with the wireless processing unit 5040 when the hybrid type disposable authentication code is implemented by authenticating the terminal medium after authenticating the server medium. The media authentication server (1) (100) transmits the medium authentication request information to the media server (100), and the media authentication server (1) (100) (Or extracts) the server medium authentication information (1) for authenticating the medium corresponding to the authentication server (1) (100).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit 5025 (or an IC chip 5035 or USIM) provided in the wireless terminal 120 And the server authentication information is stored in the server certificate included in the memory unit 5025 (or the IC chip 5035, or USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information is transmitted to a server (not shown) authenticated by the user authentication IC chip 5035 storage information provided in the IC chip 5035 (or USIM) It is preferable to include the authentication information of the medium IC chip 5035.

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through the key input unit 5015 provided in the wireless terminal 120. [

When the server authentication information is matched with the server authentication information stored in the memory unit 5025 (or the IC chip 5035 or the USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The media authentication server (1) (100) preferably generates the server medium authentication information (1) including the server authentication information and the medium authentication server (1) (100) information.

For example, the media authentication server (1) (100) preferably concatenates the server authentication information and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

Alternatively, the media authentication server (1) 100 may have at least one of the server authentication information and the medium authentication server (1) 100 information hashed as a one-way hash function, and then XORed to generate a server medium verifier , The server medium verifier, the server authentication information, and the medium authentication server (1) (100) information to generate the server medium authentication information (1).

(1) 100, at least one additional information item to be included in the server medium authentication information (1) and at least one additional information item to be included in the server medium authentication information (1) It is possible to deduce a technical feature of including the information in the server medium authentication information 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, the server authentication information is authenticated by the user authentication IC chip 5035 storage information provided in the IC chip 5035 (or USIM) included in the wireless terminal 120, When the IC chip 5035 includes authentication information, the media authentication server 1 100 transmits the server authentication information from the wireless terminal 120 to the server 5035 (or USIM) The server medium IC chip 5035 authentication information and the server medium IC chip 5035 authentication information provided to the medium authentication server 1 100. [ It is preferable to generate the server medium authentication information (1) including information.

For example, the medium authentication server (1) 100 preferably generates the server medium authentication information (1) by concatenating the server medium IC chip 5035 authentication information and the medium authentication server (1) 100 information Do.

Alternatively, the media authentication server (1) 100 may have at least one or more pieces of information of the server medium IC chip 5035 authentication information and the medium authentication server (1) 100 information be hashed as a one-way hash function, Generates server medium verifier, and generates server medium authentication information (1) by concatenating at least one or more pieces of server medium verifier, server medium IC chip (5035) authentication information, and medium authentication server (1) .

The server medium IC chip 5035 and the medium authentication server 1 100 may be provided with at least one or more than one of the server medium IC chip 5035 and the medium authentication server 1 100 included in the server medium authentication information 1, The additional information item and the additional information may be included in the server medium authentication information (1). The present invention is characterized by including all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 5015 included in the wireless terminal 120, (1) 100 hashash the server authentication information through a one-way hash function, and transmits the hashed server authentication information, at least one random number value (e.g., a random number value generated by the server) (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) to generate a server medium verifier, and the generated server medium verifier and the server It is preferable to generate the server medium authentication information 1 including authentication information, at least one or more random number information, and the medium authentication server 1 (100) information, and the medium authentication server 1 ( 100) It is possible to further cut the hash-based media server validation.

For example, the media authentication server (1) 100 may include the server medium verifier (or the hashed server medium verifier), the server authentication information, at least one random number information, and the medium authentication server (1) And generate the server medium authentication information (1) by concatenation.

The server authentication information (1) may include at least one of the server authentication information, at least one random number information, and the media authentication server (1) (100) information in addition to the server authentication information It is possible to deduce a technical feature that the additional information item (e.g., a prime number) and the additional information are included in the server medium authentication information (1), and the present invention includes all the inferable information items do.

In addition, those skilled in the art will be able to deduce various methods of generating the server medium authentication information (1) based on the server authentication information, in addition to the above-described embodiments, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

When the server medium authentication information (1) is generated through any one of the above-described methods, the medium authentication server (1) (100) transmits the server medium authentication information (1) 120 with at least one encryption key for secure transmission.

When the server medium authentication information (1) is generated as described above, the medium authentication server (1) (100) transmits the server medium authentication information (1) to the wireless terminal (120) The server authentication unit 1 5045 receives server medium authentication information 1 from the medium authentication server 1 100. When the server medium authentication information 1 is encrypted , And decrypt the encrypted server medium authentication information (1) through at least one decryption key.

The server authentication unit (1) 5045 reads the server medium authentication information (1) and authenticates the server medium when the server medium authentication information (1) is received. The server medium authentication information (1) is encrypted, the encrypted server medium authentication information (1) is encrypted

When the server authentication information is matched with the server authentication information stored in the memory unit 5025 (or the IC chip 5035 or the USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The server authentication unit 1 5045 receives the information of the medium authentication server 1 100 stored in the memory unit 5025 or the medium authenticated by the communication session information for receiving the server medium authentication information 1 (1) (100) information with the medium authentication server (1) (100) information included in the server medium authentication information (1) to verify the validity of the medium authentication server (1) And compares the server authentication information stored in the memory unit 5025 (or IC chip 5035 or USIM) with the server authentication information included in the server medium authentication information 1 to authenticate the validity of the server medium .

If at least one of the server authentication information and the medium authentication server (1) 100 information is hashed in the server medium authentication information (1) by a one-way hash function and XOR operation is performed, The server authentication unit 1 5045 transmits the server authentication information provided in the memory unit 5025 (or the IC chip 5035 or the USIM 5035) to the medium authentication server 1 (100) Information of the server medium verifier and the server medium verifier in the same manner as the server medium verifier and then XORs the server medium verifier to generate a server medium verifier and compares the server medium verifier and the server medium verifier to verify the validity of the server medium And the like.

According to another embodiment of the present invention, the server authentication information is authenticated by the user authentication IC chip 5035 storage information provided in the IC chip 5035 (or USIM) included in the wireless terminal 120, When the IC chip 5035 includes the authentication information, the server authentication unit 1 5045 transmits the information of the medium authentication server 1 100 stored in the memory unit 5025 (or the server medium authentication information 1 (1) 100) information included in the server medium authentication information (1) by comparing the information of the medium authentication server (1) (100) identified by the communication session information for receiving the medium authentication server The server medium IC chip 5035 authentication information included in the server medium authentication information 1 is transmitted to the IC chip 5035 (or USIM) Server authentication IC chip (5035) storage information to authenticate the server medium IC chip (5035) authentication information, and the server medium IC When the chip 5035 authentication result information is returned, the server medium IC chip 5035 authentication result information is read and the validity of the server medium is authenticated.

If at least one of the server medium IC chip 5035 authentication information and the medium authentication server (1) 100 information is hashed as a one-way hash function in the server medium authentication information (1) The server authentication unit 1 5045 transmits the authentication information of the server medium IC chip 5035 provided in the storage medium and the information of the medium authentication server 1 100 confirmed through the communication session The server medium verifier and the server medium authenticator, and verifies the validity of the server medium verifier by comparing the server medium verifier and the server medium authenticator It is preferable to further comprise

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through the key input unit 5015 provided in the wireless terminal 120, (1) 5045 receives the media authentication server 1 (100) information stored in the memory unit 5025 (or the media authentication server (1) (100) information with the medium authentication server (1) 100 information included in the server medium authentication information (1) to authenticate the validity of the medium authentication server (1) (Hash) a server authentication information stored in a storage medium provided in (or linked to) the media authentication server (1) 100 through a one-way hash function, and transmits the hashed server authentication information, at least one random number value A random number value included in the server medium authentication information (1)), Generates a server medium authenticator by performing at least one XOR operation on the server 1 (100) information (or the medium authentication server (1) 100 information hashed by the one-way hash function) And verifying the validity of the server medium by comparing the included server medium verifier with the generated server medium verifier.

Those skilled in the art will be able to deduce various methods of authenticating the server medium authentication information 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

When the server medium authentication information (1) is authenticated through any one of the above methods, the authentication processing unit (1) 5050 authenticates the terminal medium by the medium authentication server (1) 100 on the communication network And generates the terminal medium authentication information based on the user authentication information input through the information input unit for processing.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The authentication processing unit (1) 5050 generates terminal medium authentication information including the user authentication information and the unique information of the wireless terminal 120. In this case,

For example, the authentication processing unit (1) 5050 preferably generates the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 5050 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the authenticator, the user authentication information, and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 5035 (or USIM) through the user authentication IC chip 5035 storage information or the terminal authentication IC chip 5035 storage information (1) 5050 includes at least one of a personal identification number (PIN) or a password for authenticating the validity of a user of the wireless terminal 120, the authentication processing unit (1) And provides the user authentication information to the user authentication IC chip 5035 storage information or the terminal authentication IC chip 5035 storage information provided in the IC chip 5035 (or the USIM) When the IC chip 5035 (or the USIM) returns the authentication result information of the terminal medium IC chip 5035 through the user authentication information, the authentication result information of the terminal medium IC chip 5035 that is returned and the authentication result information of the wireless terminal 120 ) Terminal information including unique information It is preferred to generate the authentication information.

