KR102368723B1 - A gate controlling method based on a password broadcast using near-field broadcasting and system for the same - Google Patents

Abstract

Step, by the access security device, receiving the name of the short-range communication unit of the first mobile device from the service server, receiving the first mobile-compatible password from the service server, 1M signal broadcast by the first mobile device using short-distance communication Detecting based on the short-range communication unit name, and when it is determined that the first mobile password included in the 1M signal is the same as the first mobile corresponding password, permitting access via an access security device. Disclose access security method.

Description

A gate controlling method based on a password broadcast using near-field broadcasting and system for the same}

The present invention relates to a door control system. In particular, it relates to a door control technology in which security is enhanced by cooperative authentication of a user's mobile device, a service server, and an access security device.

A digital lock is installed on the door, and when correct authentication information (eg, password, biometric authentication information, NFC tagging, etc.) preset in advance is input to the digital lock, the lock is released. In general, the unlocking function of the digital lock is implemented without interworking with other devices. When the authentication information is exposed, that is, when a third party acquires the authentication information or becomes usable in an illegal way, the third party's door There is a problem that intrusion through the The password may be exposed by the negligence of a legitimate person, but there is a problem that the password may be exposed by a malicious third party hacking only the digital lock.

In order to solve this problem, it is possible to prevent intrusion through the door by hacking only the digital lock using another device interlocking with the digital lock. However, in a commercialized embodiment, as an example of the other device interlocking with the digital lock, a digital key designed to be tagged with the digital lock is employed.

As described above, in the past, a 1-factor authentication method for releasing a lock using only one piece of authentication information or a 2-factor authentication method using additional authentication information could be used.

However, in order to use the additional authentication information, for example, the existing two-factor authentication method is inconvenient because a legitimate entrant has to take out the digital key with his or her hand and contact the digital lock in a short distance.

Therefore, there is a need for a technology capable of unlocking the lock state of the digital lock using another device interlocking with the digital lock without taking the other device out of the pocket.

In the present invention, a security element is added by performing an automatic short-distance communication-based password (OTP) authentication without additional actions other than the existing access security actions performed by a legitimate accessor for access, thereby adding a security element to the existing 1-Factor Compared to 2-Factor authentication, which required authentication and additional inconvenient actions, it is intended to provide easy, convenient, and improved 2-Facter authentication-based access security and user authentication functions.

An object of the present invention is to provide a technology capable of unlocking the lock state of an access security device without taking out an interlocking device interlocking with a digital lock (hereinafter, an access security device) from a pocket or bag.

In addition, in the present invention, it is an object of the present invention to provide a technology for strengthening the security of an access security device using a one-time password (OTP).

In addition, in the present invention, the input of existing basic authentication information (eg, password, NFC tagging information, 1-Factor authentication information, such as biometric information) is the only security means for the first security device, which is based on IoT function and short-distance communication. By building a physical security element through the use of OTP, even if the basic authentication information is exposed, a secure IoT device that does not allow access if the interlocked mobile does not exist in the vicinity of the digital lock, We want to provide an access security system.

According to one aspect of the present invention, when requesting access security permission through basic authentication information (eg, password, NFC tagging information, 1-Factor authentication information such as biometric information), access with a mobile device interlocked with the basic authentication information It is possible to provide an additional security element using a short-distance communication function between security devices and OTP.

In the access security method provided according to an aspect of the present invention, an access requester may request an access by providing basic authentication information to an access security device.

Then, the access security device may request the service server to confirm the access requester based on the security requester information (information input through password, NFC, RFID, and other actions) input through the communication function. To this end, the access security device may transmit the security requestor information together with an access security device identifier for identifying the access security device to the service server.

Then, the service server may request real-time location information of the corresponding mobile along with OTP information (mobile OTP1) for mobile authentication from the mobile device linked to the access security device. To this end, the service server is configured to be connected to one of the mobile devices 1:1 linked to the access security device, or one of a plurality of mobile devices linked 1:N to the access security device. It may be possible to access a DB including information about it. In this case, the DB may include the 1:1 linkage information or the 1:N linkage information. The linkage information may be provided in the form of a table.

Then, the mobile device receiving the request for the OTP information (mobile OTP1) and the real-time location information for mobile authentication from the service server may transmit its own mobile OTP1 and real-time location information to the service server.

To this end, the mobile device may include a mobile OTP generator and one or more location information collecting devices. The one or more location information collecting devices may include a geolocation information collecting device. The mobile OTP generator may be included in an application program installed in the mobile device. The OTP output value of the server OTP generation unit having the same OTP generation rule as the OTP generation rule of the mobile OTP generation unit may be such that the service server can obtain it. The server OTP generator may be included in the service server as an application program or may be included in a separate computing device accessible to the service server.

Then, the service server authenticates the mobile device using the mobile OTP1 received from the mobile device, and exchanges the real-time location information received from the mobile device and the location information (eg, earth location information) of the access security device with each other. By comparison, it may be confirmed whether the distance between the real-time location of the mobile device and the location (eg, earth location) of the access security device is within a predetermined error range. To this end, the service server may be configured to access a DB including information on the location of the access security device. The location information of the access security device may be registered in the DB when a person authorized to use the access security device subscribes to the service providing the access security method according to the present invention.

The service server may specify the mobile device as a service target mobile device when a distance between the real-time location of the mobile device and the location of the access security device is within a predetermined error range.

Then, the service server may transmit OTP information (mobile-compatible OTP) of the mobile device to be checked through short-distance communication to the access security device. The service server may request that the mobile device activate a short-distance communication function, and request that the mobile device broadcast OTP information (mobile OTP) from the mobile device.

In this case, the service server and the mobile device may generate the mobile OTP2-server and the mobile OTP according to specific OTP generation rules, respectively. Accordingly, the mobile OTP2-server and the mobile OTP generated at the same time may have the same value.

The mobile-compatible OTP generated by the service server may be transmitted by the service server to the access security device using wired/wireless network communication. In addition, the mobile OTP generated by the mobile device may be transmitted by the mobile device to the access security device using a short-distance communication function.

Then, the access security device checks the mobile OTP transmitted by the mobile device through the short-distance communication function, and uses the strength of the wireless signal including the information of the mobile OTP transmitted using the short-distance communication function. , it is possible to check the distance from the access security device to the mobile device.

Then, when the access security device determines that the mobile OTP and the mobile OTP have the same value, and it is confirmed that the distance from the access security device to the mobile device is less than or equal to a predetermined error range, the access A security device may permit entry. That is, the access security device may release a lock managed by the access security device.

In this case, the short-distance communication usable by the mobile device may include all kinds of short-distance communication methods such as cell, BLE, beacon, Bluetooth, NFC, RFID, and wifi. If it is consistent with the spirit of the present invention, it will fall within the scope of the present invention by applying another type of short-distance communication method newly appearing after the present application.

An access security method provided according to an aspect of the present invention includes the steps of: receiving, by an access security device, a short-range communication unit name of the first mobile device provided to a service server by the first mobile device from the service server; receiving, by the access security device, a first mobile corresponding password from the service server; detecting, by the access security device, a 1M signal broadcast by the first mobile device using short-distance communication based on the received short-distance communication unit name; and permitting, by the access security device, access via the access security device when it is determined that the first mobile password included in the 1M signal is the same as the first mobile corresponding password. In this case, the name of the short-range communication unit of the first mobile device may be the same as the first mobile corresponding password.

At this time, the access security method, before the step of receiving the short-range communication unit name from the service server, the access security device, the step of obtaining user identification information; and transmitting, by the access security device, the acquired user identification information to the service server. In this case, the service server accesses a database including a table in which the user identification information and the first mobile device are related to each other to obtain information about the first mobile device related to the user identification information. And, the service server may be configured to request the name of the short-range communication unit of the first mobile device from the first mobile device to obtain the name of the short-range communication unit.

In this case, the access security method may further include the step of generating, by the access security device, information on a first distance between the access security device and the first mobile device based on the strength of the 1M signal. . In this case, only when the first distance is less than or equal to a predetermined value, access via the access security device may be permitted.

In this case, the first mobile password may be generated by the first mobile device, and the first mobile corresponding password may be generated by the service server.

In this case, the first mobile password may be generated by the first mobile device, and the first mobile corresponding password may be the first mobile password obtained by the service server from the first mobile device.