For example, the authentication processing unit (1) 5050 preferably generates the terminal medium authentication information by concatenating authentication result information of the terminal medium IC chip 5035 and the unique information of the wireless terminal 120.

Alternatively, the authentication processing unit (1) 5050 hashes at least one of the authentication result information of the terminal medium IC chip 5035 and the unique information of the wireless terminal 120 into a one-way hash function, XORs the same, And generates the terminal medium authentication information by concatenating at least one of the terminal medium verifier, the terminal medium IC chip 5035 authentication result information, and the wireless terminal 120 specific information.

The terminal medium IC chip 5035 may include at least one additional information item to be included in the terminal medium authentication information in addition to the authentication result information of the terminal medium IC chip 5035 and the unique information of the wireless terminal 120, The additional information may be included in the terminal medium authentication information. The present invention is characterized by including all of the inferable information items.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the authentication processing unit (1) 5050 hashashes the user authentication information through a one-way hash function, and transmits the hashed user authentication information, at least one random number value (For example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function), and generates a terminal media verifier The terminal medium authentication information including the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120 , And the authentication processing unit (1) 5050 can further hash the terminal medium verifier according to the intention of a person skilled in the art.

For example, the authentication processing unit 1 (5050) concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, It is preferable to generate the medium authentication information.

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication information is generated through any one of the above-described methods, the authentication processing unit (1) 5050 transmits the terminal medium authentication information to the medium authentication server (1) 100 on the communication network securely (Or the IC chip 5035) with the encryption key included in the memory 5025 (or the IC chip 5035).

When the terminal medium authentication information is generated as described above, the authentication processing unit (1) 5050 associates the generated terminal medium authentication information with the wireless processing unit 5040 to the medium authentication server (1) 100 on the communication network And the media authentication server (1) (100) authenticates the medium corresponding to the wireless terminal (120) through the terminal medium authentication information.

If the terminal media authentication information is encrypted, the media authentication server (1) 100 preferably decrypts the encrypted terminal media authentication information through a decryption key.

According to an embodiment of the present invention, the user authentication information is transmitted from the media authentication server (1) 100 on the communication network to a personal identification number (PIN) or a password registered to authenticate the terminal medium for the wireless terminal 120 The media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, and if the identified wireless terminal (120) Authenticates the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information and transmits the authentication information to the media authentication server 1 (100) And comparing the user authentication information stored in association with the unique information of the wireless terminal 120 with the user authentication information included in the terminal medium authentication information to authenticate the validity of the terminal medium .

If the terminal authentication information includes at least one of the user authentication information and the unique information of the wireless terminal 120 in the terminal media authentication information, the media authentication server 1 may, for example, (100) hashes at least one of the user authentication information provided in the storage medium and the unique information of the wireless terminal (120) identified through the communication session in the same manner as the terminal medium verifier and performs an XOR operation Further comprising generating a terminal media authenticator and comparing the terminal media verifier and the terminal media authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information is stored in the IC chip 5035 (or USIM) through the user authentication IC chip 5035 storage information or the terminal authentication IC chip 5035 storage information (1) 100 includes at least one personal identification number (PIN) or password for authenticating the validity of a user of the wireless terminal 120, the media authentication server (1) (120) unique information of the wireless terminal (120) through a session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, And transmits the authentication information to the IC chip 5035 (1) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in a storage medium provided in the media authentication server (1) ) (Or USIM) (Or the terminal medium IC chip 5035) authentication information through the same logic as the user authentication IC chip 5035 storage information or the terminal authentication IC chip 5035 storage information (5035) authentication information of the terminal medium IC chip 5035 included in the terminal medium IC chip 5035 authentication information and the terminal medium IC chip 5035 authentication information included in the terminal medium authentication information And verifies the validity of the terminal medium.

If at least one of the authentication result information of the terminal medium IC chip 5035 and the unique information of the wireless terminal 120 is hashed as a one-way hash function and the terminal media verifier is included in the terminal medium authentication information, The media authentication server (1) 100 transmits at least one of the authentication information of the terminal medium IC chip (503) provided in the storage medium and the unique information of the wireless terminal (120) And generating a terminal media authenticator by XORing the hash in the same manner as the media verifier, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

A personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the media authentication server (1) 100 on the communication network according to another embodiment of the present invention; ), Or a secret number, the media authentication server (1) (100) checks the unique information of the wireless terminal (120) through a communication session for receiving the terminal medium authentication information, The wireless terminal 120 authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information, Way hash function by associating the user authentication information stored in association with the unique information of the wireless terminal 120 with the hashed (or linked) storage medium, and transmits the hashed user authentication information, (At least one random number value included in the terminal medium authentication information), the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) A media authenticator is generated, and the validity of the terminal medium is verified by comparing the terminal medium verifier included in the terminal medium authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through any one of the above methods, the medium authentication server (1) (100) generates (or extracts) a terminal medium authentication code corresponding to the terminal medium authentication result, And transmits the terminal authentication code to the wireless terminal (120) through a communication network. The authentication processing unit receives the terminal authentication code from the media authentication server (1) (100).

According to an embodiment of the present invention, when the medium authentication server (1) 100 authenticates the terminal medium authentication information, the medium authentication server (1) 100 transmits an authentication code ( (or extract) authentication code (n) generation information for generating the authentication code (n) to be transmitted to the wireless terminal 120. In response to this, the receiving unit (1) 5040). &Lt; / RTI &gt;

If the program code n for generating the authentication code (n) is not provided to the wireless terminal 120 through the authentication code (n) generation information, the medium authentication server (100) (N) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in response to the terminal medium authentication, , The receiving unit (1) 5060 further receives the program code (n) for generating the authentication code (n) through the wireless processing unit 5040 through the authentication code (n) generation information .

According to another embodiment of the present invention, when the media authentication server (1) (100) authenticates the terminal medium authentication information, the media authentication server (1) (100) (Or extract) the authentication code n to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code n to the wireless terminal 120. In response to this, And receives the authentication code (n) through the processing unit (5040).

Then, the authentication processing unit transmits the received terminal medium authentication code to the medium authentication server (2) (105) through a communication network.

According to an embodiment of the present invention, the authentication processing unit generates terminal medium authentication information through the user authentication information and transmits the authentication information to the media authentication server (1) 100 through a similar (or the same) (For example, a terminal media verifier is concatenated with the terminal medium authentication code and the unique information of the wireless terminal 120, or a terminal media verifier including the terminal medium authentication code and the unique information of the wireless terminal 120) (2) 105, and if it is a person having ordinary skill in the art to which the present invention pertains, it is possible to transmit the terminal medium authentication code through a method of generating the terminal medium authentication information, The detailed description thereof will be omitted for the sake of simplicity.

The medium authentication server (2) (105) receiving the terminal medium authentication code from the wireless terminal (120) authenticates the terminal medium authentication code.

When the terminal authentication code is processed in a manner similar to (or identical to) the terminal medium authentication information generation method according to the embodiment of the present invention, the medium authentication server (2) It is preferable to authenticate the terminal medium authentication code in a manner similar to (or the same as) the method of authenticating the terminal medium authentication information in the terminal 100. If a person having ordinary knowledge in the technical field of the present invention , It is possible to infer a technical characteristic of authenticating the terminal medium authentication code through the method of authenticating the terminal medium authentication information, so that detailed description thereof will be omitted for the sake of convenience.

According to an embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) 105 transmits an authentication code (Or extracting) the authentication code Nn generation information for generating the authentication code Nn to the wireless terminal 120 and correspondingly transmits the authentication code Nn to the wireless processing unit 5040) of the authentication code (Nn) generation information.

If the program code Nn for generating the authentication code Nn is not provided to the wireless terminal 120 through the authentication code Nn generation information, the medium authentication server 2 (105) (Nn) for generating the authentication code (Nn) through the authentication code (Nn) generation information to the wireless terminal (120) in response to the terminal medium authentication, The receiving unit 2 5065 further receives the program code Nn for generating the authentication code Nn through the authentication code Nn generation information through the radio processing unit 5040 .

According to another embodiment of the present invention, when the medium authentication server (2) 105 authenticates the terminal medium authentication code, the medium authentication server (2) (105) (Or extracts) an authentication code Nn to be included in combination with the authentication code N of the wireless terminal 120 and transmits the authentication code Nn to the wireless terminal 120. In response thereto, the receiver 2 (5065) And receives the authentication code (Nn) through the processing unit (5040).

Referring to FIG. 50, the wireless terminal 120 generates an authentication code (n) through the authentication code (n) generation information received through the receiving unit 1 (5060) And an authentication code generation unit (5070) for generating an authentication code (Nn) through the authentication code (Nn) generation information received through the authentication code generation unit (5065).

If the authentication code generation unit 5070 includes the program code n for generating the authentication code n, the authentication code generation unit 5070 receives the authentication code n through the reception unit 1 (5060) (N) is generated by using the generated authentication code (n) generation information, and the generation time of the authentication code (n) is determined by the output processing unit 5080 n and the authentication code Nn may be combined to be generated at any time before the authentication code N is generated and the present invention is not limited by the generation time of the authentication code n.

On the other hand, when the authentication code generation unit 5070 includes the program code n for generating the authentication code n, the authentication code generation unit 5070 receives the authentication code n through the reception unit 1 (5060) (N) by using the authentication code (n) generation information received through the receiving unit (1) 5060 through the program code (n)

According to another embodiment of the present invention, when the authentication code (n) is directly received through the receiving unit (1) 5060, the authentication code generating unit 5070 does not generate the authentication code (n) The present invention is not limited thereto.

If the authentication code generating unit 5070 is provided with the program code Nn for generating the authentication code Nn, the authentication code generating unit 5070 generates the authentication code Nn via the receiving unit 2 When the authentication code (Nn) generation information is received, the authentication code generation unit 5070 generates an authentication code (Nn) of (Nn) digits using the received authentication code (Nn) generation information .

On the other hand, if the authentication code generation unit 5070 does not include the program code Nn for generating the authentication code Nn, the authentication code generation unit 5070 generates the authentication code Nn through the reception unit 2 (5065) The authentication code generation unit 5070 generates the authentication code Nn generation information through the program code Nn received through the reception unit 2 5065, It is preferable to generate the authentication code (Nn) of the number of digits (Nn).

According to another embodiment of the present invention, when the authentication code Nn is directly received through the receiver 2 (5065), the authentication code generator 5070 does not generate the authentication code Nn The present invention is not limited thereto.

Those skilled in the art will appreciate that the authentication code generation unit 5070 may generate a technical feature (for example, an authentication code) for generating an authentication code (n) of n digits using the authentication code (n) (Nn) digits of the authentication code (Nn) using the authentication code (Nn) generation information, the detailed description thereof will be omitted for the sake of convenience.

Referring to FIG. 50, the wireless terminal 120 includes a code combination unit 5075 for generating an authentication code (N) by combining the authentication code (n) and the authentication code (Nn) And an output processing unit (5080) for outputting the generated authentication code (N) in association with the authentication code (5005).

When the authentication code (n) and the authentication code (Nn) are generated by the authentication code generation unit 5070, the code combination unit 5075 combines the authentication code (n) and the authentication code (Nn) And generates a digit number authentication code (N).

According to an embodiment of the present invention, the code combination unit 5075 preferably generates the N-digit authentication code N by concatenating the authentication code n and the authentication code Nn.

For example, if the authentication code (n) is "123" and the authentication code (Nn) is "456", the code combination unit 5075 concatenates the authentication code (n) It is preferable to generate code (N) "123456 &quot;.

According to another embodiment of the present invention, the code combination unit 5075 generates an N-digit authentication code N by ORing the authentication code n and the authentication code Nn, (n) and the authentication code Nn are designated, the code combining unit 5075 inserts the corresponding code into the position of the authentication code n and the authentication code Nn, It is preferable to generate the code N.

For example, if the authentication code n is 103050 and the authentication code Nn is 020406, the code combination unit 5075 ORs the authentication code n and the authentication code Nn It is preferable to generate the authentication code (N) "123456 &quot;.

Alternatively, if the authentication code n is "1? 3? 5?" And the authentication code Nn is "? 2? 4? 6" (N) "123456" by inserting each code into the position of the position of the authentication code (Nn) and the authentication code (Nn).

According to another embodiment of the present invention, the code combining unit 5075 substitutes the authentication code (n) and the authentication code (Nn) into at least one code generation function (e.g., a hash function) It is preferable to generate the authentication code (N) of the code generation function, and the present invention is not limited by the code generation function type and the algorithm.

When the N number of authentication codes N are generated by combining the authentication code n and the authentication code Nn, the output processing unit 5080 associates with the screen output unit 5005, (N) of the wireless terminal (120) to a predetermined area on the screen of the wireless terminal (120).

According to an embodiment of the present invention, the output processing unit 5080 outputs a disposable authentication code output screen on the screen of the wireless terminal 120 in cooperation with the screen output unit 5005, To output the generated N-digit authentication code (N).

According to another embodiment of the present invention, the output processing unit 5080 outputs the disposable authentication code output area to the screen area currently output on the screen of the wireless terminal 120 in connection with the screen output unit 5005 And outputs the generated N-digit authentication code (N) to the disposable authentication code output area.

FIG. 51 is a diagram illustrating a configuration of a system for implementing a mixed type disposable authentication code by medium authentication according to another embodiment of the present invention.

In more detail, FIG. 51 illustrates a case where the wireless terminal 120 functional configuration in which the hybrid type disposable authentication code is implemented includes the wireless terminal 120 functional configuration shown in FIG. 50, (N > = 2) digits of the disposable authentication code to be implemented in the system according to an embodiment of the present invention, and those skilled in the art will refer to FIG. 51 It is to be understood that the present invention may be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 51, the hybrid type disposable authentication code implementation system using the medium authentication includes a wireless terminal 120 including the functional configuration shown in FIG. 50, a wireless terminal 120 connected to the wireless terminal 120, (N) for performing a first terminal media authentication for the wireless terminal 120 and generating an n-digit authentication code (n) to the wireless terminal 120 in response to the first media authentication result, (1) 100 for providing the generation information or generating an authentication code (n) of n digits to the wireless terminal 120 and a second terminal medium (Nn) generation information for generating a (Nn) digit authentication code (Nn) to the wireless terminal (120) in response to the second medium authentication result, or (Nn) And generates and transmits the authentication code Nn of the number of digits to the wireless terminal 120 Including a body authentication server 2 (105) is characterized in that formed.

In order to implement the hybrid type disposable authentication code through the medium authentication, the wireless terminal 120 transmits terminal medium authentication information for authenticating the terminal medium to the wireless terminal 120 in the media authentication server (1) 100 And transmits the generated authentication information to the media authentication server (1) (100). Thus, the media authentication server (1) (100) verifies that the validity of the terminal medium .

According to an embodiment of the present invention, the terminal medium authentication information preferably includes user authentication information input through a key input unit provided in the wireless terminal 120 and unique information of the wireless terminal 120 And generates a terminal media verifier by XORing at least one of the user authentication information and the unique information of the wireless terminal 120 according to the intention of a person skilled in the art using a one-way hash function, Information of the wireless terminal 120, and unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal medium authentication information may include terminal medium IC chip authentication result information generated through an IC chip (or USIM) provided in the wireless terminal 120, And at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed by a one-way hash function and then XORed by the one-way hash function according to the intention of a person skilled in the art, And includes at least one of the terminal medium verifier, the terminal medium IC chip authentication result information, and the unique information of the wireless terminal 120.

According to another embodiment of the present invention, the terminal media authentication information hashashes user authentication information input through a key input unit provided in the wireless terminal 120 through a one-way hash function, At least one or more random number values (for example, a random number value generated at the terminal), unique information of the wireless terminal 120 (or unique information of the wireless terminal 120 hashed by the one-way hash function) And generates the terminal medium verifier, and includes the generated terminal medium verifier, the user authentication information, at least one random number information, and the unique information of the wireless terminal 120.

Also, the wireless terminal 120 receives authentication code (n) generation information for generating an authentication code (n) of n digits from the medium authentication server (1) 100 as a result of the first medium authentication , And a function of generating an authentication code (n) of n digits through the received authentication code (n) generation information.

Alternatively, the wireless terminal 120 receives n-digit authentication code (n) from the media authentication server (1) 100 as a result of the first medium authentication.

Also, the wireless terminal 120 receives the terminal medium authentication code from the medium authentication server (1) 100 as a result of the first medium authentication, and transmits the received terminal medium authentication code to the medium authentication server 2 (105). &Lt; / RTI &gt;

In addition, the wireless terminal 120 may generate authentication code (Nn) generation information for generating an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 as a result of the second medium authentication And a function of generating an authentication code (Nn) of (Nn) digits through the received authentication code (Nn) generation information.

Alternatively, the wireless terminal 120 receives an authentication code (Nn) of (Nn) digits from the medium authentication server (2) 105 as a result of the second medium authentication.

When the authentication code N of the n digits is generated and the authentication code Nn of the number Nn is generated, the wireless terminal 120 combines the authentication code n and the authentication code Nn into N (N), and outputs the generated authentication code (n) to the screen of the wireless terminal (120).

51 shows a technical characteristic of generating the authentication code Nn of the n-digit authentication code n and the (Nn) digit in the wireless terminal 120 and the authentication code Nn and the authentication code Nn The technical features of generating an N-digit authentication code (n) by combining FIG. 50 will be described with reference to FIG. 50, and a detailed description thereof will be omitted for the sake of simplicity.

According to the present invention, the media authentication server (1) 100 associates and stores the user authentication information for authentication of the terminal medium and the unique information of the wireless terminal 120, and stores the user authentication information and the unique (Or interlocking) a storage medium (1) 5150 for further storing the terminal medium authentication rule information through information. The storage medium (1) 5150 includes a server medium 1, (1) (1) for generating the authentication information, or further associates and stores the authentication code generation rule information for generating the terminal medium authentication code.

The user authentication information may include information input from the wireless terminal 120 to authenticate the terminal medium among the key input information input through the key input means or information input via the IC chip (or USIM) And at least one authentication result information.