In this case, the first mobile password is a first mobile OTP (One Time Password) generated by the first mobile device, the first mobile corresponding password is a first mobile corresponding OTP generated by the service server, and the first The generation rule of the first mobile OTP and the generation rule of the first mobile OTP may be identical to each other.

Access security method provided according to another aspect of the present invention, the service server, receiving the user identification information from the access security device; obtaining, by the service server, an identifier of the first mobile device related to the user identification information by accessing a database including a table in which the user identification information and the first mobile device are related to each other; obtaining, by the service server, the short-range communication unit name from the first mobile device by requesting the first mobile device the short-range communication unit name of the first mobile device using the identifier of the first mobile device; transmitting, by the service server, the name of the short-range communication unit to the access security device; and transmitting, by the service server, a first mobile-compatible password to the access security device. In this case, the access security device is configured to detect a 1M signal broadcast by the first mobile device using short-distance communication based on the short-range communication unit name, and a first mobile password included in the 1M signal. When it is determined that is the same as the first mobile corresponding password, access via the access security device is permitted.

In this case, the first mobile password is a first mobile OTP (One Time Password) generated by the first mobile device, the first mobile corresponding password is a first mobile corresponding OTP generated by the service server, and the first The generation rule of the first mobile OTP and the generation rule of the first mobile OTP may be identical to each other.

In this case, the access security method may include: obtaining, by the service server, requesting information about the location of the first mobile device from the first mobile device; and acquiring, by the service server, the location where the access security device is installed by accessing a database including a table in which an identifier of the access security device and a location where the access security device is installed are stored in association with each other. can In this case, the step of obtaining the short-range communication unit name may be executed only when the service server determines that the difference between the location of the first mobile device and the location where the access security device is installed is less than or equal to a predetermined value.

In this case, the access security method includes the steps of, by the service server, requesting and obtaining a mobile authentication password from the first mobile device; and generating, by the service server, a mobile-compatible authentication password. In this case, the step of obtaining the short-range communication unit name may be executed only when the service server determines that the mobile authentication password and the mobile-compatible authentication password are identical to each other.

In this case, the process of allowing access via the access security device may include a process of releasing a lock controlled by the access security device.

The access security method provided according to another aspect of the present invention comprises the steps of: transmitting, by a first mobile device, a short-range communication unit name of the first mobile device to the service server in response to a request from a service server; generating, by the first mobile device, a first mobile password; and broadcasting, by the first mobile device, a 1M signal including the first mobile password using short-distance communication. In this case, the service server transmits the name of the short-range communication unit to the access security device, and generates a first mobile corresponding password to transmit the generated first mobile corresponding password to the access security device. And the access security device is configured to detect the first M signal based on the short-range communication unit name, and when it is determined that the first mobile password included in the first M signal is the same as the first mobile corresponding password, Access through the access security device is permitted.

In this case, in the access security method, before the step of transmitting the short-range communication unit name of the first mobile device to the service server, the first mobile device responds to the request of the service server, the location of the first mobile device The method may further include providing information on the service server to the service server. In this case, the service server may be configured to request the name of the short-range communication unit from the first mobile device only when it is determined that the difference between the location where the access security device is installed and the location of the first mobile device is less than or equal to a predetermined value. there is.

At this time, in the access security method, before the step of transmitting the short-range communication unit name of the first mobile device to the service server, the first mobile device generates a mobile authentication password in response to the request of the service server, The method may further include providing the generated mobile authentication password to the service server. In this case, the service server may be configured to request the name of the short-range communication unit from the first mobile device only when it is determined that the mobile authentication password and the mobile authentication password generated by the service server are identical to each other.

According to another aspect of the present invention, an access security device including a short-distance communication unit, a data transmission/reception unit, and a processing unit may be provided. receiving, by the processing unit, the short-range communication unit name of the first mobile device provided to the service server by the first mobile device from the service server, using the data transceiver; receiving a first mobile-compatible password from the service server using the data transceiver; detecting, using the short-distance communication unit, a 1M signal broadcast by the first mobile device using short-distance communication based on the received short-range communication unit name; and permitting access via the access security device when it is determined that the first mobile password included in the 1M signal is the same as the first mobile corresponding password.

According to another aspect of the present invention, a service server including a data transmitting and receiving unit, and a processing unit may be provided. receiving, by the processing unit, user identification information from an access security device using the data transceiver; obtaining an identifier of the first mobile device related to the user identification information by accessing a database including a table in which the user identification information and the first mobile device are related to each other; obtaining the short-range communication unit name from the first mobile device by using the data transceiver to request the short-range communication unit name of the first mobile device from the first mobile device using the identifier of the first mobile device; transmitting the name of the short-range communication unit to the access security device by using the data transceiver; and transmitting a first mobile-compatible password to the access security device by using the data transmission/reception unit. In this case, the access security device is configured to detect a 1M signal broadcast by the first mobile device using short-distance communication based on the short-range communication unit name, and a first mobile password included in the 1M signal. When it is determined that is the same as the first mobile corresponding password, access via the access security device is permitted.

According to another aspect of the present invention, a user equipment including a data transceiver, a short-range communication unit, a signal detection unit, and a processing unit may be provided. transmitting, by the processing unit, the name of the short-range communication unit of the first mobile device to the service server in response to a request from the service server, using the data transceiver; generating a first mobile password; and using the short-distance communication unit to broadcast a 1M signal including the first mobile password using short-distance communication. The service server is configured to transmit the short-range communication unit name to the access security device, generate a first mobile corresponding password, and transmit the generated first mobile corresponding password to the access security device. And the access security device is configured to detect the first M signal based on the short-range communication unit name, and when it is determined that the first mobile password included in the first M signal is the same as the first mobile corresponding password, Access through the access security device is permitted.

As described above, short-distance communication that automatically operates without taking out the mobile device from the pocket or bag without the user's additional action to the use of the 1-factor authentication access security device based on the existing password input, biometric authentication, NFC tagging, etc. By adding basic password (OTP) authentication, it is possible to provide an easy 2-factor authentication-based access security device and access security system.

In addition, the lock state of the access security device can be simply unlocked even if the mobile device is in possession without taking out, and the time required for unlocking the device can be reduced.

In addition, since there is no need to take out the mobile device, the unlocking procedure of the access security device is simplified.

In addition, according to an embodiment of the present invention, since a one-time password (OTP) is used, security can be improved.

In addition, according to an embodiment of the present invention, when the mobile device receives a predetermined broadcasting signal from the access security device, the mobile device automatically changes the access security app from the standby state to the active state, and the mobile device When a short-distance communication activation signal is received from the service server, the short-distance communication mode of the mobile device is automatically changed to an ON state, thereby preventing unnecessary battery consumption of the mobile device.

1 is a system diagram of a mobile access security system according to an embodiment of the present invention.
2 is a block diagram of a mobile device that provides a mobile access security method according to an embodiment of the present invention.
3 is a block diagram of a service server that provides a mobile access security method according to an embodiment of the present invention.
4 is a block diagram of an access security device that provides a mobile access security method according to an embodiment of the present invention.
5A and 5B are flowcharts illustrating a mobile access security method according to a first embodiment of the present invention.
6 is a flowchart illustrating steps performed by an access security device for a mobile access security service provided according to the first embodiment of the present invention.
7 is a flowchart illustrating steps performed by the service server for the mobile access security service provided according to the first embodiment of the present invention.
8 is a flowchart illustrating steps performed by a mobile device for a mobile access security service provided according to the first embodiment of the present invention.
9A and 9B are flowcharts illustrating a mobile access security method according to a second embodiment of the present invention.
10 is a flowchart illustrating a mobile access security method according to a third embodiment modified from the second embodiment shown in FIGS. 9A and 9B.

Since the description of the present invention is merely an embodiment for structural or functional description, the scope of the present invention should not be construed as being limited by the embodiment described in the text. That is, since the embodiment may have various changes and may have various forms, it should be understood that the scope of the present invention includes equivalents capable of realizing the technical idea. In addition, since the object or effect presented in the present invention does not mean that a specific embodiment should include all of them or only such effects, it should not be understood that the scope of the present invention is limited thereby.

On the other hand, the meaning of the terms described in the present application should be understood as follows.

Terms such as “first” and “second” are for distinguishing one component from another, and the scope of rights should not be limited by these terms. For example, a first component may be termed a second component, and similarly, a second component may also be termed a first component.

The singular expression is to be understood as including the plural expression unless the context clearly dictates otherwise, and terms such as "comprises" or "have" refer to the embodied feature, number, step, action, component, part or these It is intended to indicate that a combination exists, and it is to be understood that it does not preclude the possibility of the existence or addition of one or more other features or numbers, steps, operations, components, parts, or combinations thereof. Hereinafter, preferred embodiments of the present invention will be described in detail based on the accompanying drawings.

Identifiers (eg, a, b, c, etc.) in each step are used for convenience of explanation, and the identification code does not describe the order of each step, and each step is clearly specified in a specific order in context. Unless otherwise specified, it may occur in a different order from the specified order. That is, each step may occur in the same order as specified, may be performed substantially simultaneously, or may be performed in the reverse order.

The present invention can be embodied as computer-readable codes on a computer-readable recording medium, and the computer-readable recording medium includes all types of recording devices in which data readable by a computer system is stored. . Examples of the computer-readable recording medium include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc. also includes In addition, the computer-readable recording medium is distributed in a computer system connected to a network, so that the computer-readable code can be stored and executed in a distributed manner.

All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the present invention belongs, unless otherwise defined. Terms defined in general used in the dictionary should be interpreted as having the meaning consistent with the context of the related art, and cannot be interpreted as having an ideal or excessively formal meaning unless explicitly defined in the present application.

1 is a system diagram of a mobile access security system according to an embodiment of the present invention.

2 is a block diagram of a mobile device that provides a mobile access security method according to an embodiment of the present invention.

3 is a block diagram of a service server that provides a mobile access security method according to an embodiment of the present invention.

4 is a block diagram of an access security device that provides a mobile access security method according to an embodiment of the present invention.

Referring to FIG. 1 , a mobile access security system according to an embodiment of the present invention includes a short-range communication 100 , a mobile device 200 , a service server 300 , and an access security device 400 .

The short-distance communication 100 means short-distance communication that can be used to perform the mobile access security method according to an embodiment of the present invention. The short-distance communication 100 may be one of Bluetooth communication, high-frequency communication, RFID communication, beacon communication, NFC communication, Wi-Fi, acoustic communication using a microphone and speaker, and Cell-ID method (communication company cell-based communication method), However, the present invention is not limited thereto.

As for the technology related to the short-distance communication of the Cell-ID method, various prior technologies such as the technology of International Patent Publication No. WO 2008/083910 have been disclosed. In the case of a pico-cell and a femto-cell, a local communication function can be provided in a region corresponding to a short distance, and a short-range communication environment to which the present invention can be applied can be provided.

In an embodiment of the present invention, two or more short-range communication methods may be used. The first type of short-range communication may be a technology for transmitting a signal that can be detected by the mobile device even when short-range communication technologies such as Bluetooth, NFC, and Wi-Fi of the mobile device are not activated. For example, the first type of short-range communication technology may be a communication technology using Cell-ID and a sound transmission technology using a speaker and a microphone. The second type of short-range communication technology may be a technology that causes power consumption of the mobile device, such as Bluetooth, NFC, and Wi-Fi. In addition, the second type of short-range communication technology may be a standard communication technology having a protocol for determining the strength of a received signal, such as Bluetooth, NFC, and Wi-Fi.

The short-range communication unit 270 of the mobile device 200 shown in FIG. 2 may be integrally included in the mobile device 200 to be described in detail below or may be provided detachably.

The short-distance communication unit 470 of the access security device 400 shown in FIG. 4 may be integrally included in the access security device 400 to be described in detail below, or may be provided detachably.

In an embodiment, the short-range communication unit 470 of the access security device 400 may include a cell-based communication device (such as a picocell or a femtocell) connected to the access security device 400 .

In an embodiment, the short-distance communication unit 470 of the access security device 400 may be a speaker connected to the access security device 400 . The speaker may be, for example, for transmitting ultrasonic waves.

The mobile device 200 is a mobile device that is carried by a user when using the mobile access security method according to an embodiment of the present invention, and has a short-distance communication function and a communication function through a communication company to serve as an authentication means for door opening/closing control. means Smartphones, tablet PCs, mobile PCs, and various wearable devices may correspond to this.

Communication through the carrier may refer to, for example, wireless communication such as WiFi Internet, 3G, 4G, 5G, and LTE, and MAN communication using a wired network.

In order to perform the mobile access security method according to the embodiment of the present invention, the mobile device 200 has a mobile access security application program installed, and the user uses the mobile device 200 to perform the mobile access security application program. You may have already registered as a member and automatically logged in to the access security service using the program. The mobile access security application program may be simply referred to as an access security app or an access security application program hereinafter.

The access security application program may be downloadable from a server distributing the program to the mobile device. The access security application program may be designed to perform a predetermined function in cooperation with a service server and an access security device. An access security application program for a server corresponding to the access security application program may be installed and operated in the service server as well.

The service server 300 may execute a service program that provides an access security service according to an embodiment of the present invention that can be used through the access security application program. A user of the access security application program may be subscribed as a member of the access security service, and may automatically log in to the service program through the access security application program.

A user who is a member of the access security service is logged in to the access security application program executed in the mobile device 200, and is automatically logged in to the access security service through the access security application program. . In addition, the service server 300 may be connected to the mobile device 200 and the access security device 400 through wired/wireless communication.

The access security application program may operate in a standby mode or an active mode. The standby mode may be a mode for reducing power consumption for executing the access security application program, and the activation mode may be a mode set to smoothly perform a function provided by the access security application program.

Normally, the power consumption of the mobile device 200 can be reduced by operating the access security application program in the standby mode. When the mobile device 200 approaches the access security device 400, the mode of the access security application program should be changed to the active mode. A method of changing the access security application program from the standby mode to the active mode will be described in more detail below. The access security application program generates a first mobile OTP in an activated state, generates a 1M signal including the generated first mobile OTP, and broadcasts the 1M signal through the short-distance communication unit of the mobile device 200 can be cast

The access security application program is installed in the mobile device 200, and the access security application program for the access security device corresponding to the access security application program and the server access security application program is installed in the access security device 400 may have been

The access security application program may generate and use an OTP.

The OTP generated by the access security application program is transmitted to the service server 300 , and the service server 300 may authenticate the mobile device 200 using the OTP transmitted from the mobile device 200 . When the authentication is completed, the service server 300 may take measures to perform subsequent steps to be performed by the mobile device 200 in order to unlock the access security device 400 .

The OTP generated by the access security application program may be transmitted by the mobile device 200 using short-range communication technology. The access security device 400 may detect the signal transmitted from the mobile device 200 to recognize the OTP generated by the access security application program. Even if short-range communication pairing between the access security device 400 and the mobile device 200 is not performed, the access security device 400 may recognize the OTP.

The OTP generated by the access security application program is transmitted to the service server 300 , and the service server 300 may transmit the OTP received from the mobile device 200 back to the access security device 400 . Alternatively, the service server 300 may generate a mobile corresponding OTP according to the same rules as the access security application program, and may transmit the generated mobile corresponding OTP to the access security device 400 .

The access security device 400 may check whether the OTP obtained by analyzing the signal transmitted by the mobile device 200 through short-distance communication is the same as the OTP transmitted from the service server 300 .

The access security device 400 has short-distance communication and communication functions through a communication company, so that when a user inputs user identification information to unlock a door or gate, the user does not need to take out or operate the mobile device 200 . A device that can be unlocked.

In an embodiment, the user identification information may be directly input into the access security device 400 by a passer using the mobile device 200 . In this case, the user identification information may be a secret ID that is the user's own identification information and authentication information. The user identification information may be composed of numbers and/or letters identifying the mobile device 200 , or may be the ID of a person who has a legitimate right to use the mobile device 200 and the access security application program. The person's ID may be the person's name, nickname, or code. However, the specific format of the user identification number is not limited to that described herein. For example, when the mobile device 200 is a mobile phone and the user identification information is a mobile phone number, the passer-by can directly input the mobile phone number of the mobile device 200 into the access security device 400 .

In another embodiment, the user identification information may be input through the additional help of the access security device (400). After collecting user identification information of one or more nearby mobile devices by a predetermined method, the access security device 400 may display one or more user identification information through a user interface (eg, a monitor). A user interface capable of communicating user identification information for identifying his/her mobile device 200 with the user interface of the access security device 400 or the access security device 400 among the one or more user identification information displayed can be selected through In addition, the passer may additionally input user authentication information (eg, password) through the user interface.