The unique information of the wireless terminal 120 may include MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information or IMEI (International Mobile Equipment Identity) for the wireless terminal 120, or IMSI (International Mobile Subscriber Identity) information, MSISDN (Mobile Station International ISDN Number), or USIM specific information.

The terminal medium authentication rule information may include a rule for generating the terminal medium authentication information at the wireless terminal 120 or a rule for authenticating the terminal medium corresponding to the wireless terminal 120 by reading the terminal medium authentication information, (1) 5150 may be omitted if the terminal authentication rule is implemented in the form of a program code in the media authentication server (1) 100, , Whereby the present invention is not limited thereto.

The authentication code generation rule information preferably defines a rule for generating a terminal media authentication code transmitted to the wireless terminal 120, and the authentication code generation rule is stored in the media authentication server (1) Code form, it is optional to store the authentication code generation rule information in the storage medium (1) 5150, and thus the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code (n) is not provided to the wireless terminal 120, the media authentication server (1) (1) 5155 for classifying and storing the program code (n) for generating the authentication code (n) according to the platform of the wireless terminal 120 according to the program code D / B (program analyzer, operating system, And interlocked).

Those skilled in the art will recognize the technical features of the program code n for generating the authentication code n according to a plurality of wireless terminal 120 platforms, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (2) 105 includes (or interlocks with) a storage medium (2) 5185 for storing terminal medium authentication rule information for authenticating the terminal medium authentication code And the storage medium (2) 5185 generates authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) The authentication code generation rule information for generating the authentication code Nn to be transmitted to the terminal 120 is further stored in association with each other.

Preferably, the terminal medium authentication rule information defines a rule for reading the terminal medium authentication code and authenticating the terminal medium corresponding to the wireless terminal 120, and the medium authentication server (2) When the terminal medium authentication rule is implemented in the form of a program code, it is optional to store the terminal medium creation rule information in the storage medium (2) 5185, and thus the present invention is not limited thereto.

The authentication code generation rule information may include a rule for generating an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 or a rule for generating the authentication code (Nn) to be transmitted to the wireless terminal 120 It is preferable that at least one rule for generating the authentication code generation rule is defined in the form of a program code in the media authentication server 2 105. The storage medium 2 5185 The authentication code generation rule information may be omitted from the authentication code generation rule information, and thus the present invention is not limited thereto.

When the terminal medium authentication code is processed to include the same structure as the terminal medium authentication information according to another embodiment of the present invention, the storage medium (2) 5185 includes user authentication information (not shown), wireless terminal 120) inherent information (not shown), and server authentication information 2 (not shown) can be stored in association with each other, so that the present invention is not limited thereto.

According to the present invention, when the program code for generating the authentication code Nn is not provided to the wireless terminal 120, the media authentication server 2 (105) A program code D / B (2) 5190 for classifying and storing program codes Nn for generating the authentication code Nn according to platform of the wireless terminal 120 according to a program analyzer, an operating system, or the like And interlocked).

Those skilled in the art will appreciate the technical features of the program code Nn for generating the authentication code Nn according to a plurality of wireless terminal platforms 120, A detailed description thereof will be omitted for the sake of convenience.

According to the present invention, the media authentication server (1) 100 includes an interface unit 5100 for connecting and managing a communication channel for first media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 5100 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (1) 100 is provided on the wireless communication network (or in the wireless communication system), the interface unit 5100 transmits, And a communication channel including a wire section for connecting the media authentication server (1) (100) to the base station.

According to another embodiment of the present invention, when the media authentication server (1) 100 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system) A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the medium authentication server (100) And a communication channel including a wire section is connected.

Referring to FIG. 51, the media authentication server (1) 100 generates terminal medium authentication information for terminal medium authentication for the wireless terminal 120 in the wireless terminal 120, An information receiving unit 5105 for receiving media authentication request information from the wireless terminal 120 in association with the interface unit when the media authentication request information is received; An authentication information transmitting unit 5115 for transmitting authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit, An authentication information receiving unit 5120 (5105) for receiving the terminal medium authentication information in association with the terminal medium authentication information, and a terminal medium authentication unit 5103 for reading the received terminal medium authentication information and authenticating the terminal medium corresponding to the wireless terminal 120 Part (1) An authentication code generation unit 5130 for generating a terminal medium authentication code when the terminal medium is authenticated, and an authentication code generation unit 5130 for generating the generated terminal medium authentication code in cooperation with the interface unit 5100, And an authentication code transmitting unit 5135 for transmitting the authentication code to the authentication code transmitting unit 5135.

According to an embodiment of the present invention, the server authentication information 1 is preferably matched with server authentication information 1 stored in a memory unit (or IC chip or USIM) provided in the wireless terminal 120 And the server authentication information 1 may be stored in a server certificate included in the memory unit (or an IC chip or a USIM) according to a person skilled in the art.

According to another embodiment of the present invention, the server authentication information (1) is a server medium IC chip (1) authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal And authentication information.

According to another embodiment of the present invention, the server authentication information 1 may be matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120.

When the server authentication information 1 matches with the server authentication information 1 stored in the memory unit (or IC chip or USIM) provided in the wireless terminal 120 according to an embodiment of the present invention, The authentication information generation unit 5110 preferably generates the server medium 1 authentication information including the server authentication information 1 and the medium authentication server 1 information.

For example, the authentication information generation unit 5110 preferably generates the server medium (1) authentication information by concatenating the server authentication information (1) and the medium authentication server (1) (100) information.

Alternatively, the authentication information generation unit 5110 may have at least one of the server authentication information (1) and the medium authentication server (1) (100) information hashed as a one-way hash function, and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server authentication information (1), and the medium authentication server (1) (100) information.

(1) authentication information to be included in the server medium (1) authentication information in addition to the server authentication information (1) and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention. And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, the server authentication information (1) is authenticated by the user authentication IC chip storage information provided in the IC chip (or USIM) provided in the wireless terminal 120, The authentication information generating unit 5110 provides the server authentication information (1) from the wireless terminal 120 as the server authentication IC chip storage information provided in the IC chip (or USIM) (1) authentication information including the server medium IC chip authentication information and the medium authentication server (1) (100) information is generated in the form of server medium IC chip authentication information for processing to authenticate the server medium Do.

For example, the authentication information generation unit 5110 preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the medium authentication server (1) 100 information.

Alternatively, the authentication information generation unit 5110 may have at least one of the server medium IC chip authentication information and the medium authentication server (1) 100 information is hashed as a one-way hash function and then XORed to generate a server medium verifier And generate the server medium (1) authentication information by concatenating at least one of the server medium verifier, the server medium IC chip authentication information, and the medium authentication server (1) 100 information.

The server medium IC chip authentication information and at least one or more additional information items to be included in the server medium 1 authentication information other than the medium authentication server (1) 100 information, if the person skilled in the art is familiar with the present invention And the additional information may be included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

According to another embodiment of the present invention, when the server authentication information 1 is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, The hash unit 5110 hashes the server authentication information 1 through the one-way hash function and transmits the hashed server authentication information 1, at least one random number value (e.g., a random number value generated by the server) Generates a server media verifier by performing at least one XOR operation on the media authentication server (1) 100 information (or the media authentication server (1) 100 information hashed by the one-way hash function) (1) authentication information including the server authentication information (1), at least one or more random number information, and the medium authentication server (1) (100) information, according to the intention of a person skilled in the art, The authentication information generating unit 511 0) is capable of further hashing the server media verifier.

For example, the authentication information generating unit 5110 may generate the authentication information including the server medium verifier (or hashed server medium verifier), the server authentication information 1, at least one random number information, the medium authentication server 1 To generate the authentication information of the server medium (1).

(1) authentication information other than the server authentication information (1), at least one random number information, and the medium authentication server (1) (100) information if the person skilled in the art is familiar with the present invention It is possible to deduce at least one additional information item (for example, a prime number) and the additional information in the authentication information of the server medium 1, and the present invention can be applied to a case in which all the additional information items .

In addition, those skilled in the art will be able to deduce various methods of generating the server medium (1) authentication information based on the server authentication information (1), in addition to the above- And the present invention is characterized in that it includes all of the above-mentioned embodiments to be inferred.

When the server medium 1 authentication information is generated as described above, the authentication information transmitting unit 5115 transmits authentication information of the server medium 1 to the wireless terminal 120 in association with the interface unit In response to the request, the wireless terminal 120 authenticates the server medium 1 authentication information, and upon authentication of the server medium 1 authentication information, generates the terminal medium authentication information to be transmitted to the medium authentication server .

When the wireless terminal 120 generates the terminal medium authentication information for the terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication information through the communication channel, the authentication information receiving unit 5120 (5105) When the terminal authentication information is encrypted, the authentication information receiving unit 5120 (5105) decrypts the encrypted terminal media authentication information through the decryption key. .

When the terminal medium authentication information includes at least one of the user authentication information input through the key input unit provided in the wireless terminal 120 and the unique information of the wireless terminal 120 according to an embodiment of the present invention, The terminal medium authentication unit 1 (5125) checks the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information, (1) 5125 to authenticate the validity of the wireless terminal 120 by comparing the unique information with the unique information of the wireless terminal 120 included in the terminal authentication information, (1) 5150 in which the user authentication information stored in association with the unique information of the wireless terminal 120 is compared with user authentication information included in the terminal media authentication information, And validates the validity.