In another embodiment, the vehicle number recognition device may participate in the process of inputting the user identification information. To this end, the access security device 400 may be combined with a vehicle number recognition device.

In one embodiment, for example, when a passer boards a vehicle and uses a store (eg, a gas station) having a plurality of vehicle entry lanes, the access security device 400 sets the license plate number of one or more nearby vehicles. After collecting the information, the information related to the one or more license plates may be displayed through a user interface such as a monitor. In this case, each of the one or more vehicle numbers may be linked 1:1 with mobile device identification information for identifying a specific mobile device. And/or each of the one or more vehicle numbers may be associated with one or more user identification information for identifying a user of the mobile device in 1:N (N is a natural number). The access security device 40 may display the collected one or more vehicle numbers, one or more mobile device identification information, and/or one or more user identification information through a user interface such as a monitor. A passer-by may select any one of the displayed information. In one scenario, the passer may first select any one of a plurality of vehicle numbers or a plurality of mobile devices, and then select and input user identification information. In another scenario, the passer-by may skip the process of selecting a vehicle number or mobile device, and may directly select and input user identification information. A passer-by who has entered user identification information may additionally input user authentication information such as a password.

In another embodiment, for example, when using a drive-through store in which a passer-by boards a vehicle and sequentially enters the store through one lane, the access security device 400 is the closest to the vehicle number recognition device. After collecting the vehicle number of one vehicle, the mobile device and user identification information linked to the collected vehicle number can be automatically specified, and the access security service is provided using the specified user identification information can do. If the user using the mobile device linked to the one vehicle number has set a plurality of user identification information, the access security device 400 displays the plurality of user identification information on the screen to display one of the plurality of user identification information on the screen. may be induced to select and input, and the access security service may be provided using the selected and input user identification information. The input user identification information is valid, and the access security device 400 may open a vehicle breaker that it controls.

Various information related to the vehicle number may be stored in a storage device that the service server 300 can access and a storage device that the access security application program installed in the mobile device 200 can access. The access security device 400 may obtain mobile device identification information and/or user identification information linked to the selected vehicle number with the help of the service server 300 . To this end, the mobile device 200 or the user of the access security application program may have to provide information for linking the vehicle number and the user identification information to the access security system.

The access security device 400 may correspond to any device that controls a gate through which a person passes, a locking device installed on a door, and a locking device installed on a gate through which a vehicle passes.

In order to perform the mobile access security method according to an embodiment of the present invention, the access security device 400 is installed with an access security application program for the access security device, and the access security device 400 is for the access security device You may have already registered as a member and automatically logged in to the security application program and/or the access security service.

2 is a block diagram of a mobile device 200 that provides a mobile access security method according to an embodiment of the present invention.

Referring to FIG. 2 , the mobile device 200 according to an embodiment of the present invention includes a data transmission/reception unit 210 for transmitting and receiving data with the service server 300 , a first mobile OTP generation unit 230 , and a short-range communication unit ( 270) may be included.

The mobile device 200 may generate a first mobile OTP in the first mobile OTP generating unit 230 by an access security application program. The first mobile OTP is generated in synchronization with the first mobile corresponding OTP generating unit 3311 of the service server 300 . Therefore, when the mobile device 200 transmits the generated first mobile OTP to the service server 300, the service server 300 can check the legitimacy of the mobile device 200 using the first mobile OTP. there is.

The first mobile OTP generation unit 230 managed by the access security application program may be configured to generate the same password at the same time as the first mobile OTP generation unit 3311 of the service server 300. .

The access security application programs installed on different mobile devices 200 or different mobile devices 200 may include different mobile OTP generators that output different passwords at the same time.

The service server 300 may include different mobile OTP generating units corresponding to the plurality of different mobile OTP generating units.

The short-range communication unit 270 may broadcast the short-range communication unit name of the mobile device 200 . Broadcasting the name of the short-range communication unit of the mobile device 200 may be made by the request of the service server.

3 is a block diagram of a service server 300 that provides a mobile access security method according to an embodiment of the present invention.

Referring to FIG. 3 , the service server 300 according to an embodiment of the present invention may include a data transmission/reception unit 310 , an OTP function module 330 , a validity check unit 350 , and a command unit 370 . there is.

The OTP function module 310 includes the user's subscription information of the access security application program using OTP, user identification information, payment log, identification information of the mobile device 200 or identification information of the access security device 400 matched for each user. , an OTP generating unit 331 and an OTP determining unit 333 that are synchronized with the OTP generated for each mobile device to generate an OTP may be included.

The OTP generating unit 331 may include a plurality of mobile corresponding OTP generating units that independently operate in response to each of the plurality of mobile devices. 3, the first mobile-compatible OTP generation unit 3311 is displayed. The first mobile-corresponding OTP generating unit 3311 may generate a first mobile-corresponding OTP.

The user identification information is set when the user subscribes to the access security application program through the mobile device 200 or before the execution of the mobile access security method according to the embodiment of the present invention, and means all information that can identify the user. can

For example, it may be a character created by combining some or all of numbers, letters, special symbols, etc., or user's biometric information such as a user's fingerprint, voice, or iris, or a vehicle registration number.

The user identification information may be matched 1:1 with the user's mobile device, and the single access security application program installed on a single mobile device or a single mobile device may include a plurality of user identification information.

The OTP generator 331 is synchronized with the OTP generator of the mobile device on which the access security application program is installed and generates an OTP in the same manner. The OTP determining unit 333 determines whether the OTP received from the mobile device is the same as the OTP generated by the OTP generating unit 331 .

The legitimacy check unit 350 may check the legitimacy of the mobile device by comparing the OTP generated by the OTP function module 331 according to the OTP generation method of the mobile device with the OTP generated by the mobile device.

The command unit 370 transmits the name of the short-range communication unit of the mobile device to the short-range communication device activation command unit 371, which gives an activation command of the short-range communication unit to the mobile device, the access security device, and the name of the short-range communication unit to the mobile device. It may include a broadcasting command unit 373 that issues a broadcasting command.

4 is a block diagram of an access security device 400 that provides an OTP-based mobile access security method according to an embodiment of the present invention.

Referring to FIG. 4 , an access security device 400 according to an embodiment of the present invention includes an input unit 405 to which user identification information is input, a data transmission/reception unit 410 , a distance calculation unit 450 and a short-range communication unit 470 . may include

The user may input user identification information through the input unit 405 . The input unit 405 may be built-in to the access security device 400 or may be attached separately.

The distance calculator 450 may measure a second distance from the access security device 400 to the mobile device 200 through short-distance communication.

The short-distance communication unit 470 may detect a short-range communication unit name of the mobile device by detecting a short-range communication signal transmitted by the mobile device. The access security device 400 may receive and store the short-range communication unit name of the mobile device 200 in advance from the service server 300 .

<First embodiment>

5A to 5B are flowcharts illustrating a mobile access security method according to a first embodiment of the present invention.

In FIGS. 5A to 5B , the messages exchanged between the devices 21 , 22 , 30 , and 40 may include identification information of each device.

In the example shown in FIG. 5A , the first mobile device 21 is possessed by a person (passer) who intends to pass through the first access security device 40 using the mobile access security method according to the embodiment of the present invention. It may be a mobile device.

The first mobile device 21 may be executing the access security application program provided to execute the mobile access security method according to an embodiment of the present invention in the standby mode in step S210. The device identifier of the first mobile device 21 may be ID-M1.

The first access security device 40 may be executing an access security application program for an access security device provided to execute the mobile access security method according to an embodiment of the present invention. The device identifier of the first access security device 40 may be ID-P1.

The first access security device 40 may broadcast a first signal including identification information for identifying the first access security device 40 using short-distance communication in step S420 .

The broadcasting of the first signal may be performed by a short-range communication technology.

The first mobile device 21 may detect the first signal in step S220.

In an embodiment of the present invention, the detection of the first signal can be performed even in a state in which the specific type of short-range communication unit (eg, the short-range communication unit for the second type of short-range communication described above) of the first mobile device 21 is not activated. can

As an example, if the cell-based communication function provided in the first mobile device 21 is activated, and transmits the first signal to the cell-based communication device connected to the access security device 40 (picocell or femtocell, etc.) If transmitted through Bluetooth, NFC, Wi-Fi, and even if the short-range communication function using the sound (high frequency), etc. is not activated in the first mobile device 21, the first mobile device 21 is a specific Cell-ID When detecting , the access security application program for the access security service may be activated.