If at least one of the user authentication information and the unique information of the wireless terminal 120 is hashed by the one-way hash function and XOR operation is performed on the terminal media authentication information, the terminal media authenticator 1) 5125 transmits at least one of the user authentication information provided in the storage medium (1) 5150 and the unique information of the mobile terminal 120 confirmed through the communication session to the same And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the terminal medium authentication information may be generated by the terminal medium IC chip authentication result information generated through the IC chip (or USIM) provided in the wireless terminal 120, (1) 5125 confirms the unique information of the wireless terminal 120 through a communication session for receiving the terminal medium authentication information according to the terminal medium authentication rule information And authenticates the validity of the wireless terminal 120 by comparing the authenticated wireless terminal 120 unique information with the unique information of the wireless terminal 120 included in the terminal medium authentication information, (Or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120 in the storage medium 1 (5150) provided in (or linked to) User authentication IC chip storage , Or generates the terminal medium IC chip authentication information through the same logic as the terminal authentication IC chip storage information (or, if the terminal medium IC chip authentication information is stored in the storage medium (1) 5150, the terminal medium IC chip authentication information And verifies the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the UE medium authentication information and the unique information of the mobile station 120 is hashed by the one-way hash function and XOR operation is performed on the UE medium authentication information, The authentication unit (1) 5125 transmits at least one of the terminal medium IC chip authentication information provided in the storage medium (1) 5150 and the unique information of the wireless terminal 120 confirmed through the communication session, The method further comprises the step of performing an XOR operation on the hash in the same manner as the terminal medium verifier, generating a terminal medium authenticator, and comparing the terminal medium verifier and the terminal medium authenticator to authenticate the validity of the terminal medium .

According to another embodiment of the present invention, when the terminal media authentication information includes a terminal media verifier, the terminal media authentication unit (1) 5125 obtains the terminal media authentication information according to the terminal media authentication rule information (120) unique information of the wireless terminal (120) through the communication session, compares the unique information of the wireless terminal (120) with the unique information of the wireless terminal (120) included in the terminal medium authentication information, (1) 5150 that is authenticated with the terminal 120 authenticated by the user and authenticated to the terminal medium authentication unit 1 (5125) and stored in association with the unique information of the wireless terminal 120 And transmits the hashed user authentication information, at least one random number value (e.g., a random number value included in the terminal media authentication information), the unique information of the wireless terminal 120 or (The unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media authenticator, compares the terminal media verifier included in the terminal media authentication information with the generated terminal media authenticator And authenticating the validity of the terminal medium.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

When the terminal medium authentication information is authenticated through one of the above methods, the authentication code generation unit 5130 generates (or extracts) the terminal medium authentication code through the authentication code generation rule information do.

Herein, the terminal medium authentication code includes an authentication code for authenticating that the terminal medium corresponding to the wireless terminal 120 is first authenticated through the medium authentication server (1) in the medium authentication server (2) 105 .

When the terminal medium authentication code is generated (or extracted) through the authentication code generation unit 5130, the authentication code transmission unit 5135 transmits the generated terminal medium authentication code in cooperation with the interface unit 5100 The wireless terminal 120 transmits the terminal's medium authentication code to the medium authentication server (105) through the communication network.

Referring to FIG. 51, the media authentication server (1) 100 generates an authentication code (n) at the wireless terminal 120 at the time of first authentication by the terminal medium authentication unit (1) 5125 (1) 5140 that generates the authentication code (n) generation information for generating the authentication code (n) to be transmitted to the wireless terminal 120 or generates the authentication code (n) to be transmitted to the wireless terminal 120, (1) 5145 for transmitting the generated authentication code (n) generation information (or authentication code (n)) to the wireless terminal 120.

Upon the first authentication by the terminal medium authentication unit 1 (5125), the information generation unit (1) 5140 generates the authentication code (n) from the wireless terminal 120 through the authentication code generation rule information (Or extracting) authentication code (n) generation information for performing authentication.

According to another embodiment of the present invention, the information generation unit 1 (5140) generates (or extracts) the authentication code (n) generation information through the authentication code generation rule information, And generates the authentication code (n) to be transmitted to the wireless terminal (120) through the generated information.

When the authentication code (n) generation information is generated (or extracted) through the information generation unit 1 (5140) according to an embodiment of the present invention, the transmission unit (1) And transmits the generated authentication code (n) generation information to the wireless terminal 120 in association with the authentication code (n) 5100 in response to the authentication code (n) And generates the authentication code (n).

When the authentication code (n) is generated (or extracted) through the information generation unit 1 (5140) according to another embodiment of the present invention, the transmission unit (1) 5145 transmits the authentication code And transmits the generated authentication code (n) to the wireless terminal 120 in association with the authentication code (n).

If the program code n for generating the authentication code n is not provided to the wireless terminal 120 through the authentication code n generation information, the transmission unit (1) 5145 transmits the authentication code (n) It is preferable to further transmit the program code (n) for generating the authentication code (n) through the authentication code (n) generation information to the wireless terminal 120 in connection with the code D / B (1) 5155 Do.

According to the present invention, the media authentication server (2) 105 comprises an interface unit 5160 for connecting and managing a communication channel for second media authentication with the wireless terminal 120 through the wireless communication network .

When the terminal medium authentication information is generated in the wireless terminal 120, the interface unit 5160 receives the terminal medium authentication information from the wireless terminal 120 through the wireless communication network, And a communication channel for transmitting the code (Nn) generation information is connected.

According to an embodiment of the present invention, when the media authentication server (2) 105 is provided on the wireless communication network (or in the wireless communication system), the interface unit 5160 transmits, And a communication channel including a wire section for connecting the media authentication server (2) (105) to the base station.

According to another embodiment of the present invention, when the media authentication server (2) 105 is provided on a communication network connected to the wireless communication network (or outside the wireless communication system), the interface unit 5160 A wireless section for connecting the wireless terminal 120 and the base station, a wire section for connecting the network switching device (e.g., gateway) in the base station, and a wired section for connecting the media authentication server (2) And a communication channel including a wire section is connected.

Referring to FIG. 51, when the wireless terminal 120 transmits the terminal medium authentication code through the communication channel, the media authentication server (2) 105 associates with the interface unit 5160, A terminal medium authentication unit (5170) for reading the received terminal medium authentication code and performing second authentication of the terminal medium corresponding to the wireless terminal (120) (Nn) generation information for generating an authentication code (Nn) in the wireless terminal (120) or generating the authentication code (Nn) to be transmitted to the wireless terminal (120) (Or the authentication code Nn) to the wireless terminal 120 in cooperation with the interface unit 5160. The information generation unit 5175 generates the authentication code (Nn) And a transfer unit (2) (5180) for transferring the image data.

When the wireless terminal 120 generates a terminal medium authentication code for terminal medium authentication for the wireless terminal 120 and transmits the terminal medium authentication code through the communication channel, the authentication code receiving unit 5165 transmits the terminal medium authentication code to the interface unit 5160 When the terminal medium authentication code is encrypted, the authentication code receiving unit 5165 decrypts the encrypted terminal medium authentication code through the decryption key. .

Then, the terminal medium authentication unit (2) 5170 authenticates the terminal medium authentication code according to the terminal medium authentication rule information to authenticate the validity of the terminal medium.

Those skilled in the art will be able to deduce various types of terminal media authentication code standards and various types of terminal media authentication rules for authenticating the terminal media authentication codes. And all of the above-mentioned embodiments to be inferred.

When the terminal medium authentication code is authenticated, the information generation unit (2) 5175 generates an authentication code (Nn) generation information for generating an authentication code (Nn) in the wireless terminal 120 through the authentication code generation rule information (Or extracts) the image data.

According to another embodiment of the present invention, the information generating unit (2) 5175 generates (or extracts) the authentication code (Nn) generation information through the authentication code generation rule information, And generates the authentication code (Nn) to be transmitted to the wireless terminal (120) through the generated information.

When the authentication code (Nn) generation information is generated (or extracted) through the information generation unit (2) 5175 according to an embodiment of the present invention, the transmission unit (2) 5180 transmits And transmits the generated authentication code (Nn) generation information to the wireless terminal 120 in association with the authentication code (Nn) generation information in response to the authentication code And generates an authentication code (Nn).

When the authentication code Nn is generated (or extracted) through the information generation unit 2 (5175) according to another embodiment of the present invention, the transmission unit (2) 5180 transmits the authentication code And transmits the generated authentication code Nn to the wireless terminal 120 in association with the authentication code Nn.

If the wireless terminal 120 does not include the program code Nn for generating the authentication code Nn through the authentication code Nn generation information, the transmitter 2 (5180) It is preferable to further transmit the program code Nn for generating the authentication code Nn through the authentication code Nn generation information to the wireless terminal 120 in conjunction with the code D / B (2) 5190 Do.

FIGS. 52A and 52B illustrate a medium authentication process for implementing a hybrid type disposable authentication code according to another embodiment of the present invention.