As another example, even when the short-range communication function using Bluetooth, NFC, and Wi-Fi is not activated in the first mobile device 21 , the microphone input installed in the first mobile device 21 may be activated. The microphone input may or may not be regarded as a short-range communication function depending on the viewpoint. Therefore, even when the short-range communication function of the first mobile device 21 is not activated, if the first access security device 40 transmits the first signal using an acoustic signal, the The first mobile device 21 may recognize, and if the first mobile device 21 detects a specific pattern from the first signal, the access security application program for the access security service may be activated.

The first mobile device 21 may switch the access security application program executed in the first mobile device 21 to the activation mode in step S221 .

The first mobile device 21 sends an activation notification (ID-M1) indicating that the first mobile device 21 has been activated in step S230, the name of the short-range communication unit of the first mobile device 21, and the first signal It is possible to transmit the identification information (ID-P1) of the first access security device 40, which is the originating device, to the service server 30 .

In a modified embodiment, the delivery of the short-range communication unit name of the first mobile device 21 to the service server 30 may be performed at any time before the step S341, which will be described later, is performed.

The service server 30 first transmits first user identification information including one or more user identification information registered for a person who has logged in to the access security service through the first mobile device 21 in step S311. It can be provided to the access security device (40).

The first payment processing device 40 may express the first user identification information in step S430 . The expression may be made, for example, through a screen.

The first access security device 40 may receive a user input for selecting any one user identification information from among the first user identification information in step S431. For example, in the case where the first mobile device 21 is a terminal intended to be used by six passers-by, the owner of the first mobile device 21 receives six pieces of information displayed on the screen, that is, the first A user input for selecting one of the user identification information of the passer-by and the user identification information of the sixth passer may be provided.

The user identification information input in step S431 may serve as confidential information that others cannot know.

The first access security device 40 may transmit the user identification information selected and input in step S431 in step S433 to the service server 30 .

The service server 30 may generate a first mobile-compatible password (OTP-M1) using the first mobile-compatible OTP generating unit 3311 in step S340.

In a modified embodiment, the service server 30 may cause the first mobile device 21 to generate the first mobile password OTP-M1'. Then, the service server 30 obtains the generated first mobile password (OTP-M1') from the first mobile device 21, and uses the obtained first mobile password (OTP-M1') as a first It can be used as a mobile response password (OTP-M1). That is, in this modified embodiment, the service server 30 may not directly generate the first mobile corresponding password (OTP-M1).

The service server 30 may transmit the generated OTP-M1 and the short-range communication unit name of the first mobile device 21 to the first access security device 40 in step S341 .

In step S342, the service server 30 sends a message requesting that the first mobile device 21 broadcast the first mobile password using short-distance communication to the first mobile device 21, and a first A command to activate the short-distance communication unit of the mobile device 21 may be transmitted.

In this case, the first mobile password may be an OTP generated by the first mobile device 21 using the first mobile OTP generator. Alternatively, the first mobile password is that the service server 30 generates an OTP using the first mobile corresponding OTP generating unit 3311 and then transmits the generated OTP to the first mobile device 21 . can

The first mobile device 21 may activate its own short-range communication unit in step S240. On the other hand, if the short-distance communication unit of the first mobile device 21 is already activated for another reason, the activated state may be forcibly maintained.

It will now be described with reference to FIG. 5B.

In step S250 , the first mobile device 21 generates OTP-M1' (first mobile OTP) using the first mobile OTP generator, and generates a 1M signal including the generated OTP-M1'. Broadcasting is possible using a short-distance communication unit.

The first access security device 40 detects the broadcast 1M signal in step S441, and uses the strength of the detected 1M signal to provide the first access security device 40 and the first mobile device (21) A second distance, which is a distance between them, can be calculated.

In step S442 , the first access security device 40 may permit access when OTP-M1 is equal to OTP-M1' and the second distance is less than or equal to a predetermined value. On the other hand, in step S442, when the OTP-M1 is not the same as the OTP-M1', and/or the second distance is not less than or equal to a predetermined value, the first access security device 40 prohibits access. can refuse

Here, permitting access may mean releasing a lock state of a door/gate that is managed or controlled by the first access security device 40 . And denying access may mean maintaining the lock state of the door/gate managed or controlled by the first access security device 40 without releasing it. The first access security device 40 may be installed at or near the door/gate.

In addition, the first access security device 40 may transmit, to the service server 30 , information indicating that the access is permitted or the access is denied in step S443 .

The service server 30 may transmit the access permission or access denial status of the first access security device 40 to a pre-registered device in step S350 . The pre-registered device may include the first mobile device 21 .

Also, the pre-registered device may include other devices. For example, the other device may be a device used by a parent, and the first mobile device 21 may be a device used by a child of the parent.

The first mobile device 21 may deactivate its short-distance communication unit in step S260 .

The first mobile device 21 may deactivate the access security application program in step S261.

In an embodiment of the present invention, the first signal broadcast in step S420 may use the first type of short-range communication technology. In addition, the broadcast signals transmitted in steps S240 and S250 may use the second type of short-range communication technology.

Alternatively, in another embodiment of the present invention, the first mobile device 21 may have already activated the short-range communication unit for the second type of short-range communication before step S420. In this case, the first mobile device 21 activates the short-distance communication unit for the second type of short-range communication due to another cause or is activated by the user's setting of the other first mobile device 21. can In this case, step S240 may be omitted. In addition, the first signal broadcast in step S420 may use the second type of short-range communication technology.

6 is a flowchart illustrating steps performed by an access security device for an access security service provided according to an embodiment of the present invention.

In step (S10), the access security device may broadcast the first signal using short-distance communication.

In step S11, the access security device may transmit user identification information to the service server.

In step S12, the name of the short-range communication unit of the first mobile device provided to the service server by the first mobile device that detected the first signal by the access security device and the first mobile corresponding OTP generated by the service server may be received from the service server.

In step S13, the access security device detects the first M signal broadcast by the first mobile device based on the short-range communication unit name of the first mobile device, and the access and access based on the first M signal Information regarding a first distance between the security device and the first mobile device may be generated.

In step S14, if the first mobile OTP and the first mobile corresponding OTP included in the 1M signal are equal to each other and the second distance is less than or equal to a predetermined value, the access security device permits access Otherwise, you may be denied entry.

7 is a flowchart illustrating steps performed by a service server for an access security service provided according to an embodiment of the present invention.

In step S20, the service server may receive user identification information from the access security device broadcasting the first signal using short-distance communication.

In step S21, the service server may transmit the short-range communication unit name of the first mobile device received from the first mobile device detecting the first signal to the access security device.

In step S22, the service server may generate a first mobile-compatible OTP and transmit it to the access security device.

In step S23, the service server may request the first mobile device to activate the short-range communication function, and request the first mobile device to generate and broadcast the first mobile OTP.

8 is a flowchart illustrating steps performed by a mobile device for an access security service provided according to an embodiment of the present invention.

In step S30, when the first mobile device detects a first signal that is broadcast by the access security device using short-distance communication and includes identification information for identifying the access security device, the access security app is activated. can

In step S31, the first mobile device may transmit identification information for identifying the access security device and a short-range communication unit name of the first mobile device to the service server.

In step S32, the first mobile device activates the short-range communication function in response to the request of the service server, generates the first mobile OTP, and uses the 1M signal including the first mobile OTP for short-distance communication can be broadcast.

<Second embodiment>

Hereinafter, an access security method provided according to another embodiment of the present invention will be described with reference to FIGS. 9A and 9B.

9A and 9B are flowcharts for explaining an access security method that may be provided according to an embodiment of the present invention.

In step S431, the access security device 40 may obtain user identification information.

At this time, the user identification information is a passer (access requester) who wants to pass through the door/gate/door managed or controlled by the access security device 40. A password is entered into the user interface provided by the access security device 40. Alternatively, by using a short-range wireless communication interface provided by the access security device 40, it may be input through tagging technology such as NFC technology, RFID, or other actions. The user identification information corresponds to the basic authentication information described above.

In step S433 , the access security device 40 may transmit the acquired user identification information to the service server 30 .

The access security device 40 and the service server 30 can communicate with each other by a MAN (Metropolitan Area Network) using a wireless communication network such as WiFi Internet, 3G, 4G, 5G, beyond 5G, and LTE and a wired communication network, etc., The communication behavior is not limited by a specific communication method.