In more detail, Figures 52a and 52b illustrate that when the wireless terminal 120 functional configuration in which the hybrid disposable authentication code is implemented comprises the wireless terminal 120 functional configuration shown in Figure 50, (1) 100 on the mixed type disposable authentication code implementation system shown in FIG. 51, and performing a second medium authentication with the medium authentication server (2) 105 Those skilled in the art will be able to refer to and / or modify the drawings 52a and 52b to derive various implementations of the media authentication process for implementing the mixed disposable authentication code. However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIGS. 52A and 52B.

52, for example, the media authentication server (1) 100 simultaneously generates the first authentication terminal medium authentication code and the authentication code (n) generation information and transmits the same to the wireless terminal 120 However, the present invention is not limited thereto, and the terminal medium authentication code and the authentication code (n) generation information may be separately transmitted to the wireless terminal 120 according to those skilled in the art, It is possible to omit the transmission of the medium authentication code to the wireless terminal 120, and the present invention is characterized in that it includes all the methods that can be inferred as described above.

Hereinafter, in FIG. 52A and FIG. 52B, the medium authentication server (1) 100 on the mixed disposable authentication code implementation system shown in FIG. 51 is referred to as "server 1" for convenience, the medium authentication server 2 Quot; server 2 "for the sake of convenience.

Referring to FIGS. 52A and 52B, the wireless terminal 120 checks if a menu (or a key button) for implementing a mixed type disposable authentication code through media authentication is input (5200), and if the mixed disposable authentication code When a menu (or a key button) for implementing the operation is input (5205), the wireless terminal 120 connects the communication channel with the server 1 and transmits the medium authentication request information to the server 1 (5210 ).

Thereafter, the server 1 transmits a request for authenticating the server medium from the wireless terminal 120 based on the server authentication information (1) stored in the storage medium (1) 5150 corresponding to the medium authentication request information And generates server medium (1) authentication information (5215).

According to an embodiment of the present invention, the server authentication information is preferably matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, The server authentication information is preferably stored in a server certificate included in the memory unit (or IC chip or USIM).

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 .

According to another embodiment of the present invention, the server authentication information is preferably matched with information (e.g., user authentication information) input through a key input unit provided in the wireless terminal 120. [

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) authentication information including information on the server (1) and the server (1).

For example, the server preferably generates the server medium (1) authentication information by concatenating the server authentication information and the server (1) information.

Alternatively, the server may generate a server media verifier by hashing at least one of the server authentication information and the server (1) information into a one-way hash function and performing an XOR operation on the server verifier, (1) authentication information by concatenating at least one piece of information of the server medium (1).

(1) authentication information and at least one additional information item to be included in the authentication information of the server medium (1) and the additional information in addition to the server authentication information and the server (1) information, (1) It is possible to deduce a technical feature to be included in the authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The server transmits the server authentication information to the server authentication IC chip storage information provided in the IC chip (or USIM) at the wireless terminal 120 to form a server medium IC chip authentication information , And generates the server medium (1) authentication information including the server medium IC chip authentication information and the server (1) information.

For example, the server preferably generates the server medium (1) authentication information by concatenating the server medium IC chip authentication information and the server (1) information.

Alternatively, the server hashes the server medium IC chip authentication information and the server 1 information with a one-way hash function, and then performs an XOR operation to generate a server medium verifier. The server medium verifier, the server medium IC It is preferable that at least one chip authentication information and server 1 information are concatenated to generate authentication information of the server medium 1.

The server medium 1 may include at least one additional information item to be included in the authentication information of the server medium 1 and the additional information in addition to the server medium IC chip authentication information and the server 1 information, It is possible to deduce a technical characteristic included in the authentication information of the server medium 1, and the present invention is characterized in that it includes all the inferable information items.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, (For example, a random number value generated by the server), the server 1 information (or the server 1 information (or the server 1 hashed by the one-way hash function) (1) information), and generates a server medium verifier, the server medium verifier including at least one server authentication information, at least one random number information, and server information (1) 1) it is desirable to generate authentication information, and it is possible for the server to further hash the server media verifier according to the intent of the person skilled in the art.

For example, the server generates server medium (1) authentication information by concatenating the server medium verifier (or hashed server medium verifier) with the server authentication information, at least one or more random number information, and server .

(1) authentication information other than the server authentication information, the at least one random number information, and the server (1) information, the at least one additional information item (for example, , A prime number) and the additional information are included in the authentication information of the server medium 1, and the present invention is characterized in that all additional information items that can be guessed are included.

In addition, those skilled in the art will be able to deduce various methods of generating the authentication information of the server medium 1 based on the server authentication information in addition to the above-described embodiment, The present invention is characterized in that it comprises all the above-mentioned embodiments to be inferred.

If the server medium 1 authentication information is generated 5220, the server 1 transmits the server medium 1 authentication information to the wireless terminal 120 through a communication channel 5225, The wireless terminal 120 outputs an interface for inputting user authentication information on the screen of the wireless terminal 120, and checks whether the user authentication information is input through the interface (5230).

Here, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the mobile terminal 120 .

Alternatively, the user authentication information may include a user identification (ID) for authenticating the validity of the user of the mobile terminal 120 through the user authentication IC chip storage information provided in the IC chip (or USIM) (PIN), or a password.

Alternatively, the user authentication information may include at least one or more personal identification numbers (PINs) or passwords used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to the server 1 on the communication network desirable.

If it is determined that the user authentication information is input (5235), the wireless terminal 120 authenticates the server medium (5240) through the server medium (1) authentication information based on the user authentication information.

According to an embodiment of the present invention, when the server authentication information is matched with server authentication information stored in a memory unit (or an IC chip or a USIM) provided in the wireless terminal 120, (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information and compares the server authentication information stored in the memory unit (or IC chip or USIM) with the server authentication information included in the server medium (1) authentication information, And verifies the validity of the server medium.

If the server medium verifier is included in the authentication information of the server medium 1, the wireless terminal 120 may have a hash function of at least one of the server authentication information and the server 1 information, Hashes at least one of the server authentication information provided in the memory unit (or the IC chip or the USIM) and the server 1 information confirmed through the communication session in the same manner as the server medium verifier Generating a server medium authenticator by performing an XOR operation on the server medium authenticator, and comparing the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, the server authentication information includes server medium IC chip authentication information authenticated by user authentication IC chip storage information provided in an IC chip (or USIM) provided in the wireless terminal 120 , The wireless terminal 120 transmits the server 1 information stored in the memory unit (or the server 1 information confirmed through the communication session information for receiving the server medium 1 authentication information) (1) information included in the authentication information of the medium (1) to authenticate the validity of the server (1), and transmits the server medium IC chip authentication information included in the server medium (Or USIM) to authenticate the server medium IC chip authentication information, and when the server medium IC chip authentication result information is returned, the server medium IC chip authentication result information is read To the server medium It characterized in that to authenticate the validity.

If one or more pieces of information of the server medium IC chip authentication information and the server (1) information are hashed as a one-way hash function and XOR is performed in the server medium (1) authentication information to include a server medium verifier, (120) transmits at least one or more pieces of server medium IC chip authentication information provided in the storage medium (1) 5150 and server (1) information confirmed through the communication session to the server medium verifier To generate a server medium authenticator, and to compare the server medium verifier and the server medium authenticator to authenticate the validity of the server medium.

According to another embodiment of the present invention, when the server authentication information is matched with information (for example, user authentication information) input through a key input unit provided in the wireless terminal 120, the wireless terminal 120 (1) information (or information of the server (1) which is confirmed through communication session information for receiving the server medium (1) authentication information) stored in the memory unit and a server (1) information to authenticate the validity of the server 1, and transmits the server authentication information stored in the storage medium 1 (5150) provided in (or linked to) the server 1 via a one-way hash function Hashed by the hashed server authentication information, at least one random number value (e.g., a random number value included in the server medium (1) authentication information), the server 1 information At least one XOR server (1) And generating a server authentication medium, and by the server, the media (1) comparing an a media server verifier and the generated server authentication media comprises authentication information and wherein the authentication of the validity of the media server.

Those skilled in the art will be able to deduce various methods of authenticating the authentication information of the server medium 1 in addition to the above-described embodiment, and the present invention can be applied to all the methods And a control unit.

If the server medium is not authenticated through the authentication information of the server medium 1 (5245), the wireless terminal 120 generates server medium authentication error information and outputs it to the screen (5250) And ends the process of implementing the mixed one-time authentication code through

If the server medium is authenticated (5245) through the authentication information of the server medium 1, the wireless terminal 120 transmits the authentication information corresponding to the wireless terminal 120 in the server 1 using the user authentication information Terminal medium authentication information for authenticating the terminal medium is generated (5255).

According to an embodiment of the present invention, the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server 1 on the communication network to authenticate the terminal medium for the wireless terminal 120 The mobile terminal 120 transmits the user authentication information and the mobile terminal 120 unique information (e.g., MIN (Mobile Identification Number) information, ESN (Electronic Serial Number) information, or IMEI (International Mobile Equipment Identity) Or International Mobile Subscriber Identity (IMSI) information included in the USIM, MSISDN (Mobile Station International ISDN Number), or USIM unique information).

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the user authentication information and the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by hashing the at least one of the user authentication information and the unique information of the wireless terminal 120 into a one-way hash function and XORing the same, It is preferable that at least one of the user authentication information and the unique information of the wireless terminal 120 is concatenated to generate the terminal medium authentication information.