In step S310, the service server 30 accesses a database including a table in which the user identification information and the first mobile device 21 are related to each other to access the first mobile device related to the user identification information. The identifier (ID-M1) of the device 21 may be obtained. In this case, the database may be included in the service server 30 or may be included in another device (not shown) that the service server 30 can access through wired/wireless communication. In addition, the table is obtained through a process of registering as subscription information in the service server 30 or another server linked to the service server 30 when the subscriber subscribes to the access security service using the first mobile device 21 . may have been created.

In step S312, the service server 30 may request information about the location of the first mobile device 21 from the first mobile device 21 specified by the obtained identifier ID-M1. .

The first mobile device 21 and the service server 30 are 4G. 5G. It is possible to communicate with each other through a MAN using a wireless communication network such as LTE and a wired communication network, etc., and the communication activity is not limited by a specific communication method.

The first mobile device 21 may include a location information measurement module (eg, GPS module) capable of measuring its own location information (eg, earth location information).

In step S225 , the first mobile device 21 may transmit information about the location of the first mobile device 21 to the service server 30 .

In step S314, the service server 30 links the location where the access security device 40 is installed, the identifier (ID-P1) of the access security device 30, and the location where the access security device 30 is installed. It can be obtained by accessing the database containing the stored table. In this case, the database may be included in the service server 30 or may be included in another device (not shown) that the service server 30 can access through wired/wireless communication. In addition, the table is created through the process of registering the subscriber as subscription information to the service server 30 or another server linked to the service server 30 when subscribing to the access security service using the access security device 40 . it may have been

Step S314 may be executed at any time after step S433.

In step S315 , the service server 30 may request the mobile authentication password from the first mobile device 21 .

In step S226, the first mobile device 21 may generate the mobile authentication password in response to the request in step S315. The mobile authentication password may be OTP (One Time Password).

In step S227 , the first mobile device 21 may provide the generated mobile authentication password to the service server 30 .

In step S316, the service server 30 may generate a mobile-compatible authentication password. The mobile-compatible authentication password may be OTP.

At this time, the rule for generating the mobile authentication password generated by the first mobile device 21 in step S226 and the rule for generating the mobile authentication password generated by the service server 30 in step S316 are OTP It can follow the rules for creating , and can be created by the OTP generation rules paired with each other. That is, the mobile authentication password and the mobile-corresponding authentication password generated at the same time may be identical to each other.

In an embodiment, the first mobile device 21 may use the first mobile OTP generator 230 to generate the mobile authentication password. In addition, the service server 30 may use the first mobile corresponding OTP generating unit 3311 to generate the mobile corresponding authentication password.

The service server 30 may further include a second mobile corresponding OTP generating unit corresponding to the second mobile device as well as the first mobile corresponding OTP generating unit 3311 corresponding to the first mobile device 21 . However, since the service server 30 can know that the mobile authentication password received in step S227 is generated by the first mobile device 21, the mobile authentication password corresponds to the first mobile It may be generated using the OTP generator 3311 .

In step S317 , the service server 30 may determine whether a difference between the location of the first mobile device 21 and the location where the access security device 40 is installed is less than or equal to a predetermined value.

In step S318, the service server 30 may determine whether the mobile authentication password and the mobile authentication password are identical to each other.

In step S320 , the service server 30 may request the name of the short-range communication unit of the first mobile device 21 from the first mobile device 21 .

However, step S320 may be executed only when it is determined that the mobile authentication password and the mobile authentication password are identical to each other as a result of the determination in step S318.

And optionally, step S320 is executed only when it is determined that the difference between the location of the first mobile device 21 and the location where the access security device 40 is installed is less than or equal to a predetermined value as a result of the determination in step S317 can make it happen

In step S230 , the first mobile device 21 may provide the short-range communication unit name of the first mobile device 21 to the service server 30 .

In this case, the name of the short-range communication unit of the first mobile device 21 may be an OTP generated by the first mobile device 21 using the first mobile OTP generating unit 230 . If the first mobile OTP generating unit 3311 of the service server 30 and the first mobile OTP generating unit 230 of the first mobile device 21 generate OTPs according to the same rules, the service server 30 ) may generate the short-range communication unit name of the first mobile device 21 using the first mobile-compatible OTP generating unit 3311 of the service server 30 . Accordingly, in this case, even if steps S320 and S230 are not performed, the service server 30 may find out the name of the short-range communication unit of the first mobile device 21 .

In step S340 , the service server 30 may generate a first mobile corresponding password OTP-M1 using the first mobile corresponding OTP generating unit 3311 .

In a modified embodiment, the service server 30 may cause the first mobile device 21 to generate the first mobile password OTP-M1'. Then, the service server 30 obtains the generated first mobile password (OTP-M1') from the first mobile device 21, and uses the obtained first mobile password (OTP-M1') as a first It can be used as a mobile response password (OTP-M1). That is, in this modified embodiment, the service server 30 may not directly generate the first mobile corresponding password (OTP-M1).

In step S341 , the service server 30 may transmit the short-range communication unit name of the first mobile device 21 to the access security device 40 . In addition, in step S341 , the service server 30 may transmit the generated first mobile corresponding password (OTP-M1) to the access security device 40 .

In an embodiment, the name of the short-range communication unit of the first mobile device 21 may be an OTP generated by the first mobile device 21 using the first mobile OTP generating unit 230 . If the first mobile OTP generating unit 3311 of the service server 30 and the first mobile OTP generating unit 230 of the first mobile device 21 generate OTPs according to the same rules, the first mobile device ( 21), the name of the short-range communication unit may be the same as the first mobile-compatible password OTP-M1 generated by the first mobile-compatible OTP generating unit 3311 of the service server 30 .

In step S342, the service server 30 requests to activate the short-distance communication function of the first mobile device 21, and the first mobile device 21 receives the first mobile password OTP-M1' A request for broadcasting may be transmitted to the first mobile device 21 using a communication technology.

In this case, in an embodiment, the first mobile password OTP-M1 ′ may be an OTP generated by the first mobile device 21 using the first mobile OTP generator 230 . Alternatively, in another embodiment, the first mobile password is, after the service server 30 generates an OTP using the first mobile corresponding OTP generating unit 3311, the generated OTP is transferred to the first mobile device 21 may have been sent to

In step S240 , the first mobile device 21 may activate a short-range communication function of the first mobile device 21 .

In step S250 , the first mobile device 21 may generate the first mobile password OTP-M1 ′. In this case, the first mobile password OTP-M1 ′ may be an OTP generated using the first mobile OTP generating unit 230 . Also, in step S250 , the first mobile device 21 transmits the first mobile password OTP-M1 ′ using short-distance communication. A signal broadcast through the short-range communication unit of the first mobile device 21 . It can be transmitted using the 1M signal.

As described above, the name itself of the short-range communication unit 270 of the first mobile device 21 may be the same as the first mobile password OTP-M1'.

Since the access security device 40 has received the short-range communication unit name of the first mobile device 21 in step S441, it can detect the signal broadcast by the first mobile device 21 using short-distance communication. .

Accordingly, in step S441, the access security device 40 receives the first M signal broadcast by the first mobile device 21 using short-distance communication in step S341, the first mobile device 21 ) can be detected based on the name of the short-distance communication unit. Also, in step S441 , the access security device 40 may generate information on the distance between the access security device 40 and the first mobile device 21 based on the strength of the 1M signal. .

In step S442, when the access security device 40 determines that the first mobile password (OTP-M1') obtained through the 1M signal is the same as the first mobile-corresponding password (OTP-M1) , it is possible to permit the entrance of a passer-by who wants to pass through a gate/door managed or controlled by the access security device 40 . In addition, in step S442, the first mobile password (OTP-M1') obtained by the access security device 40 through the 1M signal is not the same as the first mobile corresponding password (OTP-M1). If it is determined that the access security device 40 does not allow access to a passer who wants to pass through a gate/door managed or controlled by the access security device 40, that is, access may be denied.

And/or, in step S442, only when the calculated distance is less than or equal to a predetermined value, access via the access security device 40 may be permitted.

In this case, the process of allowing access via the access security device 40 may include a process of releasing a lock controlled by the access security device 40 .

In one embodiment, the above-described steps (S312), (S225), and (S317) may be omitted. This is because, by the steps S441 and S442, effects similar to the effects according to the steps S312, S225, and S317 can be obtained. That is, it is because the effect of permitting access can be obtained only when the distance between the first mobile device 21 and the access security device 40 is sufficiently close. However, there is a difference that steps S312, S225, and S317 are performed in advance of steps S441 and S442.

In step S443 , the access security device 40 may provide the service server 30 with the facts regarding the permission of the access or the denial of the access.

In step S350 , the service server 30 may transmit the access permission or access denial status of the access security device 40 to a pre-registered device. The pre-registered device may include the first mobile device 21 . In addition, the pre-registered device may further include other devices not shown.

In step S260 , the first mobile device 21 may deactivate the function of the short-range communication unit that has been activated.

In step S261, the first mobile device 21 may deactivate the access security application program. That is, the access security application program may be placed in a standby state.

In an embodiment, the first mobile password OTP-M1' is generated by the first mobile device 21, and the first mobile corresponding password OTP-M1 is generated by the service server 30 can

Unlike that shown in FIG. 9B , in a modified embodiment, the first mobile password OTP-M1 ′ may be generated by the first mobile device 21 . However, the first mobile corresponding password (OTP-M1) is not generated by the service server 30, but the first mobile password (OTP-M1') obtained by the service server 30 from the first mobile device 21 . ) can be

At this time, the first mobile password (OTP-M1') is a first mobile OTP (One Time Password) generated by the first mobile device 21, and the first mobile corresponding password is generated by the service server 30 The first mobile-corresponding OTP may be, and the first mobile OTP generation rule and the first mobile OTP generation rule may be identical to each other.

As can be seen from FIGS. 9A and 9B , according to an embodiment of the present invention, the access security device 40 may determine whether to permit or deny access through the following process.

First, the access security device 40 must receive basic authentication information from a passer (access requester) and transmit it to the service server 30 .

Second, the access security device 40 must receive the first mobile corresponding password (OTP-M1), which is a kind of password, from the service server 30 in response to the transmission of the basic authentication information. In addition, the access security device 40 must receive information that can specify one mobile device from the service server 30 , for example, a short-range communication unit name of the mobile device.

Third, the access security device 40 checks whether the first mobile device 21 having the received short-distance communication unit name is within the short-range communication range, and receives a first mobile password that is a kind of password from the first mobile device 21 ( OTP-M1') must be provided.

Fourth, the access security device 40 may permit access only when the first mobile corresponding password (OTP-M1) and the first mobile password (OTP-M1') are identical to each other.

10 is a flowchart for explaining a mobile access security method according to a third embodiment modified from the second embodiment shown in FIGS. 9A and 9B.

The user identification information shown in FIGS. 9A, 9B, and 10 may be associated with only one mobile device or may be associated with a plurality of mobile devices.

The second embodiment described with reference to FIGS. 9A and 9B shows an example in which only one mobile device is associated with one piece of user identification information. For example, as an example of a case in which the user identification information is associated with only one mobile device, when a plurality of prepared NFC tag cards for employee IDs such as a company employee ID correspond 1:1 with one mobile device possessed by each employee can be Here, the identification information provided by the NFC tag card may correspond to the user identification information, that is, the basic authentication information described above.

In contrast, in the third embodiment described with reference to FIG. 10 , not only the first mobile device but also the second mobile device are related to the user identification information. That is, an example in which a plurality of mobile devices are associated with one piece of user identification information is shown. For example, when the user identification information is associated with a plurality of mobile devices, when multiple families use the same access password, or when multiple families use a plurality of duplicated NFC tag cards there may be In this case, the identification information provided by the access password or the NFC tag card may correspond to the user identification information, that is, the basic authentication information described above.

Step S1310 of FIG. 10 is a step replacing step S310 of FIG. 9A .

Steps S312 and S225 of FIG. 10 are the same as steps S312 and S225 of FIG. 9A.

Steps S1312 and S1225 of FIG. 10 are additional steps added to the flowchart of FIG. 9A .

Step S1317 of FIG. 10 is a step replacing step S317 of FIG. 9A .

Step S1328 of FIG. 10 is a step further added to the flowchart of FIG. 9A .

In addition, steps S431, S433, S314, S315, S226, S227, S316, S318, and Step shown in FIGS. 9A and 9B. (S340), step (S341), step (S342), step (S240), step (S250), step (S441), step (S442), step (S443), step (S350), step (S260), step (S261) and the like may be directly applied to the third embodiment described with reference to FIG. 10 . That is, for convenience of explanation, FIG. 10 shows only the difference between the third embodiment and the second embodiment.

10 may be applied, for example, to a case in which a child possessing the first mobile device 21 and an adult possessing the second mobile device 22 are associated with the same user identification information, that is, the same basic authentication information. Here, the child and the adult may be members of one family.

In FIG. 10, a child in possession of the first mobile device 21 is about to pass through the access security device 40, and an adult in possession of the second mobile device 22 is sufficiently far from the access security device 40, For example, it may be applied when the distance is more than 4 km.

In step S1310, the service server 30 receiving the user identification information from the access security device 40 may search for a mobile device related to the user identification information. In this case, a plurality of mobile devices including the first mobile device 21 and the second mobile device 22 may be associated with the user identification information.

In steps S312 and S1312, the service server 30 may request location information of the corresponding mobile device from the first mobile device 21 and the second mobile device 22, respectively.

In steps S225 and S1225 , the service server 30 may receive location information of the corresponding mobile device from the first mobile device 21 and the second mobile device 22 , respectively.

In step S1317, the service server 30 determines whether the difference between the location of the first mobile device 21 and the location of the second mobile device 22 and the location of the access security device 40 is less than or equal to a predetermined value can do.

In step S1328, the service server 30 selects one of the first mobile device 21 and the second mobile device 22, which is located sufficiently close to the access security device 40 by the predetermined value or less. can For example, when both the first mobile device 21 and the second mobile device 22 are sufficiently close to the access security device 40 by the predetermined value or less, the first mobile device 21 and the second mobile device 22 ), a mobile device closer to the access security device 40 may be selected. Thereafter, the steps after step S1328 assume that the first mobile device 21 is selected among the first mobile device 21 and the second mobile device 22 .

Although not shown in FIG. 10 , the service server 30 provides information about the selected first mobile device 21 among a plurality of user devices related to the user identification information and an event generated by the first mobile device 21 . may be provided to a preset device. For example, the preset device may be any one of the plurality of user devices or may be provided to a computing device other than the plurality of user devices.

Meanwhile, some steps of the above-described access security method may be executed by the processing unit of the access security device 400 , 40 including the short-distance communication unit 470 , the data transmission/reception unit 410 , and the processing unit.

Some steps of the above-described access security method may be executed by the processing unit of the service servers 300 and 30 including the data transmitting and receiving unit 310 and the processing unit.

Some steps of the above-described access security method may be executed by the processing unit of the mobile device 200 , 21 including the data transceiver 210 , the short-range communication unit 270 , the signal detection unit, and the processing unit.

The above-described mobile device, service server, and access security device may each include a processing unit not shown in FIGS. 2, 3, and 4 . The processing unit included in the mobile device 200, the service server 300, and the access security device 40, respectively, is executed by the mobile device 200, the service server 300, and the access security device 40, respectively. As a step, it may be adapted to carry out any of the corresponding steps described above. Each of the above-described mobile device, service server, and access security device may include a non-volatile storage device in which a program including instruction codes to be loaded and executed by the processing unit is recorded in order to execute the above-described steps, Non-volatile storage may be accessed by the processing unit.

By using the above-described embodiments of the present invention, those skilled in the art will be able to easily implement various changes and modifications within the scope without departing from the essential characteristics of the present invention. The content of each claim in the claims may be combined with other claims without reference within the scope that can be understood through this specification.