It is possible to have at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the user authentication information and the unique information of the wireless terminal 120, And the present invention is characterized in that all the additional information items that can be guessed are included.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) (Or PIN) or a password for authenticating the IC chip (or USIM), the wireless terminal 120 transmits the user authentication information to the IC chip (or USIM) (IC chip) storage information, or terminal authentication IC chip storage information, and returns the terminal medium IC chip authentication result information from the authenticated IC chip (or USIM) through the user authentication information, And generates the terminal medium authentication information including the returned terminal medium IC chip authentication result information and the unique information of the wireless terminal 120.

For example, the wireless terminal 120 may generate the terminal medium authentication information by concatenating the terminal medium IC chip authentication result information with the unique information of the wireless terminal 120.

Alternatively, the wireless terminal 120 generates a terminal media verifier by performing an XOR operation on at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 as a one-way hash function, It is preferable that at least one of the media verifier, the terminal medium IC chip authentication result information, and the wireless terminal 120 unique information is concatenated to generate the terminal medium authentication information.

The terminal 120 may be configured to transmit at least one additional information item to be included in the terminal medium authentication information and the additional information in addition to the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120, It is possible to deduce a technical characteristic included in the terminal medium authentication information, and the present invention is characterized in that it includes all the information items that can be guessed.

According to another embodiment of the present invention, a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating the terminal medium authentication information to be transmitted to the server 1 on the communication network, The wireless terminal 120 hashes the user authentication information through the one-way hash function, and transmits the hashed user authentication information, at least one random number value (for example, a random number generated by the terminal (Or unique information of the wireless terminal 120 hashed by the one-way hash function) to generate a terminal media verifier by performing an XOR operation on at least one of the unique information of the wireless terminal 120 It is possible to generate terminal medium authentication information including user authentication information, at least one random number information, and unique information of the wireless terminal 120 Straight, and the wireless terminal 120 in accordance with the intention of those skilled in the art it is possible to further cut the MS medium verification hash.

For example, the wireless terminal 120 concatenates the terminal media verifier (or the hashed terminal media verifier) with the user authentication information, at least one random number information, and the unique information of the wireless terminal 120, .

The terminal 120 may include at least one additional information item (for example, at least one additional information item to be included in the terminal medium authentication information), at least one random number information, And the additional information may be included in the terminal medium authentication information. The present invention is characterized in that all the possible additional information items are included.

In addition, those skilled in the art will be able to conceive various methods of generating the terminal authentication information based on the user authentication information, in addition to the above-described embodiments. And all of the above-mentioned embodiments to be inferred.

If the terminal medium authentication information is generated (5260), the wireless terminal 120 connects a communication channel with the server 1 and transmits the generated terminal medium authentication information to the server 1 via the communication channel (5265).

Subsequently, the server 1 reads the terminal medium authentication information in association with the storage medium (1) 5150, and authenticates the terminal medium (5270).

According to an embodiment of the present invention, when the user authentication information includes at least one or more personal identification numbers (PINs) or passwords registered in the server on the communication network to authenticate the terminal medium for the wireless terminal 120, The server checks the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information and transmits the unique information of the wireless terminal 120 and the wireless terminal 120 included in the terminal medium authentication information, Authenticates the validity of the wireless terminal 120 by comparing the unique information and transmits the user authentication information stored in the storage medium 1 5150 stored in the server 5100 in association with the unique information of the wireless terminal 120 And authenticates the validity of the terminal medium by comparing the information with user authentication information included in the terminal medium authentication information.

If the terminal media verifier is included in the terminal media authentication information, the server hashes the at least one of the user authentication information and the unique information of the wireless terminal 120 into the one-way hash function and XORs the terminal authentication information, 1) 5150 and the unique information of the wireless terminal 120 identified through the communication session, in the same manner as the terminal media verifier, and performs an XOR operation on the at least one information, Generating an authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may be validated by the user authentication IC chip storage information or the terminal authentication IC chip storage information provided in the IC chip (or USIM) The server confirms the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and if the authentication information includes the at least one personal identification number (PIN) Authenticates the validity of the wireless terminal 120 by comparing the unique information of the wireless terminal 120 with the unique information of the wireless terminal 120 included in the terminal medium authentication information and stores the stored (or linked) The user authentication IC chip storing information provided in the IC chip (or USIM), or the user authentication IC chip storing information provided in the IC chip (or USIM) based on the user authentication information stored in association with the unique information of the wireless terminal 120, (I) extracting the terminal medium IC chip authentication information when the terminal medium IC chip authentication information is stored in the storage medium (1) 5150 through the same logic as the terminal authentication IC chip storing information ), And authenticates the validity of the terminal medium IC chip authentication information by comparing the terminal medium IC chip authentication information with the terminal medium IC chip authentication result information included in the terminal medium authentication information.

If at least one of the terminal medium IC chip authentication result information and the unique information of the wireless terminal 120 is hashed as a one-way hash function and XOR operation is performed on the terminal medium authentication information, (1) 5150 and the unique information of the wireless terminal 120 identified through the communication session, in the same manner as the terminal medium verifier, And performing an XOR operation on the terminal media authenticator to generate a terminal media authenticator, and comparing the terminal media verifier and the terminal medium authenticator to authenticate the validity of the terminal medium.

According to another embodiment of the present invention, the user authentication information may include at least one of a personal identification number (PIN) used as a terminal medium authentication information generation factor for generating terminal medium authentication information to be transmitted to a server on the communication network, The server verifies the unique information of the wireless terminal 120 through the communication session for receiving the terminal medium authentication information, and transmits the unique information of the wireless terminal 120, which is included in the terminal medium authentication information, (1) 5150 compares the peculiar information of the wireless terminal 120 and authenticates the validity of the wireless terminal 120 and transmits the peculiar information of the wireless terminal 120 to the storage medium 1 The user authentication information stored in association with the user authentication information is hashed through a one-way hash function, and the hashed user authentication information, at least one random number value (e.g., Generates a terminal media authenticator by XORing at least one of the unique information of the wireless terminal 120 (or the unique information of the wireless terminal 120 hashed by the one-way hash function) The validity of the terminal medium is verified by comparing the terminal medium verifier included in the authentication information with the generated terminal medium authenticator.

Those skilled in the art will be able to deduce various methods for authenticating the terminal medium authentication information in addition to the above-described embodiment, and the present invention can be applied to all methods .

If the terminal medium authentication information is not authenticated (5275), the server 1 generates terminal medium authentication error information and transmits the terminal medium authentication error information to the wireless terminal 120 through the communication channel (5280) The wireless terminal 120 ends the hybrid type disposable authentication code implementation process through the media authentication.

When the terminal medium authentication information is authenticated (5275), the server 1 generates terminal medium authentication code and authentication code (n) generation information in association with the storage medium (1) 5150, To the wireless terminal 120 (5285).

The wireless terminal 120 connects a communication channel with the server 2 and transmits the terminal medium authentication code to the server 2 through the communication channel 5290.

Then, the server 2 reads the terminal medium authentication code in association with the storage medium 2 (5185), and performs a second authentication process on the terminal medium (5292).

If the terminal medium authentication code is not authenticated (5294), the server 2 generates terminal medium authentication error information and transmits it to the wireless terminal 120 through the communication channel (5296) The wireless terminal 120 ends the hybrid type disposable authentication code implementation process through the media authentication.

On the other hand, if the terminal medium authentication code is authenticated (5294), the server 2 generates authentication code (Nn) information for generating a hybrid type disposable authentication code through the process shown in FIG. 53, FIG. 54, And transmits the generated authentication code Nn to the wireless terminal 120.

FIG. 53 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to an embodiment of the present invention.

In more detail, FIG. 53 is a diagram illustrating a media authentication server (FIG. 52) on the hybrid disposable authentication code implementation system shown in FIG. 51, from the wireless terminal 120 shown in FIG. 50 through the media authentication process shown in FIGS. 52a and 52b 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result Generates the authentication code (n) through the authentication code (n) generation information at the wireless terminal 120 and transmits the authentication code (n) to the wireless terminal 120 through the authentication code (N) and then combining the authentication code (n) and the authentication code (Nn) to implement the authentication code (N). If the person skilled in the art is familiar with the present invention , Referring to and / or modifying Figure 53, Type would be able to infer a variety of exemplary methods for the one-time authentication code implementation, the present invention is made, including any exemplary way in which the inference, to which the the technical features are not limited to the exemplary method shown in the figure 53.

For example, in FIG. 53, the process of generating the authentication code (n) through the authentication code (n) generation information received from the medium authentication server (1) The present invention is not limited thereto, and the process of generating the authentication code (n) may include generating the authentication code (n) (n) and the authentication code (Nn) are combined with each other.

Hereinafter, in FIG. 53, the medium authentication server (2) 105 on the mixed disposable authentication code implementation system shown in FIG. 51 is referred to as a "server" for convenience.

Referring to FIG. 53, after media authentication is performed through the medium authentication process shown in FIGS. 52A and 52B, the server, in association with the storage medium 2 5185, The terminal 120 generates (5300) authentication code (Nn) generation information for generating an authentication code (Nn) and transmits the authentication code (Nn) generation information to the wireless terminal 120 through the communication channel The wireless terminal 120 receives the authentication code (Nn) generation information through the communication channel (5310), and receives the authentication code (Nn) from the authentication code (N1) (n), and generates the authentication code (Nn) through the received authentication code (Nn) generation information (5315).