21: first mobile device
30: service server
40: access security device
100: short-distance communication
200: mobile device
210, 310, 410: data transmitter and receiver
230: OTP generation unit
450: distance calculation unit
270, 470: Short-distance communication department
300: service server
330: OTP function module
350: justification unit
370: command line
400: access security device
405: input unit

Claims (23)

receiving, by the access security device, the name of the short-range communication unit of the first mobile device from the service server, and receiving the first mobile correspondence password (OTP-M1) generated by the service server from the service server (S341);
detecting, by the access security device, a 1M signal broadcast by the first mobile device using short-distance communication based on the received short-distance communication unit name (S441); and
When the access security device determines that the first mobile password (OTP-M1 ') obtained using the 1M signal is the same as the first mobile corresponding password, allowing access via the access security device Step (S442)
includes,
The first mobile device,
Transmitting the short-range communication unit name of the first mobile device to the service server in response to the request of the service server,
generate the first mobile password, and
configured to broadcast the 1M signal including the first mobile password using short-distance communication,
How to secure access. According to claim 1,
Before the step of receiving the short-distance communication unit name from the service server,
Step, by the access security device, obtaining user identification information (S431); and
transmitting, by the access security device, the acquired user identification information to the service server (S433);
further comprising,
The service server is configured to access a database including a table in which the user identification information and the first mobile device are related to each other to obtain information about the first mobile device related to the user identification information ( S310), and
The service server is configured to request (S320) the name of the short-range communication unit of the first mobile device from the first mobile device, and obtain the name of the short-range communication unit (S230),
How to secure access. According to claim 1,
The method further includes the step of generating, by the access security device, information on a distance between the access security device and the first mobile device based on the strength of the 1M signal (S441), and
characterized in that only when the distance is less than or equal to a predetermined value, access via the access security device is permitted (S442),
How to secure access. delete delete The method according to claim 1, wherein the first mobile password is a first mobile OTP (One Time Password) generated by the first mobile device, and the first mobile corresponding password is a first mobile corresponding OTP generated by the service server. and, the first mobile OTP generation rule and the first mobile OTP generation rule are identical to each other. The method of claim 1, wherein the name of the short-distance communication unit of the first mobile device is the same as the first mobile corresponding password (OTP-M1). delete delete receiving, by the service server, user identification information from the access security device (S433);
obtaining, by the service server, an identifier of the first mobile device related to the user identification information by accessing a database including a table in which the user identification information and the first mobile device are related to each other (S310);
obtaining (S227), by the service server, requesting (S315) and obtaining (S227) a mobile authentication password from the first mobile device;
generating, by the service server, a mobile-compatible authentication password (S316);
The service server uses the identifier of the first mobile device to request the short-range communication unit name of the first mobile device from the first mobile device (S320) to obtain the short-range communication unit name from the first mobile device (S230) ) to;
transmitting, by the service server, the name of the short-range communication unit to the access security device (S341); and
transmitting, by the service server, a first mobile corresponding password to the access security device (S341);
includes,
The access security device is configured to detect a 1M signal (S250) broadcast by the first mobile device using short-distance communication based on the name of the short-range communication unit, and a first mobile signal included in the 1M signal. When it is determined that the password is the same as the first mobile corresponding password, access through the access security device is permitted,
The step of obtaining the short-distance communication unit name is characterized in that it is executed only when the service server determines that the mobile authentication password and the mobile corresponding authentication password are identical to each other,
How to secure access. The method according to claim 10, wherein the first mobile password is a first mobile OTP (One Time Password) generated by the first mobile device, and the first mobile corresponding password is a first mobile corresponding OTP generated by the service server. and, the first mobile OTP generation rule and the first mobile OTP generation rule are identical to each other. 11. The method of claim 10,
obtaining, by the service server, information on the location of the first mobile device from the first mobile device by requesting (S312) information on the location of the first mobile device from the first mobile device (S225) ; and
obtaining, by the service server, the location where the access security device is installed by accessing a database including a table in which the identifier of the access security device and the location where the access security device is installed are linked and stored (S314);
further comprising,
The step of obtaining the short-range communication unit name is characterized in that it is executed only when the service server determines that the difference between the location of the first mobile device and the location where the access security device is installed is less than or equal to a predetermined value,
How to secure access. delete 11. The method of claim 10, wherein the step of permitting access via the access security device comprises the step of releasing a lock controlled by the access security device. 11. The method of claim 10,
receiving, by the service server, a fact regarding permission of access or denial of access from the access security device (S443); and
transmitting, by the service server, an access permission or access denial status of the access security device to a pre-registered device (S350);
further comprising,
How to secure access. transmitting, by the first mobile device, a short-range communication unit name of the first mobile device to the service server in response to a request from the service server (S320) (S230);
generating, by the first mobile device, a first mobile password (S250); and
Broadcasting, by the first mobile device, a 1M signal including the first mobile password using short-distance communication (S250);
includes,
The service server is configured to transmit the short-range communication unit name to the access security device, generate a first mobile corresponding password, and transmit the generated first mobile corresponding password to the access security device, and
The access security device is configured to detect the first M signal based on the name of the short-range communication unit, and when it is determined that the first mobile password included in the first M signal is the same as the first mobile corresponding password, the characterized in that it is adapted to permit access via an access security device,
How to secure access. The method according to claim 16, wherein the first mobile password is a first mobile OTP (One Time Password) generated by the first mobile device, and the first mobile corresponding password is a first mobile corresponding OTP generated by the service server. and, the first mobile OTP generation rule and the first mobile OTP generation rule are identical to each other. 17. The method of claim 16,
Before the step of transmitting the short-range communication unit name of the first mobile device to the service server, the first mobile device transmits information about the location of the first mobile device in response to the service server request (S312). It further comprises the step of providing (S225) to the service server,
The service server is configured to request the name of the short-range communication unit from the first mobile device only when it is determined that the difference between the location where the access security device is installed and the location of the first mobile device is less than or equal to a predetermined value (S320) characterized in that
How to secure access. 17. The method of claim 16,
Prior to the step of transmitting the short-range communication unit name of the first mobile device to the service server, the first mobile device generates a mobile authentication password in response to the service server request (S315) (S226), and the generated Further comprising the step of providing a mobile authentication password to the service server (S227),
The service server is configured to request the name of the short-range communication unit from the first mobile device only when it is determined that the mobile authentication password generated by the service server and the mobile authentication password are identical to each other (S320) ,
How to secure access. 17. The method of claim 16,
Before the step of broadcasting the 1M signal,
receiving, by the first mobile device, a request to activate a short-range communication function of the first mobile device, and a request for the first mobile device to broadcast a first mobile password from the service server (S342); and
activating, by the first mobile device, a short-range communication function of the first mobile device (S240);
further comprising,
How to secure access. As an access security device,
It includes a short-distance communication unit, a data transceiver unit, and a processing unit,
The processing unit,
receiving, from the service server, the name of the short-range communication unit of the first mobile device provided to the service server by the first mobile device by using the data transceiver;
receiving a first mobile-compatible password from the service server using the data transceiver;
detecting, by using the short-distance communication unit, a 1M signal broadcast by the first mobile device using short-distance communication, based on the received short-range communication unit name; and
When it is determined that the first mobile password included in the 1M signal is the same as the first mobile corresponding password, permitting access via the access security device
intended to run
access security device. It includes a data transmission and reception unit, and a processing unit,
The processing unit,
receiving user identification information from an access security device using the data transceiver;
obtaining an identifier of the first mobile device related to the user identification information by accessing a database including a table in which the user identification information and the first mobile device are related to each other;
using the data transceiver, requesting (S315) and obtaining (S227) a mobile authentication password from the first mobile device;
generating a mobile-compatible authentication password (S316);
obtaining the short-range communication unit name from the first mobile device by using the data transceiver to request the short-range communication unit name of the first mobile device from the first mobile device using the identifier of the first mobile device;
transmitting the name of the short-range communication unit to the access security device by using the data transceiver; and
transmitting a first mobile-compatible password to the access security device by using the data transceiver;
is designed to run,
The access security device is configured to detect a 1M signal broadcast by the first mobile device using short-distance communication based on the name of the short-distance communication unit, and the first mobile password included in the 1M signal is the If it is determined that it is the same as the first mobile corresponding password, access through the access security device is permitted,
The step of obtaining the short-range communication unit name is characterized in that it is executed only when the processing unit determines that the mobile authentication password and the mobile-compatible authentication password are identical to each other,
service server. As a mobile device,
It includes a data transmission/reception unit, a short-range communication unit, a signal detection unit, and a processing unit,
The processing unit,
transmitting a short-range communication unit name of the mobile device to the service server in response to a request from a service server using the data transceiver;
generating a first mobile password; and
using the short-distance communication unit, broadcasting a 1M signal including the first mobile password;
is designed to run,
The service server is configured to transmit the short-range communication unit name to the access security device, generate a first mobile corresponding password, and transmit the generated first mobile corresponding password to the access security device, and
The access security device is configured to detect the first M signal based on the name of the short-range communication unit, and when it is determined that the first mobile password included in the first M signal is the same as the first mobile corresponding password, the characterized in that it is adapted to permit access via an access security device,
mobile device.

Images