If the authentication code n and the authentication code Nn are generated 5320, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 through the disposable authentication process through the wireless terminal 120 or at least the authentication code N is transmitted to the wireless terminal 120 And is used for a one-time authentication process through one or more disposable authentication code input media.

FIG. 54 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 54 is a flowchart illustrating a media authentication process in the wireless terminal 120 shown in FIG. 50 through the media authentication process shown in FIGS. 52A and 52B, on the mixed disposable authentication code implementation system shown in FIG. 1) 100 and the medium authentication server (2) 105, the media authentication server (2) 105 directly generates the authentication code (Nn) as the medium authentication result, (N) from the authentication code (n) generation information at the wireless terminal 120 and transmits the generated authentication code (n) and the received authentication code (n) to the wireless terminal 120 Nn) to implement an authentication code (N). Those skilled in the art will be able to refer to and / or modify the FIG. 54 to determine if a mixed disposable Various implementation methods for the authentication code implementation process It should be understood that the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 54, the process of generating the authentication code (n) through the authentication code (n) generation information received from the medium authentication server (1) The process of generating the authentication code n may be performed after the authentication code nn is received from the authentication code nn. However, the present invention is not limited thereto, ) And the authentication code (Nn) are combined with each other.

Hereinafter, in FIG. 54, the medium authentication server (2) 105 on the hybrid type disposable authentication code implementation system shown in FIG. 51 is referred to as a "server" for convenience.

Referring to FIG. 54, after media authentication is performed through the medium authentication process shown in FIGS. 52A and 52B, the server, in association with the storage medium 2 5185, The terminal 120 generates the authentication code Nn generation information for generating the authentication code Nn 5400 and generates the authentication code Nn through the generated authentication code Nn 5405 ).

If the authentication code Nn is generated 5410, the server transmits the authentication code Nn to the wireless terminal 120 through the communication channel 5415 and correspondingly transmits the authentication code Nn to the wireless terminal 120 ) Receives the authentication code Nn through the communication channel 5420 and generates the authentication code n through the authentication code n received from the media authentication server 100 (5425).

If the authentication code n is generated 5430, the wireless terminal 120 generates 5435 an authentication code N by combining the authentication code n and the authentication code Nn, (N) to the wireless terminal 120 on the screen of the wireless terminal 120 in step 5440. The authentication code N is then transmitted to the wireless terminal 120 through the one-time authentication process through the wireless terminal 120, And is used for a one-time authentication process through the medium.

FIG. 55 is a diagram illustrating a configuration of a hybrid type disposable authentication code implementation process through medium authentication according to another embodiment of the present invention.

In more detail, FIG. 55 is a flowchart illustrating a media authentication process of the wireless terminal 120 shown in FIG. 50 through the media authentication process shown in FIGS. 52A and 52B, on the mixed disposable authentication code implementation system shown in FIG. 1) 100 and the medium authentication server (2) 105, the medium authentication server (2) 105 generates authentication code (Nn) generation information as the medium authentication result And transmits a program code Nn for generating an authentication code Nn through the generated authentication code Nn and the authentication code Nn to the wireless terminal 120, 120) generates an authentication code (n) through the authentication code (n) generation information and generates an authentication code (Nn) through the authentication code (Nn) generation information based on the received program code The authentication code N is obtained by combining the authentication code n and the authentication code Nn, It will be understood by those skilled in the art that various other embodiments of the method for implementing the hybrid type disposable authentication code through the medium authentication may be implemented by referring to and / It should be understood that the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 55, the process of generating the authentication code (n) through the authentication code (n) generation information received from the medium authentication server (1) The present invention is not limited thereto, and the process of generating the authentication code (n) may include generating the authentication code (n) (n) and the authentication code (Nn) are combined with each other.

It is to be noted that, in FIG. 55, the program code Nn is provided to the wireless terminal 120 by the medium authentication server 2 (105) for convenience sake, however, the present invention is not limited thereto. (N) is not provided in the wireless terminal 120, the media authentication server (2) 105 may further include the program code (n) in the wireless terminal 120 I will reveal.

Hereinafter, in FIG. 55, the medium authentication server (2) 105 on the mixed disposable authentication code implementation system shown in FIG. 51 is referred to as a "server" for convenience.

Referring to FIG. 55, after media authentication is performed through the medium authentication process shown in FIGS. 52A and 52B, the server, in association with the storage medium 2 5185, The terminal 120 generates (5500) authentication code (Nn) generation information for generating an authentication code (Nn), and generates a program code Nn to be transmitted to the wireless terminal 120 in conjunction with the program code D / And transmits the authentication code (Nn) generation information and the program code Nn through the communication channel (5505).

If the program code n is not provided to the wireless terminal 120 according to the embodiment of the present invention, the server confirms the program code n to be transmitted from the program code D / B to the wireless terminal 120 It is possible to further include the program code (n) through the communication channel, and thus the present invention is not limited thereto.

The wireless terminal 120 receives the authentication code Nn generation information and the program code Nn through the communication channel in step 5510 and transmits the authentication code Nn to the wireless terminal 120 using the authentication code received from the media authentication server 1 generates the authentication code Nn through the authentication code Nn and generates the authentication code Nn based on the authentication code Nn based on the program code Nn.

If the authentication code n and the authentication code Nn are generated 5520, the wireless terminal 120 generates the authentication code N by combining the authentication code n and the authentication code Nn The authentication code N is transmitted to the wireless terminal 120 in step 5525 and the generated authentication code N is output on the screen of the wireless terminal 120 in step 5530. Thereafter, And is used for a one-time authentication process through one or more disposable authentication code input media.

100: Media authentication server (1) 105 Media authentication server (2)
110: Disposable authentication code authentication server
115: Disposable authentication code input medium
120: wireless terminal

Claims (8)

A method of implementing a disposable authentication code through a server communicating with a mobile communication terminal of a user having a program participating in a transaction, the method comprising:
A program of a mobile communication terminal for generating server medium authentication information for authenticating the server with a server medium on a server side participating in a transaction based on a disposable authentication code and participating in the transaction and implementing a disposable authentication code for the transaction A first step of transmitting the server medium authentication information;
Authenticating the validity of the server medium authentication information through the program of the mobile communication terminal, authenticating the mobile communication terminal in a state in which the program is executed as the terminal medium of the terminal participating in the transaction, A second step of receiving the terminal medium authentication information generated through the program of the mobile communication terminal to authenticate the mobile communication terminal of one state to the terminal medium of the terminal that implements the one-time authentication code for the transaction;
A mobile communication terminal in which the program is executed using the terminal medium authentication information received from the program of the mobile communication terminal, the mobile communication terminal participating in the transaction and authenticating with the terminal medium implementing the disposable authentication code for the transaction Step 3; And
When the mobile communication terminal in the state in which the program is executed through the terminal medium authentication information participates in the transaction and at the same time authenticates with the terminal medium implementing the one-time authentication code for the transaction, the program of the authenticated mobile communication terminal And generating a seed value for dynamically generating a disposable authentication code through the program and providing the seed value to a program of the mobile communication terminal,
Wherein the program stores the received seed value in a designated storage area of the mobile communication terminal and transmits a disposable authentication code for the transaction using the authentication code generation information including the stored seed value at the time of a one- Wherein the method further comprises the steps of:
The information processing apparatus according to claim 1,
And the server certificate for the server is included.
The method according to claim 1 or 2,
A server medium verifier generated using an algorithm provided in the server,
A hash value obtained by hashing the generated server media verifier,
Random number information dynamically generated through the server,
And server information that uniquely identifies the server. The method of claim 1, wherein the method further comprises:

The terminal according to claim 1, wherein the terminal-
The unique information stored in the memory unit of the mobile communication terminal, the unique information stored in the IC chip or the USIM interfaced to the mobile communication terminal, the IC chip or the USIM in response to the authentication request to the IC chip or the USIM through the program, And at least one piece of information extracted from the authentication result information returned from the program,
A hash value obtained by hashing the generated terminal media verifier, and at least one generated information extracted through the program from the random number information generated dynamically through the program, The method comprising the steps of: (a) receiving a plurality of pieces of authentication information;
2. The method according to claim 1,
Further comprising the step of receiving a user's personal identification number (PIN) or password.
The method as claimed in claim 1,
Generating a terminal medium authentication code corresponding to a result of authenticating the mobile communication terminal in a state in which the program is executed to a terminal medium that generates a disposable authentication code at the same time as participating in the transaction; And
And transmitting the generated terminal medium authentication code to a program of the authenticated mobile communication terminal,
The terminal medium authentication code is stored in a designated storage area of the mobile communication terminal through a program of the mobile communication terminal, and the mobile communication terminal in a state in which the program is executed at the time of a one- Wherein the authentication information is used to authenticate the terminal medium to generate a one-time authentication code for the transaction.
The information processing apparatus according to claim 1,
Further comprising at least one piece of information pre-stored in an IC chip or a USIM interfaced with the memory unit of the mobile communication terminal or the mobile communication terminal.
delete

Images